12/09/2018
Aadhar Security- a Myth or Reality???
While the security industry and experts are still debating over the privacy issues that come along with Aadhar and the failure of the government machinery to implement strong security measures to protect Aadhar details, press and media were having a party few weeks back with the war of tweets between the telecom regulatory chief R.S.Sharma and advocates of privacy.
Huffpost has now claimed that UIDAI' database has been compromised by a software patch that disables critical security features of the software used to enrol new Aadhaar users. Huffpost states “The patch—freely available for as little as Rs 2,500 (around $35)— allows unauthorised persons, based anywhere in the world, to generate Aadhaar numbers at will, and is still in widespread use”. Huffpost claims to be in possession of the patch and claims to have had it analysed by three internationally reputed experts, and two Indian analysts. Their findings are:
“
• The patch lets a user bypass critical security features such as biometric authentication of enrolment operators to generate unauthorised Aadhaar numbers.
• The patch disables the enrolment software's in-built GPS security feature (used to identify the physical location of every enrolment centre), which means anyone anywhere in the world — say, Beijing, Karachi or Kabul — can use the software to enroll users.
• The patch reduces the sensitivity of the enrolment software's iris-recognition system, making it easier to spoof the software with a photograph of a registered operator, rather than requiring the operator to be present in person.”
It will be interesting to see how the government and those who claim of Aadhar being highly secure will respond to this. But the common man will still have to wait to know if Aadhar being secure is a reality or just a myth!!
