India’s ID database of over a billion citizens hacked
According to reports, the software for the user ID database used by India, consisting of biometrics and personal information of over a billion users have been hacked by experts.
A three-month-long investigation by HuffPost India has revealed that Aadhaar, the software used for maintaining the database by India for more than a billion of its users, has been compromised using a patch which automatically disabled security provisions on the software. The hack was developed in early 2017 and the tutorials could even be found on YouTube.
According to the reports, the patch was available for purchase and could be obtained for as low as INR 2,500 (PKR 6k). This patch was already in use by different enrollment operators in the country. HuffPost India says that it gained access to one of the copies of this patch and had it checked it with different experts, both from India as well as international.
How does the hack work?
The patch basically overrides certain security features of the system, empowering enrollment operators with a lot of undue favors. With this patch, the enrollment operators are able to bypass the biometric identification and generate the ID numbers without even needing it. Moreover, the patch also overrides the GPS checking, making the enrollment possible from any corner of the world.
A hack like this could be very harmful as this could be used to add fake entries to a database which otherwise is filled with very important data. Fake identities could be created and then used for malicious purposes. The hack comes at a very critical time as the government itself was thinking to move ahead with this Aadhaar software for usage in banking.
As far as the statement from Aadhaar officials is concerned, BusinessToday, states that the Unique Identification Authority of India (UIDAI) has completely turned down the claims.