A software patch that disables critical security features of the Aadhaar enrolment software has compromised the biometric and personal data of over a billion enrolled Indians, an investigation by Huff Post has revealed.
The patch, available for as little as Rs 2,500, allows individuals located anywhere in the world to generate the unique 12-digit Aadhaar number. This not only busts the age-old line proffered by the government of Aadhaar database being secure but more importantly raises huge national security implications.
The seriousness of the compromise can be gauged from the claim that sourcing the patch is as easy as gaining access to one of the many WhatsApp groups where it is being sold. Moreover, the article says that using the patch is as simple as “installing the enrolment software on a PC.”
Why This Breach Is BIG
Experts who have analysed the software patch have highlighted a number of damaging characteristics about the controversial database.
- The patch allows a user to completely bypass the biometric authentication of enrolment operators. This enables the user to generate unique Aadhaar numbers independently.
- An individual anywhere in the world can use the software to enroll users because the patch allegedly disables the enrolment software’s GPS feature.
- It makes spoofing iris-scanning easier, potentially allowing the enrolment operator to use a photograph to scan her iris rather than requiring her to be present physically.
The national security implications of this kind of breach are massive as it allows a direct entry and intervention of a database that contains highly sensitive and personally identifiable information of nearly the entire Indian population. To make matters worse, the Central Repository Database is also seeded organically and inorganically with a host of other databases such as banks, mobile service providers and health records among others.
Government Position On Aadhaar Busted
The expose on the UIDAI database hack also busts the position the Modi Government has taken to defend the security of the Aadhaar database. IT Minister Ravi Shankar Prasad, CEO of UIDAI Ajay Bhushan Pandey and more recently TRAI Chairman RS Sharma have all made the following two claims:
The UIDAI database is secure.
The biometric data – fingerprints and iris – have not been compromised.
This hack has demonstrated the possibility of entering the enrolment database and manipulating the data contained within it and also enroll new Aadhaar numbers.
Can my Personal Data be Stolen?
According to the investigation, the software hack is unusual in the sense that it does not seek access to or steal information contained within the database but rather tries to introduce new information into it.
This one-way mechanism is nonetheless dangerous because it directly defeats a number of UIDAI’s primary claims. The aims include reducing corruption, tackling black money, eliminating fraud and identity theft.
Use the comment section below and let us know about your experience!