New Delhi: An investigation by HuffPost India has revealed that the Aadhaar database, which contains the biometrics and personal information of over one billion Indians, “had been compromised by a software patch which disables critical security features of the software used to enrol new Aadhaar users”. Also Read - MP Police Detains Digvijaya Singh, Uses Water Canons to Disperse Congress Workers Protesting Against Farm Laws | Watch
According to the report, any unauthorised person from anywhere in the world can generate Aadhaar ID using the patch which is freely available for Rs 2,500. Also Read - Breaking News: Fire Breaks Out in Delhi's Uttam Nagar, 15 Fire Tenders Rushed to Spot
The new hack is believed to be a decision by the UIDAI way back in 2010 which speed up the enrolment process by opening it for private operators. Also Read - Want to Update Your Aadhar Card With Address, Name, Date of Birth? Here’s How You Can do it
The software patch allows a user to bypass critical security features and disables the enrolment software’s pre-installed GPS security feature that is used to help UIDAI identify the physical location of enrolment centres.
“The patch reduces the sensitivity of the enrolment software’s iris-recognition system, making it easier to spoof the software with a photograph of a registered operator, rather than requiring the operator to be present in person,” the report read.
It claimed to have the patch analysed by three internationally reputed experts and two Indian analysts, all of whom confirmed it could be used to breach the Aadhaar software.
Interestingly, the report comes just days ahead of the UIDAI planning the roll-out of the face recognition feature, as an additional mode of authentication, from September 15. The phased rollout by the Aadhaar-issuing body will be brought to function with telecom service providers.
Referring to the report, the Congress on Tuesday said the sanctity of the unique identification system was jeopardised.
“The hack of the Aadhaar enrolment software jeopardizes the sanctity of the Aadhaar database. We hope the authorities will take the appropriate moves to secure future enrolments and verify the suspect enrolments,” the Congress said in a tweet.
French security expert Elliot Alderson — who had last month sparked a controversy by asking the Unique Identification Authority of India (UIDAI) to explain why its helpline number was stored on many people’s phone without their knowledge — also joined in the conversation asking the UIDAI to work with the hackers to plug the breach.
“I repeat it: NOTHING IS UNHACKABLE. It does apply for Aadhaar. UIDAI, it’s never too late. Listen and work with hackers instead of threatening them. History is looking to you,” he said.