Report claims Aadhaar database compromised, UIDAI refutes it
NEW DELHI: Security of Aadhaar data, which contains personal information of over one billion citizens, was once again questioned on Tuesday, when a report revealed that Unique Identification Authority of India’s (UIDAI) Aadhaar database can be hacked using a software patch that disabled security features.
The report published by Huffpost India said that the software patch is easily available for a price as low as Rs 2,500 and allows unauthorised people to login as Aadhaar enrolment operators to register anyone and generate Aadhaar numbers, irrespective of the location from where the software is accessed.
Explaining the patch, the report said that it compromises the in-built security features of the Aadhaar enrolment software on three fronts.
First, it bypasses the need for authentication of the person using the software to enrol new people.
Secondly, the patch disables the software’s in-built GPS security feature, letting anyone from anywhere access this software and enrol people. Third, it reduces the sensitivity of the Aadhaar enrolment software’s iris recognition feature, thereby making it easier to manipulate the software using a photograph of the registered operator.
It is important to note that UIDAI recently announced a phased rollout of face recognition feature as an additional mode of authentication, starting with telecom service providers from September 15. The report also comes at a time when the Supreme Court is all set to announce its verdict on the constitutional validity of Aadhaar.
UIDAI, the nodal agency that issues the 12-digit number, however, dismissed the report and said that the claims lack substance and are baseless.
“No operator can make or update Aadhaar unless the resident himself gives his biometric. Any enrolment or update request is processed only after biometrics of the operator is authenticated and resident’s biometrics is de-duplicated at the backend of UIDAI system,” UIDAI said.
It further added that various measures taken by it make it impossible to introduce ghost entries into Aadhaar database.
Questions on threat to privacy not for first time
■ Quite recently, TRAI chairman RS Sharma shared his Aadhaar number on Twitter and threw an open challenge, which was effectively countered by hackers. However, Sharma said no harm was caused
■ Earlier this year, an investigation by The Tribune found that access to Aadhaar databases was easily available for Rs 500