Aadhaar app hacked in one minute; 22,000 card details exposed
What's the story
To highlight India's data security issues, French security researcher Baptiste Robert alias Elliot Alderson has hacked into the Aadhaar app. He was able to bypass the system's password protection protocol within a minute and gain access to 22,000 Aadhaar card details. "These cards can be found on the internet. They are not on the UIDAI server. Everything is public, no hack is required," he said.
Twitter Post
Here is how he did it
How to bypass the password protection of the official #Aadhaar #android #app in 1 minute.
— Elliot Alderson (@fs0c131y) March 13, 2018
For this attack, the attacker need a physical access to the phone, rooted phone is not needed and yes this is the latest version of the app.
cc @uidai @ceo_uidai pic.twitter.com/7aZ0fvr0Wv
Twitter Post
Without biometric data breach, we are completely safe: Aadhaar
It is reiterated that Aadhaar remains safe and secure and there has not been a single breach from its biometric database during that last eight years of its existence. 11/11.
— Aadhaar (@UIDAI) March 11, 2018
Details
But this is Robert's point: Aadhaar is an identity document
According to Robert, as long the Aadhaar card can simply be used to establish a user's identity without biometric verification, its information becoming vulnerable to cyber attackers poses a serious threat. In terms of user protection, Robert said, "It's complicated, first don't use the Aadhaar Android App at all, be cautious when you give your Aadhaar card to anyone."
Information
The ethical hacker has exposed vulnerabilities in BSNL, Apollo Hospitals
In the past, Robert has discovered vulnerabilities in the online portals of Punjab Police, Telangana Government, Paytm, Indian Postal Service, Apollo Hospitals, and BSNL. To be ethical and transparent about the whole thing, Robert has stuck to communicating with the concerned organizations on Twitter itself.