Cheap hack allows creation of identities

Sep

11

2018

in Indian government system
A cheap patch for the enrollment software of the Indian government system Aadhaar makes it possible to reduce the security requirements of the software in order to create identities within the system more easily. The patch circulates on WhatsApp.

The Indian edition of HuffPost reports that these are the findings of a private investigation that took three months. The newspaper has consulted various security researchers and they confirm the findings. The patch is available in a large number of WhatsApp groups for an amount of 2500 rupees, approximately 30 euros.

The patch is intended for the enrollment software of the so-called Aadhaar system. That software is used to generate a twelve-digit number in the government system. This can then be linked to other data, such as fingerprints and iris scans. HuffPost reports that due to the simple availability of the patch, the integrity of the data in the Aadhaar database is compromised.

With the patch it would be possible for ‘everyone in the world’ to generate Aadhaar numbers. The site writes: “This has significant consequences for national security, especially now that the Indian government has tried to make Aadhaar numbers the gold standard for the identification of citizens and to make them obligatory for the use of a mobile phone or access to a bank account. ”

HuffPost explains that the government decided in 2010 to outsource the registration of people in the Aadhaar system to private parties, so that this would be faster. These parties were provided with the so-called Enrollment Client Multi-Platform software, which they had to install on their computers. The registration could also be done by village-level computer kiosks, which until February of this year were good for a total of 180 million registrations. In the same month, the government only decided to have banks and government agencies implement Aadhaar notifications, because of concerns about corruption. As a result, many people lost work and WhatsApp groups were created to be able to use the software.

One of the security experts interviewed told the site that it had been safer to build a web-based system. That idea was rejected, however, because large parts of India had bad internet. The software does have security measures. For example, a computer must first be logged in before it can be used for enrollment , the administrator must issue an iris scan or fingerprint for verification and the computer must be connected to a GPS module to determine the location.

According to HuffPost, the patch makes it possible to circumvent these measures. For example, the biometric authentication can be switched off, just like checking an existing GPS module. In addition, the requirements for an iris scan are reduced, making the software easier to fool with, for example, a photo. The installation of the patch would not be difficult, the site speaks of ‘cutting and pasting files’. One of the surveyed experts says to the site that the creation of Aadhaar numbers, for example, can lead to fraud with rations, which are allocated per person.

The Aadhaar data are managed by the so-called Unique Identification Authority of India, or Uidai. A registration in the system serves as proof of identity , but not as proof of citizenship. The system is controversial, partly due to doubts about the security and feasibility of the objectives, such as eliminating duplicate and false identities , and quick and easy verification. The first issue was issued in 2010 and in the meantime a total of about 1.2 billion numbers have been delivered to more than 1.3 billion inhabitants of India. Indian government agencies have so far not responded to questions from HuffPost.

The Uidai has reacted on Twitter to the publication of the article and calls the claims ‘completely incorrect and irresponsible’.

Viewing:-852

In: A Technology & Gadgets Asked By: [21020 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »


Star Points Scale

Earn points for Asking and Answering Questions!

Grey Sta Levelr [1 - 25 Grey Star Level]
Green Star Level [26 - 50 Green Star Level]
Blue Star Level [51 - 500 Blue Star Level]
Orange Star Level [501 - 5000 Orange Star Level]
Red Star Level [5001 - 25000 Red Star Level]
Black Star Level [25001+ Black Star Level]