Aadhaar app hacked in one minute; 22,000 card details exposed
To highlight India's data security issues, French security researcher Baptiste Robert alias Elliot Alderson has hacked into the Aadhaar app. He was able to bypass the system's password protection protocol within a minute and gain access to 22,000 Aadhaar card details. "These cards can be found on the internet. They are not on the UIDAI server. Everything is public, no hack is required," he said.
How to bypass the password protection of the official #Aadhaar #android #app in 1 minute.— Elliot Alderson (@fs0c131y) March 13, 2018
For this attack, the attacker need a physical access to the phone, rooted phone is not needed and yes this is the latest version of the app.
cc @uidai @ceo_uidai pic.twitter.com/7aZ0fvr0Wv
It is reiterated that Aadhaar remains safe and secure and there has not been a single breach from its biometric database during that last eight years of its existence. 11/11.— Aadhaar (@UIDAI) March 11, 2018
In the past, Robert has discovered vulnerabilities in the online portals of Punjab Police, Telangana Government, Paytm, Indian Postal Service, Apollo Hospitals, and BSNL. To be ethical and transparent about the whole thing, Robert has stuck to communicating with the concerned organizations on Twitter itself.