• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

FindBiometrics

FindBiometrics

Global Identity Management

Paravision banner
  • Biometrics
    • What are Biometrics?
    • FAQ
    • Biometric Associations
    • Companies
    • Premier Partners
  • News
    • Featured Articles
    • Interviews
    • Thought Leadership
    • Podcasts
    • Webinars
    • Year in Review
  • Applications
    • Biometric Security
    • Border Control and Airport Biometrics
    • Consumer and Residential Biometrics
    • Financial Biometrics
    • Fingerprint & Biometric Locks
    • Healthcare Biometrics
    • Justice and Law Enforcement Biometrics
    • Logical Access Control Biometrics
    • Mobile Biometrics
    • Other Biometric Applications
    • Physical Access Control Biometrics
    • Biometric Time and Attendance
  • Solutions
    • Behavioral Biometrics
    • Biometric Sensors and Detectors
    • Facial Recognition
    • Biometric Fingerprint Readers
    • Hand Readers & Finger Scanners
    • Iris Recognition
    • Biometric Middleware and Software
    • Multimodal Biometrics
    • Physiological Biometrics
    • Smart Cards
    • Vein Recognition
    • Voice and Speech Recognition
  • Stocks
  • Events
  • Directory
  • Podcasts

Code Hack Allows for Creation of Fraudulent Aadhaar Identities, Report Alleges

September 11, 2018

“Responding to the report today, the UIDAI issued a statement in which it reaffirmed that each Aadhaar identity is linked to 10 unique fingerprints and a pair of irises, and that these biometrics are checked against the entire Aadhaar database for duplicate entries, so it is therefore ‘not possible’ to create fraudulent entries in the database.”

A serious security vulnerability in Aadhaar means the biometric national ID program is fundamentally flawed, according to a damning new Huffington Post report.Code Hack Allows for Creation of Fraudulent Aadhaar Identities, Report Alleges

The issue revolves around a certain patch – that is, a bundle of code that can be implemented on top of existing software – that can be easily obtained from the black market via WhatsApp. Essentially, the patch disables key security protocols in software designed to enroll individuals into Aadhaar, allowing just about anybody to create fraudulent Aadhaar identities.

The patch indirectly resulted from government authorities’ rushed efforts to implement Aadhaar. Early in the program’s development, the Unique Identification Authority of India, which administrates Aadhaar, decided to allow private agencies and village service centers to enroll citizens into the program as a means of speeding up its expansion across the country. Officials built certain safeguards into the enrollment software, such as a GPS feature designed to track where a given enrollment was processed, and a login system requiring operators to provide their own biometric credentials in the form of a fingerprint or iris scan.

The patch bypasses those safeguards, allowing administrators to access the enrollment system and to create new and potentially fake Aadhaar identities.

Security researchers consulted in the Huffington Post’s article say that the patch appears to be the product of experts who have invested considerable resources into its creation, suggesting it could be the product of criminal organizations. WhatsApp groups selling the patch ask buyers to transfer money to mobile wallets, whose corresponding phone numbers are quickly deactivated, according to the report.

The UIDAI has faced a number of scandals in recent years pertaining to security breaches and its seemingly haphazard approach to administrating and upgrading the Aadhaar database, but this is perhaps the most serious indictment of the program’s security to date. Responding to the report today, the UIDAI issued a statement in which it reaffirmed that each Aadhaar identity is linked to 10 unique fingerprints and a pair of irises, and that these biometrics are checked against the entire Aadhaar database for duplicate entries, so it is therefore “not possible” to create fraudulent entries in the database.

The UIDAI also lobbed an accusation of its own, asserting that “certain vested interests are deliberately trying to create confusion in the minds of people which is completely unwarranted.”

Sources: Huffington Post, The Economic Times

–

September 11, 2018 – by Alex Perala

Related News

  • Kenya’s National Biometric ID Program Delayed by High CourtKenya’s National Biometric ID Program Delayed by High Court
  • Indian Partners Brief Afghanistan Officials on Aadhaar ID ProgramIndian Partners Brief Afghanistan Officials on Aadhaar ID Program
  • ‘Mere Possession’ of Aadhaar Data No Threat to Citizens, UIDAI Says After Latest Breach Scare‘Mere Possession’ of Aadhaar Data No Threat to Citizens, UIDAI Says After Latest Breach Scare
  • Indian FinTech Firms Look for Aadhaar Alternatives for KYC in Wake of Supreme Court RulingIndian FinTech Firms Look for Aadhaar Alternatives for KYC in Wake of Supreme Court Ruling
  • UIDAI Urges Citizens to Treat Aadhaar Info Like Credit CardUIDAI Urges Citizens to Treat Aadhaar Info Like Credit Card
  • Yoti Fellow Suggests COVID-19 Has Exacerbated Issues with Aadhaar SystemYoti Fellow Suggests COVID-19 Has Exacerbated Issues with Aadhaar System

Filed Under: News Tagged With: Aadhaar, Biometric, biometric citizen ID, biometric enrolment, biometric ID, biometric ID programs, biometrics, hack attacks, India, UIDAI

Primary Sidebar

IDEMIA big box

Read the Latest 2020 Year in Review Analysis:

NEC IDelight

Sponsored Links

AU10TIX, an identity management company headquartered in Israel, provides critical, modular solutions to link physical and digital identities so that companies and their customers can confidently connect.

CMITech is a leading provider of high performance, cost effective iris recognition systems. The company is setting the industry standard for advanced user interfaces that are fast, intuitive and effortless. Serving enrollment and authentication solutions of all sizes, CMITech systems include binoculars-type, wall mount, desktop, and kiosk-type product configurations.

Onfido is building the new identity standard for the internet.Our AI-based technology assesses whether a user’s government-issued ID is genuine or fraudulent, and then compares it against their facial biometrics. That’s how we give companies like Revolut, Zipcar and Bitstamp the assurance they need to onboard customers remotely and securely. Our mission is to create a more open world, where identity is the key to access.. For more information, please visit
www.onfido.com
TECH5 is an international technology company headquartered in Geneva, Switzerland, with branches in the US, Europe and Asia, dedicated to the design, development, and distribution of biometrics-driven Identity Management solutions. Target markets include Government and Private sectors with products powering Civil ID, Digital ID, eKYC, Digital Onboarding, Visitor Management and others. Learn more:
www.tech5.ai
ThreatMark brings trust to the digital world by providing cutting-edge fraud prevention solutions. Major banks use ThreatMark's AI-powered technology and behavioral biometrics to build secured banking experience to precisely verify their legitimate users, seamlessly across all digital channels. All while securing the users' most precious assets and keeping the fraudsters away. Learn more:
www.threatmark.com/
Thales digital ID
MobileIDWorld

Mobile ID World is here to bring you the latest in mobile authentication solutions and application providers. Our company is dedicated to providing users with the best content and cutting edge information on technology, news, and mobile solutions for your mobile identity management needs.

Iris ID

Recent Posts

  • IDEX Biometrics Shares to Trade on Nasdaq
  • UNIONCOMMUNITY Announces World’s First Biometric Motorcyle Anti-Theft Solution
  • Jumio Provides Mobile Onboarding Technology for Al Baraka Islamic Bank
  • BehavioSec Appoints Former Mitek Exec as Chief Revenue Officer
  • Aratek Officially Launches A700 Fingerprint Scanner

Biometric Associations

IBIA and fido
Aware ABIS webinar

Tweets

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives

Follow Us

Copyright © 2021 FindBiometrics