After a long investigation of three months it was found out that there was an uncovered loophole in the software that updates and secures the data stored in Aadhaar identity database. This loophole that hangs loose by the UIDAI (Unique Identification Authority of India) allows the hackers to generate new and unauthorised Aadhaar number that disables the security features of the official Aadhaar enrolment software.
It is also reported that the one-time charge to use this is as low as Rs. 2500 and is already used by too many enrolment operators across the country. It is also believed that the new hack has its roots from the UIDAI decisions took back in 2010 for the speedy process of enrolment and opening it for the private operators too. Other than this, the new Aadhaar loophole also emerges by the launching of face recognition features. By this feature, the Aadhaar issuing body is identified by its face and with fingerprints and iris scan.
The UIDAI brought new and standardised enrolment software called the Enrolment Client Multi-Platform (ECMP) in the year 2010. This software has to installed on the each enrolment computer. The choice to offer an establishment bundle as opposed to giving a cloud-based answer for private enrolment administrators put the basic parts of Aadhaar in danger. This likewise in the end opened the road for a hack like the most recent fix that is supposedly dealing with best of the enrolment programming, and was made by “grafting code from older versions of Aadhaar enrolment software – which had fewer security features – onto newer versions of the software” said Björksten.
It was reported that the Aadhaar loophole with the usernames and passwords that needed access to the UIDAI was the enrolment gateway. This can also procure the WhatsApp groups and charges only Rs. 2500. This can be installed as any other software in the computer all the hacker need to do is change the java libraries by using the cut and paste commands. And once installed, then the loophole can help to abandon the enrolment process by the use of their fingerprints to access the software. This can jumble up the entire identity. It was reduce the GPS and the sensitivity of iris scan and will extent the duration of each login session.
This loophole also enabled the private operators to use the enrolment without the fingerprints in a single login session and hence the operator can log in multiple machines at once. By this, the cost per enrolment is reduced and hence investing only once and paying a sum or Rs. 30 for an enrolment.
“If anybody is able to create an entry in the Aadhaar database, then potentially the person can create multiple Aadhaar cards. Then the same person can siphon off rations of multiple people,” said Rajendran Narayanan, Assistant Professor, Azim Premji University, Bengaluru, quoted in an interview.
Currently, the UIDAI is working on the face recognition which was delayed in the past. This facility was aimed to strengthen the security and verify the users with their face identification, iris and fingerprint scans.
The UIDAI has also advised people to visit only the authorised Aadhaar enrolment centres in the bank branches, post offices and government offices for the enrolment or the update of their Aadhaar. Other than this people have to be careful while sharing the data online. This loophole can access WhatsApp too. This is because it is done only on the authorised machine. You can fine the list of authorised Aadhaar Kendra on the UIDAI website www.uidai.gov.in.