The Unique Identification Authority of India (UIDAI) has reportedly failed to address the security concerns exposed by a news platform after it claimed that a software patch has been used to compromise the security of Aadhaar's identity database, which contains the personal details of billions of Indians.
HuffPost India says that it held a three-month investigation and found that “a software patch - which is easily available for Rs 2,500 - allows unauthorised persons, based anywhere in the world, to generate Aadhaar numbers at will, and is still in widespread use.” The findings of the investigation were reportedly endorsed by reputed international experts. The news platform claims that the “UIDAI was asked for a response three months before the story was published, followed by a reminder shortly before publication. They chose not to respond.”
According to the HuffPost India, the patch enables bypassing critical security features such as biometric authentication of enrolment operators to generate unauthorised Aadhaar numbers. It also disables the enrolment software's in-built GPS security feature as well as reduces the sensitivity of the enrolment software's iris-recognition system. This development raises the questions on government's claims of the integration of a fool-proof apparatus to guard people’s sensitive information.
The news comes at a point when the government is advocating that the tech companies should store the data of Indian citizens in the country itself. Expose like this could not only put Indians’ data into jeopardy but “exponentially heighten security threats.” Recently, the UIDAI had denied a security breach of its database, following reports which claimed that data of some 6,000 Indian businesses and government agencies was up for sale on Internet. Over 117 crore Indians were said to have enrolled for Aadhaar till August 14 this year for direct transfer of financial benefits and other subsidies and services by the government.