One of the worlds largest Database UIDAI owned Aadhaar software hacked by unknown cybercriminals that contain Billions of Indian citizen’s sensitive personal information.
Cybercriminals disable the critical security futures using software patches in Aadhaar enrolment software that leads to access the whole UIDAI’s Aadhaar Data.
Last year Indian Aadhaar Details Exposed in Public by More than 200 Government Websites that contains More than 1 Billion Indian’s Personal Identity information such as names and addresses of some Aadhaar beneficiaries.
A patch contains a package of code that used to alter the Aadhaar Software functionality, which often used by companies to provide the minor updates and here attackers used the software patch to enable the Vulnerability.
This sotware patch is publicly available just for $35 which can use anyone and anywhere in the world to generate the Aadhaar number.
— HuffPost India (@HuffPostIndia) September 11, 2018
Software Patch Futures
A software patch is a work in different ways and reduces the sensitivity of the security future and gives various following permission to attackers.
- The patch lets a user bypass critical security features such as biometric authentication of enrolment operators to generate unauthorised Aadhaar numbers.
- The patch disables the enrolment software’s in-built GPS security feature (used to identify the physical location of every enrolment centre), which means anyone anywhere in the world — say, Beijing, Karachi or Kabul — can use the software to enrol users.
- The patch reduces the sensitivity of the enrolment software’s iris-recognition system, making it easier to spoof the software with a photograph of a registered operator, rather than requiring the operator to be present in person.
Based on the Experts point of view, the patch who is created by the individual or a cybercrime group had a highly motivated to compromise the entire Aadhaar Database.
Anandh, A security expert from India who also analyzed the software said, the patch was assembled by grafting code from older versions of the Aadhaar enrolment software—which had fewer security features— on to newer versions of the software.
His findings also confirmed by Dan Wallach, Professor of Computer Science, and Electrical and Computer Engineering, at Rice University in Houston, Texas.
Wallach Said “Having looked at the patch code and the report presented by Anand, I feel pretty comfortable saying that the report is correct, and it could allow someone to circumvent security measures in the Aadhaar software, and create new entries. This is pretty feasible, and looks like something that would be possible to engineer,”
This information goes under the HuffPost India Investigation for past 3 months and This has critical ramifications for national security when the Indian government has looked to make Aadhaar numbers the highest quality level for native ID, and compulsory for everything from utilizing a cell phone to getting to a financial balance.