Hackers to smoke out Aadhaar bugs, detect security loopholes
The Government of India will now be taking help from 20 hackers to smoke out bugs in Aadhaar security systems. In a special "bug bounty program," ethical hackers will work with the Unique Identification Authority of India (UIDAI) to gauge vulnerabilities in data security. They will scrutinize the system guarding the data of 1.32 billion Indians, the UIDAI said in a July 13 release.
As per the release, 20 individual hackers or groups will be studying the UIDAI's Central Identities Data Repository (CIDR). The largest database in the world, the CIDR stores the information of 1.32 billion Indians. The hackers applying for this program must be listed in the top 100 of popular bug bounty leaderboards or should have worked with reputed companies like Microsoft, Apple, Google, etc.
The UIDAI is looking to appoint candidates active in the bug bounty community, who will have to sign a non-disclosure agreement with the UIDAI, a News18 report says. The ethical hackers should also have a valid Aadhaar number and must be Indian citizens. "Candidate should not represent an organization and must participate in their individual capacity," the UIDAI order reads.
A first of its kind, the program aims to secure Aadhaar data in the CIDR, which has been leaked multiple times in the last few years. The UIDAI order did not clarify if the hackers will be remunerated for the project but mentioned that their credentials will be verified. Current or former UIDAI employees of seven years cannot apply for the position.
Last month, Aadhaar details of 11cr Indian farmers were exposed on an out-of-date PM Kisan website. A data expert reported the data could easily be accessed by any hacker with a single script due to a lack of authorization. A security lapse by the Jharkhand government exposed Aadhaar numbers of thousands of workers in 2019—when details of millions of Indane consumers also got leaked.