Thursday, 4 January 2018

Aadhaar Info Available For Rs 500 In Just 10 Minutes? UIDAI Refutes All Reports Of Breaches

Aadhaar Info Available For Rs 500 In Just 10 Minutes? UIDAI Refutes All Reports Of Breaches

India’s Aadhaar card system isn’t just supposed to be a catch-all form of identification, it’s also been promised to be “fully secure”, as would be expected for personal information of this kind. Unfortunately, UIDAI officials seem to have ignored the most basic rule of cybersecurity: the weakest link is always humans.
According to several reports, your Aadhaar data isn’t nearly as safe as UIDAI would have you believe. For just Rs 500, anyone can access all of your personal details whenever they feel like. In fact, services that offer Aadhaar information purchases may have compromised any number of the over a billion IDs created so far.
In the report, the Tribune investigative team details how it made contact with the agent of a group illegally selling Aadhaar data. After a simple Rs 500 payment on Paytm, the agent then created a login gateway for them, complete with a username and password to enter. 

Of course, the UIDAI officials in Chandigarh were aghast, claiming no one should have any login access to the data repository aside from the Director-General and Assistant Director-General of the group. So just how did these third parties come to gain the power they now wield?
As it turns out, the problem seems to have begun about six months ago. Village Level Entrepreneurs, hired by the Ministry of Electronics and Information Technology (ME&IT) under the Common Service Centres Scheme (CSCS) across India, were tasked with making Aadhaar cards across the country. Unfortunately for them, the job was then taken away and handed to solely post offices and banks, in order to maintain the ID scheme’s security. 
The problem seems to be that, the authorities didn’t properly revoke admin permissions from these VLE’s when they fired them, leaving disgruntled former employees with the keys to the kingdom. Whether they were using this power to illegally issue Aadhaar cards on the side is unconfirmed, but some have clearly taken things a step further and providing others access to information they should never be able to see.

So, in short, everyone is at risk, no one’s information is safe, and there’s no real way to stop the guys responsible. If the Aadhaar scheme was really as secure as it was touted, the authorities should have been focused on precautionary measures as much as hacking protections. 
Unfortunately now, it’s hard to see how the situation can be salvaged, short of cancelling the entire scheme and purging the data archives, yet even that isn’t a surefire way to protect your data. So, you can expect the authorities’ investigation to carry on for the next few months. Until then, what can you really do? Probably not a damned thing.
Update: As of a little while ago, the UIDAI provided a statement to ANI calling the entire thing a case of "misreporting".

No comments:

Post a Comment