Programmers have found a way to book slots and ‘bypass the captcha’ before other users using CoWIN. Money is also being extorted from people for this work.
There is a lot of tussle going on to book the Corona vaccine slot. A person made several attempts to book a vaccination slot on CoWIN, but to no avail. He said, “Many people were using automation to book their slots. I realized that if I book slots manually then I will not have a chance.”
The man tried to trace this hack and started working on programs that not only search for slots using the Application Program Interface (API) of CoWIN, but are also used for booking slots.
Amid the vaccine shortage and the digital divide in India, many tech experts are gaming the system by writing code on CoWIN’s application programming interface. He says this is the only way to find a place for vaccines.
When CoWIN President RS Sharma was informed about the use of coding for booking of vaccines by the hack, he denied any knowledge about it. A day later, the central government introduced CAPTCHA – a verification tool that was supposed to stop the automatic booking of vaccines. Nevertheless, programmers have already found a way to ‘bypass the captcha’ and book slots before other users who use CoWIN to book slots.
How is slot booking done through CoWIN?
- First of all, the user has to go to the CoWIN website.
- Click on ‘Sign In’ and enter your mobile number.
- CoWIN will send OTP to the user.
- The user can log in to the web application by entering the OTP.
- The user can search online for the next available slot for a given pin code or a given district in a state.
- Once the slot is available, the user schedules an appointment for the beneficiary.
- Now the user is asked to enter the captcha.
- Then the slot is booked.
Manipulation happens during booking
Follow steps 5 to 8 in case you need to book for other beneficiaries. In due course, if the session is over, the user will have to restart from step 2 and login to the site again. Users registered in Step 4, Step 5, Step 7, Step 9 are required to wait and provide input. This is the section where software developers are using automation scripts to avoid the wait.
OTP forwarder is used
To automate step 4, these scripts need some setting in our mobile which can forward the OTP as soon as it is received. This is called OTP forwarder. There are a variety of apps that can forward SMS to an external site. Any of these apps can be used as an OTP forwarder in the automation script. These scripts also automate captcha input with 100% success rate.
Money is used to book slots
The Quint has confirmed 2 automation scripts that can book vaccines without asking for captcha. The Quint found a few groups on Telegram that charge Rs 1000 for booking slots across the country. These channels ask for your Aadhaar details along with your phone number. Using automatic scripts, these people can book you a slot across the country in a matter of minutes.
Security researcher warned of dangers
Cyber security researcher Sourajit Majumdar said that users should avoid buying COVID-19 vaccination slots in this way as it is unethical and risky. He said, “The person promising you the vaccination slot can cheat you. Also, many of them ask for details like phone number, address and Aadhar card which should not be shared by anyone as it can be misused to carry out scams, frauds and can also lead to identity theft. Those who are charging money to book slots should be reported by the police and put behind the bars. Making money from the fight against the pandemic by such illegal means is a cruel idea.”
read this also- Google called Kannada ‘India’s worst language’, after controversy the company had to delete its own search result
Also read- Beware! Corona Vaccine SMS virus has arrived in your phone, this malware is spreading like this