Aadhaar’s Security Issues Embarrassing and Dangerous

The Aadhaar which is India’s biometric ID programme which has been widely boasted about by the government has become a major shame in terms of security lapse. Another major security lapse had lead to access to private information.

Aadhaar’s Security Embarrassing and Dangerous
Aadhaar’s Security Embarrassing and Dangerous

What makes matters even more interesting is these faults have been picked up a while back but still not fixed. The security department of Aadhaar would rather sip on a lovely cup of chai than fix a security flaw which could leak out billions of private details to dangerous hackers and thieves.

The leaked private details include names, Aadhaar Card number and even bank details.

Karan Saini, a security researcher said-

 “This is a security lapse. You don’t have to be a consumer to access these details. You just need the Uniform Resource Locator where the Application Programming Interface is located. These can be found in less than 20 minutes.”

Aadhaar boasts of being the largest database, and with such security flaws, it is threatening to the huge 1.1 billion users in this database.

Related Articles:

The CEO of UIDAI, Ajay Bhushan Pandey has come up in defending UIDAI commenting-

“Each Aadhaar biometric is encrypted by a 2048-key combination and to decode it, the best and fastest computer of our era will take the age of the universe just to hack into one card’s biometric details.”

The latest leak is from a state-owned utility company which allows anyone to download private information on Aadhaar holders. The application programming interface (API) through the utility provider shows that retrieving private details of Aadhaar Card holders is a piece of cake.

The report stated-

“The affected endpoint uses a hardcoded access token, which, when decoded, translates to ‘INDAADHAARSECURESTATUS,’ allowing anyone to query Aadhaar numbers against the database without any additional authentication.”

What is not aware is how the data is being retrieved, whether it is from UIDAI, the banks or gas companies which needs to be answered.

Eliott Alderson, a security researcher tweeted about Aadhaar numbers being available on Google which is a major flaw in the security system of Aadhar.

The Tweet read-

Hi @UIDAI and @ceo_uidai, it’s time for you to force your partners to handle #Aadhaar cards in a secure way.
If you make a Google search query with one of this line you will find thousands of #Aadhaar card.@UIDAI: It’s time to admit that this is not OK and to work on a fix.

5:26 PM – Mar 16, 2018