• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

FindBiometrics

FindBiometrics

Global Identity Management

  • Biometrics
    • What are Biometrics?
    • FAQ
    • Biometric Associations
    • Companies
    • Premier Partners
  • News
    • Featured Articles
    • Interviews
    • Thought Leadership
    • Podcasts
    • Webinars
    • Year in Review
  • Applications
    • Biometric Security
    • Border Control and Airport Biometrics
    • Consumer and Residential Biometrics
    • Financial Biometrics
    • Fingerprint & Biometric Locks
    • Healthcare Biometrics
    • Justice and Law Enforcement Biometrics
    • Logical Access Control Biometrics
    • Mobile Biometrics
    • Other Biometric Applications
    • Physical Access Control Biometrics
    • Biometric Time and Attendance
  • Solutions
    • Behavioral Biometrics
    • Biometric Sensors and Detectors
    • Facial Recognition
    • Biometric Fingerprint Readers
    • Hand Readers & Finger Scanners
    • Iris Recognition
    • Biometric Middleware and Software
    • Multimodal Biometrics
    • Physiological Biometrics
    • Smart Cards
    • Vein Recognition
    • Voice and Speech Recognition
  • Stocks
  • Events
  • Companies
  • Podcasts

Code Hack Allows for Creation of Fraudulent Aadhaar Identities, Report Alleges

September 11, 2018

“Responding to the report today, the UIDAI issued a statement in which it reaffirmed that each Aadhaar identity is linked to 10 unique fingerprints and a pair of irises, and that these biometrics are checked against the entire Aadhaar database for duplicate entries, so it is therefore ‘not possible’ to create fraudulent entries in the database.”

A serious security vulnerability in Aadhaar means the biometric national ID program is fundamentally flawed, according to a damning new Huffington Post report.Code Hack Allows for Creation of Fraudulent Aadhaar Identities, Report Alleges

The issue revolves around a certain patch – that is, a bundle of code that can be implemented on top of existing software – that can be easily obtained from the black market via WhatsApp. Essentially, the patch disables key security protocols in software designed to enroll individuals into Aadhaar, allowing just about anybody to create fraudulent Aadhaar identities.

The patch indirectly resulted from government authorities’ rushed efforts to implement Aadhaar. Early in the program’s development, the Unique Identification Authority of India, which administrates Aadhaar, decided to allow private agencies and village service centers to enroll citizens into the program as a means of speeding up its expansion across the country. Officials built certain safeguards into the enrollment software, such as a GPS feature designed to track where a given enrollment was processed, and a login system requiring operators to provide their own biometric credentials in the form of a fingerprint or iris scan.

The patch bypasses those safeguards, allowing administrators to access the enrollment system and to create new and potentially fake Aadhaar identities.

Security researchers consulted in the Huffington Post’s article say that the patch appears to be the product of experts who have invested considerable resources into its creation, suggesting it could be the product of criminal organizations. WhatsApp groups selling the patch ask buyers to transfer money to mobile wallets, whose corresponding phone numbers are quickly deactivated, according to the report.

The UIDAI has faced a number of scandals in recent years pertaining to security breaches and its seemingly haphazard approach to administrating and upgrading the Aadhaar database, but this is perhaps the most serious indictment of the program’s security to date. Responding to the report today, the UIDAI issued a statement in which it reaffirmed that each Aadhaar identity is linked to 10 unique fingerprints and a pair of irises, and that these biometrics are checked against the entire Aadhaar database for duplicate entries, so it is therefore “not possible” to create fraudulent entries in the database.

The UIDAI also lobbed an accusation of its own, asserting that “certain vested interests are deliberately trying to create confusion in the minds of people which is completely unwarranted.”

Sources: Huffington Post, The Economic Times

–

September 11, 2018 – by Alex Perala

Related News

  • Kenya’s National Biometric ID Program Delayed by High CourtKenya’s National Biometric ID Program Delayed by High Court
  • Indian Partners Brief Afghanistan Officials on Aadhaar ID ProgramIndian Partners Brief Afghanistan Officials on Aadhaar ID Program
  • ‘Mere Possession’ of Aadhaar Data No Threat to Citizens, UIDAI Says After Latest Breach Scare‘Mere Possession’ of Aadhaar Data No Threat to Citizens, UIDAI Says After Latest Breach Scare
  • Indian FinTech Firms Look for Aadhaar Alternatives for KYC in Wake of Supreme Court RulingIndian FinTech Firms Look for Aadhaar Alternatives for KYC in Wake of Supreme Court Ruling
  • UIDAI Urges Citizens to Treat Aadhaar Info Like Credit CardUIDAI Urges Citizens to Treat Aadhaar Info Like Credit Card
  • India Unveils New Face-Based Aadhaar Authentication AppIndia Unveils New Face-Based Aadhaar Authentication App

Filed Under: News Tagged With: Aadhaar, Biometric, biometric citizen ID, biometric enrolment, biometric ID, biometric ID programs, biometrics, hack attacks, India, UIDAI

Primary Sidebar

Want To Deploy Biometric Access? Download This First:

The resources in this bundle will give you the know-how to choose the right biometric access for your organization.

Sponsored Links

facetec logo

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

TECH5 logo

TECH5 is an international technology company founded by experts from the biometrics industry, which focuses on developing disruptive biometric and digital ID solutions through the application of AI and Machine Learning technologies.

TECH5 target markets include both Government and Private sectors with products powering Civil ID, Digital ID, as well as authentication solutions that deliver identity assurance for various use cases. 

Learn more: www.tech5.ai

With its secunet border gears product portfolio and specialised consulting expertise, secunet supports police forces and security authorities in their sovereign tasks. Whether ABC gates, self-service kiosks or biometric middleware – each component helps to strengthen identity protection and to accelerate verification – in mobile and stationary scenarios.

Mobile ID World Logo

Mobile ID World is here to bring you the latest in mobile authentication solutions and application providers. Our company is dedicated to providing users with the best content and cutting edge information on technology, news, and mobile solutions for your mobile identity management needs.

Recent Posts

  • Highlighting Biometric Security, NC DMV Head Pushes for Mobile Driver’s License
  • NY Attorney General Takes Aim at Madison Square Garden: Identity News Digest
  • [New Sponsors Announced] Feb 15 Virtual Summit Sessions Announced: Digital ID in Healthcare, Financial Services, Travel
  • After 250% Revenue Spike, São Paulo Onboarding Startup Goes Global
  • In Pursuit of Digital ID: Identity News Digest

Biometric Associations

IBIA and fido

Tweets

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives
  • CCPA: Do not sell my personal info.

Follow Us

Copyright © 2023 FindBiometrics