UIDAI’s Aadhaar Software Hacked, ID Database Compromised, Experts Confirm


14 bookmarks. First posted by ChristopherA 10 days ago.


NEW DELHI—The authenticity of the data stored in India's controversial Aadhaar identity database, which contains the biometrics and personal information of over…
from instapaper
7 days ago by robw
The authenticity of the data stored in India's controversial Aadhaar identity database, which contains the biometrics and personal information of over 1 billion Indians, has been compromised by a software patch that disables critical security features of the software used to enrol new Aadhaar users, a three month-long investigation by HuffPost India reveals. The patch—freely available for as little as Rs 2,500 (around $35)— allows unauthorised persons, based anywhere in the world, to generate Aadhaar numbers at will, and is still in widespread use. This has significant implications for national security at a time when the Indian government has sought to make Aadhaar numbers the gold standard for citizen identification, and mandatory for everything from using a mobile phone to accessing a bank account. HuffPost India is in possession of the patch, and had it analysed by three internationally reputed experts, and two Indian analysts (one of whom sought anonymity as he works at a state-funded university), to find that: The patch lets a user bypass critical security features such as biometric authentication of enrolment operators to generate unauthorised Aadhaar numbers. The patch disables the enrolment software's in-built GPS security feature (used to identify the physical location of every enrolment centre), which means anyone anywhere in the world — say, Beijing, Karachi or Kabul — can use the software to enrol users. The patch reduces the sensitivity of the enrolment software's iris-recognition system, making it easier to spoof the software with a photograph of a registered operator, rather than requiring the operator to be present in person. The experts consulted by HuffPost India said that the vulnerability is intrinsic to a technology choice made at the inception of the Aadhaar programme, which means that fixing it and other future threats would require altering Aadhaar's fundamental structure. HuffPost India could not establish just how many enrolment centres used the patch, but even the UIDAI has admitted that the enrolment process has been marred by corruption. In 2017, the UIDAI said it had blacklisted 49,000 enrolment centres for various violations, and in February 2018, the UIDAI terminated all contracts with common service centres as well. Henceforth, only banks and government institutions like the postal service can enrol Aadhaar users. As a consequence, tens of thousands of young men, with rudimentary education but great familiarity with the Aadhaar system, were put out of work.
huffington post, 11.09.2018
datenbank_biometrie_in_aadhaar  land_indien  itsicherheit_by_obscurity  datenbank_population  itsicherheit_authentisierung_biometrie  biometrie_täuschung  itsicherheit_implementierung  itsicherheit_exploit_flaw  datenschutz_id_management  itsicherheit_datensicherheit  staat_inkompetenz  staat_outsourcing  in_uidai  in_nciipc  biometrie_erfassung  video_youtube  gesellschaft_armut  staat_politik_desinformation 
8 days ago by kraven
Well that was only a matter of time...
data  security  india  dataBreach 
9 days ago by kbriney
Anyone can create new fake people in India's national person database
india  politics  badtech  hacking  aadhaar  tootme 
9 days ago by nelson
UIDAI’s Aadhaar Software Hacked, ID Database Compromised, Experts Confirm
from twitter
9 days ago by Varna
Huge threat to Aadhaar integrity and the security of over a billion Indians #digitalidentity https://t.co/GG1pbOQPga

— Emrys Schoemaker (@emrys_s) September 11, 2018
IFTTT  Twitter 
9 days ago by semrys
RT : Some recent research I conducted is reported on here
from twitter
9 days ago by jace
The authenticity of the data stored in India's controversial Aadhaar identity database, which contains the biometrics and personal information of over 1 billion Indians, has been compromised by a software patch that disables critical security features of the software used to enrol new Aadhaar users, a three month-long investigation by HuffPost India reveals.

The patch—freely available for as little as Rs 2,500 (around $35)— allows unauthorised persons, based anywhere in the world, to generate Aadhaar numbers at will, and is still in widespread use.

This has significant implications for national security at a time when the Indian government has sought to make Aadhaar numbers the gold standard for citizen identification, and mandatory for everything from using a mobile phone to accessing a bank account.
security  aadhaar  identity  india  privacy  databases  data-privacy 
9 days ago by jm
NEW DELHI—The authenticity of the data stored in India's controversial Aadhaar identity database, which contains the biometrics and personal information of over 1 billion Indians, has been compromised by a software patch that disables critical security features of the software used to enrol new A via Pocket
IFTTT  Pocket  aadhaar  hack  india  patch  security 
10 days ago by ChristopherA