Thursday, June 20, 2024

UIDAI’s Aadhaar Software Hacked – Hackers Disabled Security Features & Compromise the Database

One of the worlds largest Database UIDAI owned Aadhaar software hacked by unknown cybercriminals that contain Billions of Indian citizen’s sensitive personal information.

Cybercriminals disable the critical security futures using software patches in Aadhaar enrolment software that leads to access the whole UIDAI’s Aadhaar Data.

Last year Indian Aadhaar Details Exposed in Public by More than 200 Government Websites that contains More than 1 Billion Indian’s Personal Identity information such as names and addresses of some Aadhaar beneficiaries.

A patch contains a package of code that used to alter the  Aadhaar Software functionality, which often used by companies to provide the minor updates and here attackers used the software patch to enable the Vulnerability.

This sotware patch is publicly available just for $35 which can use anyone and anywhere in the world to generate the Aadhaar number.

Software Patch Futures

A software patch is a work in different ways and reduces the sensitivity of the security future and gives various following permission to attackers.

  1. The patch lets a user bypass critical security features such as biometric authentication of enrolment operators to generate unauthorised Aadhaar numbers.
  2. The patch disables the enrolment software’s in-built GPS security feature (used to identify the physical location of every enrolment centre), which means anyone anywhere in the world — say, Beijing, Karachi or Kabul — can use the software to enrol users.
  3. The patch reduces the sensitivity of the enrolment software’s iris-recognition system, making it easier to spoof the software with a photograph of a registered operator, rather than requiring the operator to be present in person.

Based on the Experts point of view, the patch who is created by the individual or a cybercrime group had a highly motivated to compromise the entire Aadhaar Database.

Anandh, A security expert from India who also analyzed the software said, the patch was assembled by grafting code from older versions of the Aadhaar enrolment software—which had fewer security features— on to newer versions of the software.

His findings also confirmed by Dan Wallach, Professor of Computer Science, and Electrical and Computer Engineering, at Rice University in Houston, Texas.

Wallach Said “Having looked at the patch code and the report presented by Anand, I feel pretty comfortable saying that the report is correct, and it could allow someone to circumvent security measures in the Aadhaar software, and create new entries. This is pretty feasible, and looks like something that would be possible to engineer,”

This information goes under the HuffPost India Investigation for past 3 months and This has critical ramifications for national security when the Indian government has looked to make Aadhaar numbers the highest quality level for native ID, and compulsory for everything from utilizing a cell phone to getting to a financial balance.


Latest articles

1inch partners with Blockaid to enhance Web3 security through the 1inch Shield

1inch, a leading DeFi aggregator that provides advanced security solutions to users across the...

Hackers Exploit Progressive Web Apps to Steal Passwords

In a concerning development for cybersecurity, hackers are increasingly leveraging Progressive Web Apps (PWAs)...

INE Security: Optimizing Teams for AI and Cybersecurity

2024 is rapidly shaping up to be a defining year in generative AI. While...

Threat Actor Claims Breach of Jollibee Fast-Food Gaint

A threat actor has claimed responsibility for breaching the systems of Jollibee Foods Corporation,...

Threat Actors Claiming Breach of Accenture Employee Data

Threat actors have claimed responsibility for a significant data breach involving Accenture, one of...

Diamorphine Rootkit Exploiting Linux Systems In The Wild

Threat actors exploit Linux systems because they are prevalent in organizations that host servers,...

Amtrak Data Breach: Hackers Accessed User’s Email Address

Amtrak notified its customers regarding a significant security breach involving its Amtrak Guest Rewards...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles