In major revelation, it has come to light that the identity database of the UIDAI’s Aadhaar has been compromised by a software patch that reportedly disables critical security features of the software used to enroll new Aadhaar users.
According to a report in Huffpost, the software patch, which allows unauthorised people to generate Aadhaar numbers at will, is widely being used.
Following the reports, the Congress said on Tuesday the sanctity of the unique identification system was jeopardised.
“The hack of the Aadhaar enrollment software jeopardises the sanctity of the Aadhaar database. We hope the authorities will take the appropriate moves to secure future enrollments and verify the suspect enrollments,” a tweet from the official handle of the Congress read.
The hack of the Aadhaar enrollment software jeopardises the sanctity of the Aadhaar database. We hope the authorities will take the appropriate moves to secure future enrollments and verify the suspect enrollments. https://t.co/KDetuXoBgE
— Congress (@INCIndia) September 11, 2018
The Huffpost report said an unauthorised person from anywhere in the world can generate Aadhaar ID using the patch, which is easily available for Rs 2,500.
The patch, which is a bundle of code used to alter the functionality of a software programme, reportedly, lets a user bypass critical security features such as biometric authentication of enrolment operators to generate unauthorised Aadhaar numbers.
“The patch reduces the sensitivity of the enrolment software’s iris-recognition system, making it easier to spoof the software with a photograph of a registered operator, rather than requiring the operator to be present in person,” the report said.
Jumping into the debate once again, French security expert Elliot Alderson asked the UIDAI to work with hackers to plug the breach.
“I repeat it: NOTHING IS UNHACKABLE. It does apply for Aadhaar. UIDAI, it’s never too late. Listen and work with hackers instead of threatening them. History is looking to you,” he tweeted.
— Elliot Alderson (@fs0c131y) September 11, 2018