The credibility, authenticity and security of India’s Aadhaar has long been questioned but the stubborn, ignorant Indian government never accepted that Aadhaar system might need a big overhaul and despite plenty of evident and obvious proofs both UIDAI and central government always ran for cover-ups.
Eventually in a latest unfortunate and biggest incidence of all, personal information of over 1 billion Indians, has been compromised by a software patch that disables critical security features of the software used to enroll new Aadhaar users, revealed an investigation by HuffPost India.
The software patch that hacked Aadhaar’s software is freely available for mere Rs 2,500 — a bonanza for million of other hackers — that allows unauthorized persons, based anywhere in the world, to generate Aadhaar numbers at will, and is still in widespread use.
Skilled hackers have disabled the security features of Aadhaar enrollment software and even circulated hack on Whatsapp, said the report.
Ironically, a ‘Patch’ is defined as a set of changes to a computer program or its supporting data designed to update, fix, or improve it. However in case of Aadhaar, the culprit patch allegedly hacked the whole system putting the database of over 1 billion citizens at stake and in more worst scenario about same numer of bank accounts as well is also in serious threat.
This comes within few weeks after a petition was filed against UIDAI as well as the central government of India, alleging that the fundamental right to privacy of all Indians with an Aadhaar card has been violated because of Aadhaar data breaches that occurred on numerous occasion.
The hack, which indeed has significant implications for India’s national security, comes at time when when the Indian government has sought to make Aadhaar numbers the gold standard for citizen identification, and mandatory for everything from using a mobile phone to accessing a bank account.
According to HuffPost India, the patch is in possession of it and the online portal had even got it analysed by three internationally reputed experts, and two Indian analysts, to confirm that the database has indeed been hacked.
About 1,224,222,809 Aadhaar (122 Crore or 1.22 billion) has been generated till the writing of this article, as per the UIDAI website.
According to the experts, the patch lets a user bypass critical security features such as biometric authentication of enrolment operators to generate unauthorised Aadhaar numbers. It disables the enrollment software’s in-built GPS security feature (used to identify the physical location of every enrollment centre), which means anyone, whether he or she is an Indian or not, can use the software to enroll in Aadhaar system.
Moreover, the patch reduces the sensitivity of the enrolment software’s iris-recognition system, making it easier to spoof the software with a photograph of a registered operator, rather than requiring the operator to be present in person.
According to a 2012 news piece of Economic Times, The Aadhaar number repository and its IT infrastructure is run run by HCL Infosystems, which won the contract worth 2,200-crore from the UIDAI, in March 2012.
In July this year, the Aadhaar data of the chief of Indian telecom watchdog, TRAI, got leaked when he pose a challenge on Twitter to hack his Aadhaar details.
Last year in July, the government was warned about the vulnerability of Aadhaar when Indian apex court discussed privacy issues with regard to the Aadhaar card. At the same time, a report from the Center for Internet and Society suggests that the records of about 135 million Indians may have been leaked from four government portal due to lack of IT security practices. Additionally, a loophole was also identified that allows all records in Aadhaar to be accessed by anyone though hackers can find other routes.
To recall, UIDAI has recently announced that from 30th of September, the face recognition feature will be rolled out in phased manner, starting with telecom service providers.