In a highly alarming development, hackers have found a way to compromise the Aadhaar software and the ID database by disabling some of the security features of the enrolment software. An even more disturbing fact is that the hack is being widely circulated on WhatsApp for as little as Rs. 2,500 (US$35). This means unauthorized persons from anywhere in the world can generate Aadhaar numbers at will making it a security concern of national importance as Aadhaar authentication is being promoted as a one-stop solution for all forms of authentication.
The said patch was analyzed by HuffPost India with the help of three security experts along with two Indian analysts. The findings were as follows —
Anyone reading the above points will immediately understand the fundamental structure of Aadhaar authentication has been compromised. HuffPost India's experts say that fixing the flaw and any future ones would require in a complete overhaul of the structure of Aadhaar.
Bengaluru-based cybersecurity analyst Anand Venkatanarayanan, who was helping HuffPost India analyze the data shared his results with the National Critical Information Infrastructure Protection Center (NCIIPC) and said that the hack was possible because of implementing code from the older, less secure versions of the software on to newer versions.
HuffPost India reports a series of bad initial implementations led to the current security loophole in the Aadhaar enrolment. There are many Aadhaar operators who have paid Rs. 2,500 to source the hack and are running illegal enrolments. Payments are being received via UPI by using a temporary mobile number linked to a bank account. UIDAI and NCIIPI are yet to respond to this hack, which is actually even being used as we write this article.
While there are no signs of Aadhaar being retracted anytime soon, the very notion of a total overhaul poses an immense challenge before the Indian Government, which has laid out ambitious plans for using it as a one-stop shop for all citizen-centric services.
What do you think about the Aadhaar biometric hack? Let us know in the comments below. Also, to get instant tech updates, follow TechNadu’s Facebook page, and Twitter handle.Â