Just In
- 36 min ago Deal Alert: Grab the Samsung Galaxy S23 Ultra for Under ₹90,000 on Flipkart – Here’s How
- 2 hrs ago OPPO F25 Pro New Coral Purple Colour Variant Launched in India; Where to Buy?
- 4 hrs ago New Nothing Tech Coming Soon? Teaser Suggests Ear (3) Launch
- 4 hrs ago Amazon Invests $2.75 Billion in ChatGPT, Google AI Rival Anthropic, Spending a Total of $4 Billion
Don't Miss
- News IPL 2024: Preity Zinta Cooked Aloo Paranthas, Cared Alot Of Team, Says Punjab Kings Cricketer
- Automobiles Honda Motorcycle & Scooter India Reaches 6 Crore Sales Milestone
- Finance STEL - RVNL JV Received Order From Energy Development Corporation Ltd
- Sports IPL 2024: Steve Smith also slams Hardik Pandya's captaincy - 'Perplexed, I mean you can't have...'
- Movies Heart Of The Hunter OTT Release Date, Time, Platform: Here's When Suspence Thriller Will Premiere
- Lifestyle Aditi Rao Hydari Marries Siddharth, Exploring Heeramandi Star's Ethnic Style Statements, Bookmark Now!
- Education OAVS Teacher Direct Recruitment 2024; Apply online for 1386 Posts, Check out for more details
- Travel Explore Tamil Nadu's Diverse Wedding Venues
Aadhaar database hacked; Patch likely sold on WhatsApp groups
Once again, Aadhaar security remains a question.
Aadhaar data security has always remained a highly debated topic. Though there have been several reports questioning the security of the database, UIDAI has always denied these claims. In a recent development, a three-month-long investigation by Huffington Post India has exposed that the data stored in the controversial Aadhaar identity database has been compromised by a software patch.
According to the report, the database containing personal and biometric details of over 1 billion Indians has been compromised. The software patch has disabled the critical security features that are used to enroll new users. It states that the patch is available for as little as Rs. 2,500 and is sold to WhatsApp groups so that unauthorized persons from anywhere in the world can generate Aadhaar numbers as they wish.
What is a Patch
A patch is a bundle of codes that can alter the functionality of software programmes. Usually, patches are used to rollout minor updates to the existing programmes. But patches can be used to cause harm by introducing a vulnerability. This is what has happened in the case of the Aadhaar identity database. The Huffington Post India is in possession of the patch. It has been analyzed by three internationally reputed experts and two Indian analysts.
How harmful is the patch
They have analyzed the patch to find the harmful effects of the patch. Going by the same, the patch lets a user bypass the critical security features to generate unauthorized Aadhaar numbers. Also, it disables the enrollment software's inbuilt GPS that can identify the physical location of the enrollment center. Eventually, anyone from anywhere in the world can use the software and enroll new users.
And, the patch can reduce the sensitivity of the iris recognition system of the enrollment software. This makes it easier to spoof the software using a photograph of a registered operator instead of the physical presence of the operator.
According to the report, the experts involved claim that fixing this vulnerability and other potential threats will require altering the fundamental structure of Aadhaar.
Patch is simple to install
As mentioned above, the report adds that this patch is accessible for as low as Rs. 2,500 and is shared to WhatsApp groups. Even the usernames and passwords required to login to the enrollment gateway of UIDAI is sold.
Using the patch is quite simple as it involves installing the enrollment software on a PC and replacing a folder of Java libraries using the Ctrl C+Ctrl V commands. After installing the patch, enrollment operators need not provide their fingerprint to use the software, the sensitivity of the iris scanner is reduced and GPS is disabled. So, a single operator can log into several machines simultaneously, which will reduce the cost involved in the enrollment and increase their profit.
Potential risk to national security
The security vulnerability is a potential risk to the Aadhaar users at a point in time when the Indian government is making the Aadhaar number mandatory for identification and link it with mobile number and bank account.
The experts say that this Aadhaar hack will create a new set of problems. It might defeat the aims of Aadhaar such as reducing corruption, eliminating fraud and identity theft, and tracking black money. It can also make the Aadhaar database vulnerable to the ghost entries like the other government databases.
The experts suggest that a more secure choice would be a web-based system that has all the software installed on the UIDAI servers. Such a system would require the enrollment operators to have a username and password to access the system. But this was not possible back then as many parts of the country had poor internet connectivity.
The report claims that it has granted access to the patch to NCIIPC (National Critical Information Infrastructure Protection Center). NCIIPC is the government body responsible for Aadhaar security. While the agency is yet to reveal its findings, UIDAI is yet to comment on this claim.
-
99,999
-
1,29,999
-
69,999
-
41,999
-
64,999
-
99,999
-
29,999
-
63,999
-
39,999
-
1,56,900
-
1,39,900
-
1,29,900
-
79,900
-
65,900
-
12,999
-
96,949
-
16,499
-
38,999
-
49,999
-
30,700
-
23,990
-
1,25,999
-
36,999
-
38,999
-
1,17,840
-
35,000
-
23,960
-
82,510
-
11,999
-
25,999