Jump to content

Alderson hacks another government portal, Aadhaar still not safe


Recommended Posts

Posted

The french security research, Baptiste Robert (alias Elliot Alderson on Twitter), brought India’s data security issues into the limelight again. This time he hacked into the Aadhaar app, bypassing the programs password protection protocol within a minute.

The Internet has been in an uproar about how someone can so easily gain access to twenty thousand card specifics in the span of a day.

Speaking to IndiaToday about the vulnerabilities of the Aadhaar app, Robert said, “These cards can be found on the internet. Everything is public, no hack is required. You only need to use Google. These cards have not been found on the UIDAI server.”

Addressing the Aadhaar app in particular, Robert stated, “The main issue with the Aadhaar Android app is that if an attacker has a physical access to the device, he can easily bypass the password mechanism they put in place in the app.”

In their response UIDAI claimed, “Simply knowing someone's Aadhaar, one cannot impersonate and harm the person because Aadhaar alone is not sufficient to prove one's identity but it requires biometrics to authenticate one's Identity.”

Robert retorted, “They (UIDAI) also said that the Aadhaar card is an identity document which is inconsistent with their statement.” 

Basically meaning to address the fact that as long it can be used to establish your identity without biometric verification, the vulnerability of that information poses a serious threat.

To protect users Robert has said, “It's complicated, first don't use the Aadhaar Android App at all, be cautious when you give your Aadhaar card to anyone.” 

Which, is fair enough because a good system can only be successfully implement when there’s faith in its security.  

Meanwhile UIDAI has published an onslaught of tweets explaining how the Aadhaar system isn't vulnerable at all and hasn't been hacked in eight years. 

Earlier this month, Robert hacked into two BSNL portals, gaining access to sensitive employee data and has been warning the concerned departments of the government where their data is unsecured. He’s been known to reach out to the Punjab Police, Telangana Government, Paytm and the Indian Postal Service among many others. Most recently, he highlighted how patient data is at risk through the Apollo Hospitals website. 

Ethically, Robert has been communicating with the concerned organisations on Twitter itself keeping things open and transparent. He’s even publicly said that he’s not in it for the money, but to make data safer for users. 

3xFDHCVvB-8

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.