Thursday, March 28, 2024

UIDAI’s Aadhaar Software Hacked – Hackers Disabled Security Features & Compromise the Database

One of the worlds largest Database UIDAI owned Aadhaar software hacked by unknown cybercriminals that contain Billions of Indian citizen’s sensitive personal information.

Cybercriminals disable the critical security futures using software patches in Aadhaar enrolment software that leads to access the whole UIDAI’s Aadhaar Data.

Last year Indian Aadhaar Details Exposed in Public by More than 200 Government Websites that contains More than 1 Billion Indian’s Personal Identity information such as names and addresses of some Aadhaar beneficiaries.

A patch contains a package of code that used to alter the  Aadhaar Software functionality, which often used by companies to provide the minor updates and here attackers used the software patch to enable the Vulnerability.

This sotware patch is publicly available just for $35 which can use anyone and anywhere in the world to generate the Aadhaar number.

Software Patch Futures

A software patch is a work in different ways and reduces the sensitivity of the security future and gives various following permission to attackers.

  1. The patch lets a user bypass critical security features such as biometric authentication of enrolment operators to generate unauthorised Aadhaar numbers.
  2. The patch disables the enrolment software’s in-built GPS security feature (used to identify the physical location of every enrolment centre), which means anyone anywhere in the world — say, Beijing, Karachi or Kabul — can use the software to enrol users.
  3. The patch reduces the sensitivity of the enrolment software’s iris-recognition system, making it easier to spoof the software with a photograph of a registered operator, rather than requiring the operator to be present in person.

Based on the Experts point of view, the patch who is created by the individual or a cybercrime group had a highly motivated to compromise the entire Aadhaar Database.

Anandh, A security expert from India who also analyzed the software said, the patch was assembled by grafting code from older versions of the Aadhaar enrolment software—which had fewer security features— on to newer versions of the software.

His findings also confirmed by Dan Wallach, Professor of Computer Science, and Electrical and Computer Engineering, at Rice University in Houston, Texas.

Wallach Said “Having looked at the patch code and the report presented by Anand, I feel pretty comfortable saying that the report is correct, and it could allow someone to circumvent security measures in the Aadhaar software, and create new entries. This is pretty feasible, and looks like something that would be possible to engineer,”

This information goes under the HuffPost India Investigation for past 3 months and This has critical ramifications for national security when the Indian government has looked to make Aadhaar numbers the highest quality level for native ID, and compulsory for everything from utilizing a cell phone to getting to a financial balance.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles