mAadhaar Android app security flaw lets anyone steal your Aadhaar details

mAadhaar app for Android devices is likely plagued by a security flaw that will let anyone access your Aadhaar details. The debug feature of this app is claimed to be the reason.

    Ever since the mandatory Aadhaar linking practice came into existence, several reports have started highlighting the dangerous consequences of the same. We say dangerous as the Aadhaar details will be linked to your mobile number and bank account, and with the leak of one of these details, all your sensitive information will be exposed to others. In the meantime, a security flaw in the mAadhaar app has been discovered by a French security researcher.

    mAadhaar Android app security flaw lets anyone steal your Aadhaar info

    According to the tweets posted by Elliot Alderson, the mAadhaar app has a security flaw that will make it easy for anyone having physical access to any user's phone to get the Aadhaar card details of that person. He has explained this flaw in a series of tweets and has raised the issues those have plagued the mAadhaar app available for Android devices.

    The researcher says that it is very easy to get the password of the local database as the mAadhaar app saves all the biometric settings in a local database that is protected with just a password. To generate the password, they tried a random number 1233456789 as the seed and db_password_123 as the hardcoded string.

    He goes on stating that the debug feature enabled in the app by default allows anyone repack the mAadhaar application with the logging activated and send it so that all the Aadhaar data will be saved on the SD card in the device. From there, the attackers can upload the log file to their servers. He also states that it is not a good idea to keep the debug feature in the Android app that UIDAI released a few months back.

    UIDAI immediately responded to him stating that mAadhaar uses a local database to store the user preferences on the user's device itself. It claims that the app does not capture, store or take biometric inputs. And, that there is no compromise being done in protecting the user data.

    How to send money using Paytm Inbox

    In response, Alderson has clarified stating that app code of mAadhaar suggests that it stores eKYC data such as name, Aadhaar number, address and photograph on the user's device. To prove his claims, he has also released a proof-of-concept Aadhaar database password generation and states that it generates the same password every time, making it easier for attackers to crack the password. But the authenticity of the password generator remains unconfirmed for now. Notably, this security flaw will not work remotely as it needs the physical access to the user's device. 

    Back in the last week, we came across a report alleging that the Aadhaar database has a flaw that will let anyone access the database for just Rs. 500. As an aftermath, UIDAI came up with a restricting letting only 5,000 officials to access the Aadhaar portal. 

    Read More About: aadhaar windows android news hack
    X

    Stay updated with latest technology news & gadget reviews - Gizbot

    We use cookies to ensure that we give you the best experience on our website. This includes cookies from third party social media websites and ad networks. Such third party cookies may track your use on Gizbot sites for better rendering. Our partners use cookies to ensure we show you advertising that is relevant to you. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on Gizbot website. However, you can change your cookie settings at any time. Learn more