New Delhi, September 11: Unique Identification Authority of India (UIDAI) might be in for some more controversy in the coming days as an investigation by a news website has found serious lapses in Aadhaar security.
A Huffpost India investigation has found that the a crucial Aadhaar software, used to enrol new users, has been hacked using a software patch that disabled security features. The three-month long investigation has found that the patch allows unauthorised people to login as Aadhaar enrolment operators from anywhere in the world. They can register anyone and generate Aadhaar numbers.
HuffPost India claiming that it has gained access to the patch and has got it verified by multiple experts.
The website claims the following:
The patch lets a user bypass some critical security features like biometric authentication of enrolment operators to generate unauthorised Aadhaar numbers.
The patch disables the enrolment software’s in-built GPS security feature. The GPS security feature is used by UIDAI to identify the physical location of every enrolment centre. Disabling this security feature means that any operator can access it from any part of the world.
The patch also reduces the sensitivity of the UIDAI software’s iris-recognition system. This makes it easier for unauthorised operators to use the photograph of a registered operator rather than requiring the operator to be present physically.
This software patch is reportedly available at just Rs 2,500, claims the HuffPost report.
UIDAI has often come under attack from various quarters regarding Aadhaar’s security system. It may be noted that in March this year, UIDAI CEO Ajay Bhushan Pandey got a unique opportunity to make a PowerPoint presentation in the Supreme court. Aallaying concerns about data security he had said that the Aadhaar data is protected by a 2048-bit encryption and “once biometrics comes to us, it will never go away”.
Making use of two projectors, he said breaking the Aadhaar encryption may take “more than the age of the universe for the fastest computer on earth”. (Agencies)