Once again UIDAI is being questioned on its security promises over 12-digit biometric Aadhaar card.  A three month-long investigation by HuffPost India reveals that the authenticity of the data stored in India's Aadhaar identity database, which contains the biometrics and personal information of over 1 billion Indians, has been compromised by a software patch that disables critical security features of the software used to enroll new Aadhaar users. 

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

Reportedly, it has been revealed that the patch has been available as cheap as Rs 2,500 (around $35) that enables unauthorised persons, anywhere in the world, to generate Aadhaar numbers at will.

A patch is generally referred as a bundle code used to alter the functionality of a software programme.

The news agency HuffPost India stated that it is in possession of the patch, and had it analysed by three internationally reputed experts, and two Indian analysts (one of whom sought anonymity as he works at a state-funded university).

These experts stated that the vulnerability is intrinsic to a technology choice made at the inception of the Aadhaar programme, which means that fixing it and other future threats would require altering Aadhaar's fundamental structure.

It needs to be noted that this would not be the first time when UIDAI's data safety has been brought into question. In the month of January this year, The Tribune agency claimed that after paying Rs 300 to “agent” provided them a software to facilitate the printing of the Aadhaar card after entering the Aadhaar number of any individual. 

However, that time the UIDAI left no chance in countering Tribune by saying, “The Aadhaar data including biometric information is fully safe and secure”, the UIDAI statement added that it has given search facility for the purpose of grievance redressal to the designated personnel and the state government officials in order to help residents only by entering their Aadhaar number/EID.”

Considering that the NDA government has been pushing citizens to link their Aadhaar card for a list of categories like bank account, PAN, investments and even mobile number. Such continuous reports claiming the data breach, calls for a cause of concern for both UIDAI and the citizens. How UIDAI reacts to HuffPost will be keenly watched.