Chennai: With the surge in demand for oximeters due to the COVID pandemic, the Tamil Nadu police warned people against downloading fake oximeter apps on their mobile phones, and said such applications may steal personal or biometric data from the phones.
People's apprehension during the pandemic is being exploited by the cybercriminals who are targeting the users with malicious links and applications that could steal personal information or biometric data like fingerprints.
"One such scam used by the cybercriminals is the fake oximeter app that claims to detect blood oxygen levels," the police said in an advisory.
Once the user downloads the fake app, which claims to test blood oxygen levels using fingerprint sensors, through a SMS, it asks permission to access various features in the mobile.
If permission is granted, then the cybercriminals could steal the sensitive data such as OTP, saved passwords, card details, photos, contacts and even the biometric information that could be used to access banking and other sensitive applications on the phone.
"These apps claim to measure blood oxygen level by placing the finger on the camera and illuminating the finger using torch light. During this process, the malicious apps could capture your fingerprint," the police said and warned that the fraudsters could also use the fingerprint data to replicate the thumb impression and authenticate Aadhaar Enabled Payment System (AEPS) transactions from the app users account.
Several states including Maharashtra and Gujarat have in the past warned people about such fraud apps. The police advisory claimed that SpO2 blood oxygen sensor is required to measure the blood oxygen levels accurately.
"This is not present in smart phones. Hence, users should be cautious of apps promising to measure blood oxygen levels using fingerprint sensors," the warning posted on the Tamil Nadu police facebook page said and appealed to the citizens to install applications from trusted sources.
However, if the biometric information is compromised, one should disable biometric authentication for AEPS transaction by visiting www.uidai.gov.in. The victims could file a complaint on www.cybercrime.gov.in....