comscore Aadhaar attack: UIDAI’s Aadhaar enrollment software reportedly hacked [Updated with UIDAI response]
News

Aadhaar attack: UIDAI’s Aadhaar enrollment software reportedly hacked [Updated with UIDAI response]

The security patch can reportedly bypass critical security features used in UIDAI's Aadhaar software.

  • Updated: September 12, 2018 1:38 PM IST
aadhaar-card-image-1

[UPDATE:12/09/2018 – 1:37PM : UIDAI has dismissed reports of Aadhaar enrollment software hack with a security patch] Also Read - WhatsApp: How to set up two-step verification for more security

Also Read - Here's how to ensure that your Google Accounts are secure

Original story published on September 11, 02:54PM Also Read - Aadhaar update gets easier! Now 20,000 CSCs will offer the service

According to a recent report, the Aadhaar identity database (Aadhaar ID) which contains the biometrics and personal information of over 1 billion Indians has been compromised by a software patch. The software patch reportedly disables critical security features of the Aadhaar software that Government is using to enroll new Aadhaar users.

A report by HuffPost India claims it is in possession of the security patch, which bypassed Aadhaar‘s critical security feature in its enrollment software. It is said to have been analyzed by three internationally renowned experts, and two Indian analysts.

The alleged software patch is claimed to be freely available for Rs 2,500 on the web and is still in widespread use. The experts analyzed the patch and found that it can bypass critical security features such as biometric authentication of enrollment operators to generate unauthorized Aadhaar numbers. It is said to disable the enrollment software’s in-built GPS security feature, which means it compromises the ability to track enrollment person’s physical location.

But not just that, it can even reduce sensitivity of the enrollment software’s iris-recognition system, making it easier fool the enrollment software with a photograph instead of enrollment person’s eye.

Experts also say that the software patch is unusual and it doesn’t seek to access information stored in the Aadhaar database, but rather looks to introduce information into it.

“There are probably many individuals and entities, criminal, political, domestic and foreign, that would derive enough benefit from this compromise of Aadhaar to make the investment in creating the patch worthwhile,” report quoted Gustaf Bj rksten, Chief Technologist at Access Now, a global technology policy and advocacy group. “To have any hope of securing Aadhaar, the system design would have to be radically changed.”

It appears to be a big security failure on UIDAI, and experts suggest that the vulnerability fix could mean the complete change in Aadhaar’s fundamental structure.

Update: September 12: UIDAI has tweeted that it has “taken all necessary safeguard measures spanning from providing standardized software that encrypts entire data even before saving to any disk, protecting data using tamper proofing, identifying every one of the operators in every enrollment, identifying every one of thousands of machines using a unique machine registration process, which ensures every encrypted packet is tracked,” the statement said.

https://twitter.com/UIDAI/status/1039517548256026626

“Any enrollment or update request is processed only after biometrics of the operator is authenticated and resident’s biometrics is de-duplicated at the backend of UIDAI system,” the statement added.

https://twitter.com/UIDAI/status/1039514116111486976

“If an operator is found violating UIDAI s strict enrolment and update processes or if one indulges in any type of fraudulent or corrupt practices, UIDAI blocks and blacklists them and imposes financial penalty upto Rs1 lakh per instance. It is because of this stringent and robust system that as on date more that 50,000 operators have been blacklisted,” said UIDAI.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel.
  • Published Date: September 12, 2018 1:37 PM IST
  • Updated Date: September 12, 2018 1:38 PM IST



new arrivals in india

Realme Narzo 20A
Realme Narzo 20A

8,499

Realme Narzo 20
Realme Narzo 20

10,499

Realme Narzo 20 Pro
Realme Narzo 20 Pro

14,999

Oppo F17
Oppo F17

17,990

Samsung Galaxy M51
Samsung Galaxy M51

24,999

Poco M2
Poco M2

10,999

Oppo F17 Pro
Oppo F17 Pro

22,990

Realme 7 Pro
Realme 7 Pro

19,999

Realme 7
Realme 7

14,999

Xiaomi Redmi 9A
Xiaomi Redmi 9A

6,799

Vivo Y20
Vivo Y20

12,990

Xiaomi Redmi 9
Xiaomi Redmi 9

8,999

Nokia 5.3
Nokia 5.3

13,999

Motorola Moto G9
Motorola Moto G9

11,499

Realme C15
Realme C15

9,999

Realme C12
Realme C12

8,999

Samsung Galaxy Note 20
Samsung Galaxy Note 20

77,999

Xiaomi Redmi 9 Prime
Xiaomi Redmi 9 Prime

9,999

Oppo Reno4 Pro
Oppo Reno4 Pro

34,990

Samsung Galaxy M01 Core
Samsung Galaxy M01 Core

5,499

Realme 6i
Realme 6i

12,999

Asus Rog Phone 3
Asus Rog Phone 3

49,999

OnePlus Nord
OnePlus Nord

24,999

Infinix Smart 4 Plus
Infinix Smart 4 Plus

7,999

Xiaomi Redmi Note 9
Xiaomi Redmi Note 9

11,999

Samsung Galaxy M01s
Samsung Galaxy M01s

9,999

Vivo X50 Pro 5G
Vivo X50 Pro 5G

49,990

Vivo X50 5G
Vivo X50 5G

34,990

Realme C11
Realme C11

7,499

Poco M2 Pro
Poco M2 Pro

13,999

Realme X3
Realme X3

24,999

Realme X3 SuperZoom
Realme X3 SuperZoom

27,999

Tecno Spark Power 2
Tecno Spark Power 2

9,999

Oppo A12
Oppo A12

9,990

Oppo A52
Oppo A52

16,990

Samsung Galaxy A21s
Samsung Galaxy A21s

15,999

Oppo Find X2
Oppo Find X2

64,990

Motorola One Fusion Plus
Motorola One Fusion Plus

17,499

Samsung Galaxy A31
Samsung Galaxy A31

20,999

Samsung Galaxy M01
Samsung Galaxy M01

8,999

Samsung Galaxy M11
Samsung Galaxy M11

10,999

Infinix Hot 9 Pro
Infinix Hot 9 Pro

9,999

LG Velvet
LG Velvet

Price Not Available

Xiaomi Mi Note 10 Lite
Xiaomi Mi Note 10 Lite

Price Not Available

Apple iPhone SE 2020
Apple iPhone SE 2020

42,500

Honor 30 Pro
Honor 30 Pro

Price Not Available

Honor 30
Honor 30

Price Not Available

OnePlus 8
OnePlus 8

44,999

OnePlus 8 Pro
OnePlus 8 Pro

54,999

Xiaomi Redmi Note 9 Pro
Xiaomi Redmi Note 9 Pro

13,999

Motorola Moto E4
Motorola Moto E4

8,999

Samsung Galaxy On Max
Samsung Galaxy On Max

9,775

nubia N2
nubia N2

15,999

Karbonn K9 Kavach 4G
Karbonn K9 Kavach 4G

5,290

Motorola Moto C Plus
Motorola Moto C Plus

6,999

Best Sellers