Again a bad news for Aadhaar. Very recently, India’s national database has been hit by yet another majority security lapse. This lapse allows an easy access to India’s biometric ID programme, acquiring private information, business technology news and bank details from the accounts of all Aadhaar users.
To know more, Karan Saini, a New Delhi-based security researcher, who detected this vulnerable endpoint, added that anyone with an Aadhaar number is affected.Yet, even after this, the Indian authorities did nothing for weeks to fix the flaw. Also, to this Saini added that “This is a security lapse. You don’t have to be a consumer to access these details. You just need the Uniform Resource Locator where the Application Programming Interface is located. These can be found in less than 20 minutes”.
To this, Vikas Shukla, spokesman for the Unique Identification Authority of India (UIDAI), which runs the Aadhaar programme, said that the agency would issue a statement later. Also, to save their back, Ravi Shankar Prasad, India’s minister for electronics and information technology, tweeted that, “Aadhaar does not save the details of your bank account.”
To know more, Aadhaar, a biometric identification card with over 1.1 billion users, is the world’s biggest database. But the recent past has witnessed it facing increased scrutiny over privacy concerns following several instances of breaches and misuse.
Very recently, in fact, the CEO of the UIDAI Ajay Bhushan Pandey, stated that the biometric data attached to each Aadhaar was safe from hacking as the storage facility was not connected to the internet. To which he stated that “Each Aadhaar biometric is encrypted by a 2048-key combination and to decode it, the best and fastest computer of our era will take the age of the universe just to hack into one card’s biometric details”.
To be true, the data leaked on the face of it may not be seen as sensitive or exposed biometric data, but definitely contradicts the Indian government’s claims that the database is secure.
It’s long been believed that identity theft is one of the biggest issues faced by both UIDAI and Aadhaar number holders. In fact, it has been reported that linking Aadhaar numbers to SIM cards has led to stolen money and fraud.
So right now, until the court rules on this case, subscribing to the database won’t be mandatory for Indian citizens. But that also doesn’t solve much of the problem for the users as information has been already collected.