TechLair

  • Home
  • contact
  • About
  • Privacy Policy

Aadhaar System Hacked Again: Patch Being Sold for Rs 2,500 on WhatsApp Groups

Tuesday, September 11, 2018 by Piyush Suthar | Comments

Home News Tech Aadhaar System Hacked Again: Patch Being Sold for Rs 2,500 on WhatsApp Groups

Earlier this year in May, reports emerged that a tampered version of UIDAI’s Aadhaar enrollment software, which bypassed the original software’s security features and allowed any unauthorized person to create an Aadhaar number, was being sold online. UIDAI swiftly denied the reports, but a recent in-depth investigation  has revealed that UIDAI’s ‘super-secure’ Aadhaar enrollment software has been hacked and a patch allowing the hack is being sold for just Rs. 2,500.

An 3-month long investigation conducted by Huffington Post India has uncovered the existence of a patch which disables all the critical security features of UIDAI’s official Aadhaar enrollment system and allows any person to create an Aadhaar number, from anywhere in the world.

The patch has been assessed by 3 international and two Indian software security experts, who confirmed it working and the danger it poses. The patch overcomes the biometric authentication protocol of the Aadhaar enrollment software – called the Enrolment Client Multi-Platform – and also reduces the accuracy of the iris recognition system, making it easy to spoof the software with a print-out of an iris, instead of 3D verification, letting anyone other than a certified Aadhaar enrollment operator add new members.

As stated in the original report months ago, it also disables the software’s mandatory GPS feature for tracking the whereabouts of an Aadhaar enrolment center, making it possible to create an Aadhaar ID from any place across the globe. Interestingly, the patch was created using code from older builds of UIDAI’s enrollment software which had multiple security flaws and according to the latest report, it is being widely used across the nation.

Security experts who analyzed the patch revealed that using the patch is as simple as installing any software, and then copy-pasting folders to crack the Aadhaar enrollment system.

Gustaf Björksten, Chief Technologist at Access Now, a global technology policy and advocacy group, and one of the experts consulted by Huffington Post for the investigation said Aadhaar is a high-level target for criminals. “There are probably many individuals and entities, criminal, political, domestic and foreign, that would derive enough benefit from this compromise of Aadhaar to make the investment in creating the patch worthwhile.

“To have any hope of securing Aadhaar, the system design would have to be radically changed,” he added

Huffington Post claims it provided access to the patch to the National Critical Information Infrastructure Protection Centre (NCIIPC), the government body responsible for overseeing Aadhaar security. However, the agency is yet to disclose its findings. UIDAI has not yet commented on the report, nor did it respond to the publication’s questions.




Authored by Piyush Suthar
Pro Blogger


Follow me on Twitter, Facebook, Google+, YouTube.

Load comments
  • Newer Post
  • Home
  • Older Post
  • techlair
    Over 1,500+ Readers

    Get fresh content from TechLair

    brand222 facebook brand2 envelope-o

    BEST OF TechLair

    Poco F1 Price Slashed; Available for Just Rs. 17,999
    Malala Yousafzai and Elon Musk's little Twitter conversation has won over many hearts
    Customer experience is about emotion, not technology
    At Facebook, Employees Looking For The Exit On As Scandals Continue


    Copyright © 2019 TechLair. All rights reserved.
    Privacy Policy • DMCA • Contact