After exposing vulnerabilities in India Post, BSNL websites, French hacker points fingers at Aadhaar data leakage in Andhra government site
By Kiranmai Tutika | Express News Service | Published: 15th March 2018 06:20 AM |
VIJAYAWADA: A French security researcher who goes by the pseudonym Elliot Alderson on Wednesday exposed how biometric details of Below Poverty Line (BPL) families were openly available on the Andhra Pradesh Panchayat Raj Department’s website.Alderson, who has been taking a keen interest in flagging Indian websites’ vulnerabilities, posted a URL of the state government’s site to show how Aadhaar card scans of people were being handled carelessly.
The screenshots clearly display fingerprints of people enrolled under Below Poverty Line category.
Seven hours after the vigilante hacker called out the chink on Twitter, officials replaced the URL http://pris.ap.gov.in/bpl/uploads/ with a blank page, but Alderson claimed the details were still easily available.
“You don’t even know how to fix this issue, the documents are still accessible...,” he tweeted.
When contacted, Alderson told TNIE all it took to gain access to people’s Aadhaar details was “a proper google search with the right queries”.
Hitting out at the Unique Identification Authority of India which had dismissed his allegation saying it was not carelessness on the part of the government, but “unscrupulous” elements that were putting confidential details of citizens online, Elliot Alderson posted a screenshot of the state department’s website.
“Hi @UIDAI and @ceo_uidai, let me show you one of the “unscrupulous elements”. This governmental website is leaking 4769 files,” he said on the social networking site.
He, however, added that the data was not coming from the Aadhaar database, “but you have to admit that there is an issue here. If even a governmental website is not able to handle personal data of citizens correctly...”.
The vigilante hacker stated that he was not for or against Aadhaar, but thought a project of such magnitude deserved maximum security.
Neither the Principal Secretary nor the Commissioner of the Panchayat Raj Department were available for comment. The website, pris.ap.gov.in, was designed and is being maintained by private company Entro labs IT solutions. The firm has also developed an Android app for the website which has clocked over 10,000 downloads.
IT & Communications Department Principal Secretary K Vijayanand said the website would be linked to the State government’s server. This is not the first time that the hacker has pointed out problems in the Indian government’s websites. Over the past few months, many vulnerabilities in websites including that of India Post, BSNL and EFLU were exposed by the security researcher, and hence fixed.