Dismissing a media report by HuffPost India about Aadhaar Enrolment Software being hacked through a software patch as “completely incorrect” and “baseless”, the Unique Identification Authority of India (UIDAI) on Tuesday said that the allegation made regarding compromising Aadhar Database in the report “lack substance” and is deliberately spread to create confusion in the minds of people.
According to a report by HuffPost India, the UIDAI Aadhaar software, which is used to enrol new users into the Aadhaar database could have been subjected to a compromise using a software patch which was developed recently and disabled critical security features of the Aadhar software. This software patch is reportedly available in the open market for as low as Rs 2,500 and it disables the enrolment software’s pre-installed GPS security feature that is used to identify the physical location of UIDAI enrolment centers.
The exclusion of the GPS requirement allows patch users to generate numbers from anywhere in the globe. Further adding to the agony, the unofficial patch reduces the sensitivity of the iris-recognition system of the installed enrolment software, which allows a photograph of the registered operator to be used for authentication. These two factors make it easier for fake enrolment agent to gain access to the Aadhar Database using the patch to generate Aadhaar number from anywhere in the globe
“UIDAI hereby dismisses a news report appearing in social and online media about Aadhaar Enrolment Software being allegedly hacked as completely incorrect and irresponsible” was the official tweet from the Aadhar (@ UIDAI) on September 11 in the series of tweets done through the official twitter handle of UIDAI. In a second tweet by UIDAI, it said that “Claims made in the report about Aadhaar being vulnerable to tampering leading to ghost entries in Aadhaar database by purportedly bypassing operators’ biometric authentication to generate multiple Aadhaar cards is totally baseless”. Adequate measures are in place to ensure end-to-end security of the database of Aadhar and the security is tightened regularly based on the latest security trends and the best brain of the nation are on the project for its complete security.
UIDAI further clarified to the citizens of the country that any enrolment or update requests by the enrolment operators are verified and authenticated using the biometrics of enrolment operator and is de-duplicated at the backend of UIDAI database. The people of the country should ignore these false propaganda messages and restrain themselves from spreading fake news like these.
UIDAI also advised the citizens of the country to approach only authorized Aadhaar enrolment centers in respective bank branches, post offices and Govt offices to ensure that the enrolment or amendment is made through only authorized machines.