Report claims Aadhaar database compromised, UIDAI refutes it

UIDAI, the nodal agency that issues the 12-digit number, however, dismissed the report and said that the claims lack substance and are baseless.

Published: 12th September 2018 07:17 AM  |   Last Updated: 12th September 2018 07:17 AM   |  A+A-

Aadhaar. (Photo | PTI)

By Express News Service

NEW DELHI: Security of Aadhaar data, which contains personal information of over one billion citizens, was once again questioned on Tuesday, when a report revealed that Unique Identification Authority of India’s (UIDAI) Aadhaar database can be hacked using a software patch that disabled security features.

The report published by Huffpost India said that the software patch is easily available for a price as low as Rs 2,500 and allows unauthorised people to login as Aadhaar enrolment operators to register anyone and generate Aadhaar numbers, irrespective of the location from where the software is accessed.

Explaining the patch, the report said that it compromises the in-built security features of the Aadhaar enrolment software on three fronts.

First, it bypasses the need for authentication of the person using the software to enrol new people.
Secondly, the patch disables the software’s in-built GPS security feature, letting anyone from anywhere access this software and enrol people. Third, it reduces the sensitivity of the Aadhaar enrolment software’s iris recognition feature, thereby making it easier to manipulate the software using a photograph of the registered operator.

It is important to note that UIDAI recently announced a phased rollout of face recognition feature as an additional mode of authentication, starting with telecom service providers from September 15. The report also comes at a time when the Supreme Court is all set to announce its verdict on the constitutional validity of Aadhaar.

UIDAI, the nodal agency that issues the 12-digit number, however, dismissed the report and said that the claims lack substance and are baseless.

“No operator can make or update Aadhaar unless the resident himself gives his biometric. Any enrolment or update request is processed only after biometrics of the operator is authenticated and resident’s biometrics is de-duplicated at the backend of UIDAI system,” UIDAI said.

It further added that various measures taken by it make it impossible to introduce ghost entries into Aadhaar database.

Questions on threat to privacy not for first time
■ Quite recently, TRAI chairman RS Sharma shared his Aadhaar number on Twitter and threw an open challenge, which was effectively countered by hackers. However, Sharma said no harm was caused
■ Earlier this year, an investigation by The Tribune found that access to Aadhaar databases was easily available for Rs 500

Stay up to date on all the latest Business news with The New Indian Express App. Download now

Comments

Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the newindianexpress.com editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on newindianexpress.com are those of the comment writers alone. They do not represent the views or opinions of newindianexpress.com or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. newindianexpress.com reserves the right to take any or all comments down at any time.