Tuesday, March 5, 2024

UIDAI’s Aadhaar Software Hacked – Hackers Disabled Security Features & Compromise the Database

One of the worlds largest Database UIDAI owned Aadhaar software hacked by unknown cybercriminals that contain Billions of Indian citizen’s sensitive personal information.

Cybercriminals disable the critical security futures using software patches in Aadhaar enrolment software that leads to access the whole UIDAI’s Aadhaar Data.

Last year Indian Aadhaar Details Exposed in Public by More than 200 Government Websites that contains More than 1 Billion Indian’s Personal Identity information such as names and addresses of some Aadhaar beneficiaries.

A patch contains a package of code that used to alter the  Aadhaar Software functionality, which often used by companies to provide the minor updates and here attackers used the software patch to enable the Vulnerability.

This sotware patch is publicly available just for $35 which can use anyone and anywhere in the world to generate the Aadhaar number.

Software Patch Futures

A software patch is a work in different ways and reduces the sensitivity of the security future and gives various following permission to attackers.

  1. The patch lets a user bypass critical security features such as biometric authentication of enrolment operators to generate unauthorised Aadhaar numbers.
  2. The patch disables the enrolment software’s in-built GPS security feature (used to identify the physical location of every enrolment centre), which means anyone anywhere in the world — say, Beijing, Karachi or Kabul — can use the software to enrol users.
  3. The patch reduces the sensitivity of the enrolment software’s iris-recognition system, making it easier to spoof the software with a photograph of a registered operator, rather than requiring the operator to be present in person.

Based on the Experts point of view, the patch who is created by the individual or a cybercrime group had a highly motivated to compromise the entire Aadhaar Database.

Anandh, A security expert from India who also analyzed the software said, the patch was assembled by grafting code from older versions of the Aadhaar enrolment software—which had fewer security features— on to newer versions of the software.

His findings also confirmed by Dan Wallach, Professor of Computer Science, and Electrical and Computer Engineering, at Rice University in Houston, Texas.

Wallach Said “Having looked at the patch code and the report presented by Anand, I feel pretty comfortable saying that the report is correct, and it could allow someone to circumvent security measures in the Aadhaar software, and create new entries. This is pretty feasible, and looks like something that would be possible to engineer,”

This information goes under the HuffPost India Investigation for past 3 months and This has critical ramifications for national security when the Indian government has looked to make Aadhaar numbers the highest quality level for native ID, and compulsory for everything from utilizing a cell phone to getting to a financial balance.

Website

Latest articles

GTPDOOR – Previously Unknown Linux Malware Attack Telecom Networks

Researchers have discovered a new backdoor named GTPDOOR that targets telecommunication network systems within...

US Court Orders NSO Group to Handover Code for Spyware, Pegasus to WhatsApp

Meta, the company that owns WhatsApp, filed a lawsuit against NSO Group in 2019....

New SSO-Based Phishing Attack Trick Users into Sharing Login Credentials  

Threat actors employ phishing scams to trick individuals into giving away important details like...

U.S. Charged Iranian Hacker, Rewards up to $10 Million

The United States Department of Justice (DoJ) has charged an Iranian national, Alireza Shafie...

Huge Surge in Ransomware-as-a-Service Attacks targeting Middle East & Africa

The Middle East and Africa (MEA) region has witnessed a surge in ransomware-as-a-service (RaaS)...

New Silver SAML Attack Let Attackers Forge Any SAML Response To Entra ID

SolarWinds cyberattack was one of the largest attacks of the century in which attackers...

AI Worm Developed by Researchers Spreads Automatically Between AI Agents

Researchers have developed what they claim to be one of the first generative AI...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles