A three-month-long investigation by HuffPost India claims that there is a breach in the Aadhaar database of billions of Indians. And an easily available software patch that compromises the security, is the reason.
Since the introduction of Aadhaar in the system in 2009, there have been on-going speculations about how safe and firmly protected is the personal data of the Aadhaar holders. Cases have been identified every now and then about the Aadhaar data being compromised. The latest was as recent as five months ago.
Although the UIDAI has always rejected them as mere speculations and has claimed that the data is safe; this time, the experts claim it to be true.
What is this Software Patch?
The software patch, which isn’t developed by the UIDAI, allegedly disables the security system of the software used to enroll for Aadhaar and makes it easy for the hackers to create unauthorized Aadhaar numbers.
This software patch can be easily availed at a one-time charge of Rs 2500 and is said to be used by numerous enrollment operators around the country. HuffPost claims to have an access to the patch, and how the entire investigation has been backed up by the experts from various agencies as well.
The investigation further states that, the software came into use early in the year 2017 and has its root way back when the Aadhaar enrolment was distributed down to the private operators to speed up the process of Aadhaar enrolments. And it is still in use.
What is the purpose of this patch?
According to Gustaf Bjorksten, Chief Technologist at Access Now, “Whoever created the patch was highly motivated to compromise Aadhaar.”
How does this patch work?
Installing this software patch is as easy as installing any other software on the PC. Once installed, the patch does the following:
- It lets the user forgo the biometric authentication session. That means they don’t have to user fingerprints to access the software.
- It also disables the inbuilt GPS features of the software. This results in an easy access from even the remotest of locations. So, now anybody can enroll as a user.
- It greatly reduces the sensitivity feature of the Iris recognition system. This makes it easy to fool the software by using a mere photograph of a registered operator, rather than a real person being present.
And you are done! It is that easy.
There are even tutorials available on Youtube on how this patch can be used.
What does this patch Accomplish?
Although the software patch doesn’t enable a hacker to get an access into the existing database of a user, it can sure as hell enable the operators to create new data and add fake identities and information into the Aadhaar database.
A person with multiple entries can create multiple Aadhaar cards and basis that he can funnel off the rations of many people.
Besides that, there could be many individual, criminal, political or foreign entities, that can misuse the multiple identities created by anonymous users.
What is so far being done with the findings?
HuffPost reportedly provided the copy of the patch to National Critical Information Infrastructure Protection Centre (NCIIPC) earlier this year, but there was no response containing the findings of the investigation by the nodal agency. In fact, they outright declined to share any findings whatsoever.
Experts believe that the entire Aadhaar system would require radical changes, in order to control the further breach and to secure Aadhaar system.
Any major steps taken by the relevant authorities?
Not anything that HuffPost is aware of.
However, UIDAI is currently claiming to work on a face recognition facility to bolster the security. This will be done by verifying users through facial recognition system apart from fingerprint and iris recognition.
Is it the internal failings of the Aadhaar agencies or the corruption which enables and makes it easy for the hackers to get their hands on the database of a matter of such secrecy? The personal details which are linked to the Aadhaar numbers of billions of Indians is so easily accessible through a cheap software. It’s truly appalling.
Let us know your opinion.