Aadhaar security lapse could allow major chunk of information to be stolen, says data security expert

-
By Alison Saldanah


For the second time in the first three months of 2018, the vulnerabilities of the Aadhaar programme €" the world's largest biometric database €" were exposed when American business technology website ZDNet >reported on 23 March 23, 2018, that the personal data of millions of enrolled Indians could be accessed through unsecure websites and mobile apps of third-party agencies that use the identification system for authenticating transactions.
Aadhaar comprises a unique 12-digit number assigned to Indian residents. As of 29 March, 2018, more than 1.2 billion Indians €" or 99.7 percent of the population €" have enrolled in the programme. The database, which is fast becoming an integral part of Indian policy, includes fingerprints, iris scans and demographic details of every enrolled individual. From 1 July, 2018, the system will also include facial recognition for identity authentication purposes.
One night in mid-February 2018, in 30 minutes, data security expert Karan Saini, who identifies as a "white-hat" hacker (one who improves security by exposing vulnerabilities before malicious hackers or "black-hat" hackers can detect and exploit these), found the vulnerable point in the Aadhaar database through Indane, a commercial distributor of liquefied petroleum gas (LPG), owned by Indian Oil, a public-sector company. Indane, the second-largest marketer of LPG globally, caters to 110 million households across the country.
Fearing prosecution from the government, Saini reached out to a reporter at ZDnet to notify the Unique Identity Authority of India (UIDAI), in-charge of programme, of the security lapse.
Through Indane, not only could Saini gain access to the Aadhaar numbers, demographic and biometric data of several Indian residents, but also view details of where these individuals hold bank accounts, and what other services their Aadhaar numbers are linked to.
Prior to this, on 3 January, 2018, The Tribune, a Chandigarh newspaper, >alleged in an investigation that unrestricted access to details of over one billion Aadhaar numbers could be purchased for as little as Rs 500.
Since its inception in 2011, Aadhaar has been caught in several debates, especially over privacy issues and information leaks. In the absence of a privacy law, lawyers and activists, who have challenged the Aadhaar Act, which essentially now mandates the enrollment of all citizens, as IndiaSpend reported in March 2017, argue that once the programme is linked to various services it will offer the government too much information too easily about individuals.
The UIDAI has dismissed these fears, maintaining that the central database, guarded by a 13-feet-high and five-feet-thick wall, is safe and insists the programme is a "serious effort to end corruption". Arguing for the constitutional validity of Aadhaar, the UIDAI has denied Saini's finding and The Tribune report of security lapses in the system during a Supreme Court (SC) hearing on Tuesday, 27 March, 2018.
"There has not been one data leak till date," Ajay Bhushan Pandey, chief executive officer of UIDAI, told the SC.
In an interview with IndiaSpend, Saini, a freelance information-security professional based in New Delhi, discusses data security and privacy concerns in Aadhaar. Saini, occasionally also participates in "bug bounty programs" that involve identifying and reporting security vulnerabilities to companies. He has worked with Twitter, Uber and the US Department of Defence.
What prompted you to check the third-party security of Aadhaar data and what exactly did you find?
I started looking into the vulnerabilities of Aadhaar on a whim. On the Apple App Store, I found this mobile application 'Aadhaar Status' offered by Indian Oil, which claimed to allow you to check your Aadhaar seeding status with Indane. I started to dig into the app and the API [Application Program Interface] it used to access and retrieve Aadhaar data. I wanted to see if it had any security measures in place, and if so, whether and how they could potentially be bypassed. In a few minutes, I was able to determine that a few key countermeasures could be put in place to access the data for an endpoint as sensitive as this.
Sources by:YAHOO!NEWS

Comments

Post a Comment

Popular posts from this blog

Artificial Intelligence (AI) and Machine Learning

-
  Artificial Intelligence , or AI, has already received a lot of buzz in the past decade, but it continues to be one of the new  technology trends  because of its notable effects on how we live, work and play are only in the early stages. AI is already known for its superiority in image and speech recognition, navigation apps, smartphone personal assistants, ride-sharing apps and so much more. Other than that AI will be used further to analyze interactions to determine underlying connections and insights, to help predict demand for services like  hospitals  enabling authorities to make better decisions about resource utilization, and to detect the changing patterns of  customer behaviour  by analyzing data in near real-time, driving revenues and enhancing personalized experiences. The AI market will grow to a  $190 billion industry by 2025  with global spending on cognitive and AI systems reaching over  $57 billion in 2022.   With AI spreading its wings across sectors, new jobs will be
Read more

Computer Basics-Basic Parts of a Computer

-
Introduction The basic parts of a desktop computer are the computer case, monitor, keyboard, mouse, and power cord. Each part plays an important role whenever you use a computer. The computer case is the metal and plastic box that contains the main components of the computer, including the motherboard, central processing unit (CPU), and power supply. The front of the case usually has an On/Off button and one or more optical drives. Computer cases come in different shapes and sizes. A desktop case lies flat on a desk, and the monitor usually sits on top of it. A tower case is tall and sits next to the monitor or on the floor. All-in-one computers come with the internal components built into the monitor, which eliminates the need for a separate case. Monitor The monitor works with a video card, located inside the computer case, to display images and text on the screen. Most monitors have control buttons that allow you to change your monitor's display settings, and some monitors also
Read more

Percentages: Formulas, Tricks and Shortcuts

-
Image
The following is a list of important formulas for Percentage: 1.  Percent implies “for every hundred”. % is read as percentage and x % is read as x per cent. 2.  To calculate p % of y (p/100) x y = (p x y)/100 p % of y = y % of p 3.  To find what percentage of x is y: y/x × 100 4.  To calculate percentage change in value Percentage change = {change/(initial value)} x 100 5.  Percentage point change = Difference of two percentage figures 6.  Increase N by S % = N( 1+ S/100 ) 7.  Decrease N by S % = N (1 – S/100) 8.  If the value of an item goes up/down by x%, the percentage reduction/increment to be now made to bring it back to the original point is 100x/ (100 + x) %. 9.  If A is x% more /less than B, then B is 100x/(100 + x) % less/more than A. 10.  If the price of an item goes up/down by x %, then the quantity consumed should be reduced by 100x/ (100 + x)% so that the total expenditure remains the same. 11.  Successive Percentage Change If there are succ
Read more