Wednesday, November 13, 2024
HomeComputer SecurityUIDAI’s Aadhaar Software Hacked - Hackers Disabled Security Features & Compromise the...

UIDAI’s Aadhaar Software Hacked – Hackers Disabled Security Features & Compromise the Database

Published on

Malware protection

One of the worlds largest Database UIDAI owned Aadhaar software hacked by unknown cybercriminals that contain Billions of Indian citizen’s sensitive personal information.

Cybercriminals disable the critical security futures using software patches in Aadhaar enrolment software that leads to access the whole UIDAI’s Aadhaar Data.

Last year Indian Aadhaar Details Exposed in Public by More than 200 Government Websites that contains More than 1 Billion Indian’s Personal Identity information such as names and addresses of some Aadhaar beneficiaries.

- Advertisement - SIEM as a Service

A patch contains a package of code that used to alter the  Aadhaar Software functionality, which often used by companies to provide the minor updates and here attackers used the software patch to enable the Vulnerability.

This sotware patch is publicly available just for $35 which can use anyone and anywhere in the world to generate the Aadhaar number.

Software Patch Futures

A software patch is a work in different ways and reduces the sensitivity of the security future and gives various following permission to attackers.

  1. The patch lets a user bypass critical security features such as biometric authentication of enrolment operators to generate unauthorised Aadhaar numbers.
  2. The patch disables the enrolment software’s in-built GPS security feature (used to identify the physical location of every enrolment centre), which means anyone anywhere in the world — say, Beijing, Karachi or Kabul — can use the software to enrol users.
  3. The patch reduces the sensitivity of the enrolment software’s iris-recognition system, making it easier to spoof the software with a photograph of a registered operator, rather than requiring the operator to be present in person.

Based on the Experts point of view, the patch who is created by the individual or a cybercrime group had a highly motivated to compromise the entire Aadhaar Database.

Anandh, A security expert from India who also analyzed the software said, the patch was assembled by grafting code from older versions of the Aadhaar enrolment software—which had fewer security features— on to newer versions of the software.

His findings also confirmed by Dan Wallach, Professor of Computer Science, and Electrical and Computer Engineering, at Rice University in Houston, Texas.

Wallach Said “Having looked at the patch code and the report presented by Anand, I feel pretty comfortable saying that the report is correct, and it could allow someone to circumvent security measures in the Aadhaar software, and create new entries. This is pretty feasible, and looks like something that would be possible to engineer,”

This information goes under the HuffPost India Investigation for past 3 months and This has critical ramifications for national security when the Indian government has looked to make Aadhaar numbers the highest quality level for native ID, and compulsory for everything from utilizing a cell phone to getting to a financial balance.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Fortinet Patches Critical Flaws That Affected Multiple Products

Fortinet, a leading cybersecurity provider, has issued patches for several critical vulnerabilities impacting multiple...

China-Nexus Actors Hijack Websites to Deliver Cobalt Strike malware

A Chinese state-sponsored threat group, identified as TAG-112, has been discovered hijacking Tibetan community...

Chrome 131 Released with the Fix for Multiple Vulnerabilities

The Chrome team has officially announced the release of Chrome 131 for Windows, Mac,...

Ivanti Warns of Critical Vulnerabilities in Connect Secure, Policy Secure & Secure Access

Ivanti, the well-known provider of IT asset and service management solutions, has issued critical...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Digital Wallets Bypassed To Allow Purchase With Stolen Cards

Digital wallets enable users to securely store their financial information on smart devices and...

Best SIEM Tools List For SOC Team – 2024

The Best SIEM tools for you will depend on your specific requirements, budget, and...

Europe’s Most Wanted Teenage Hacker Arrested

Julius “Zeekill” Kivimäki, once Europe's most wanted teenage hacker, has been arrested.Kivimäki, known for his involvement with the notorious Lizard Squad,...