Aadhaar software has been hacked, the database said the agreement; UIDAI responds

Aadhaar software has been hacked, the database said the agreement; UIDAI responds

Base software has been hacked, the database said the agreement; UIDAI responds
Aadhaar software has been hacked, the database said the agreement; UIDAI responds

Aadhaar Data Protection - a hot topic since the beginning of the framework in 2009 - once again in the news. Due to a three-month long investigation, a software patch is open which compromises the data stored in the base identity database. Patch, which has not been formally developed by the Formal Unique Identity Authority India (UIDAI), allegedly allows hackers to generate unauthorized base numbers by disabling the security features of the official base enrollment software. It is said that at least Rs. 2,500 and many nomination operators across the country are already used by. It is believed that the new hack is rooted in that UIDAI had withdrawn it in 2010 for speeding up the enrollment process by opening it for the private operator. In particular, the issue of highlighting the fresh base patch emerges before the launch of the face recognition feature by the issuing body. The feature will help identify the faces in addition to iris and fingerprint scans to verify users.

HuffPost India claims that patches verified by many experts have been reached. Patch is asked to bypass important security features as the biometric authentication of nomination operators and disable the pre-installed GPS security feature of the enrollment software, which will help identify the physical location of UIDAI enrollment centers. Is done for. Removing the GPS requirement will allow patches to generate numbers from anywhere in the world. In addition, the informal patch reduces the sensitivity of the enrollment software's iris-recognition system, so that a registered operator's photo can be used for authentication. All this makes it easy for any person to have access to the patch to generate a "wish" number on the base.

Quoted by HuffPost India, "Whatever [SIC] patch was created now, the agreement was highly motivated to compromise," said Gustaf Borkson, chief technologist at Access Now. Björksten was one of the analysts who analyzed the patch. According to the report, patches came in circulation at the beginning of 2017. Björksten said that the patch was the work of more than one codeer.

In 2010, when opening a base registration through private enrollment operators, UIDAI brought standardized enrollment software named Nomination Client Multi-Platform (ECMP). The software needs to be installed on each enrollment computer. Björksten risked important components of the base in mind, instead of giving a cloud-based solution to private enrollment operators, keeping in mind the decision to present an installation package. It finally opened the Avenues for the latest patches, such as hacks working on the top of the enrollment software, and preparing code from earlier versions of the base enrollment software - which contained fewer security features - "Software on newer versions"

The HuffPost India team says that thousands of purchases can be made from Whatsapp groups with base patch (with the required username and password to reach the enrollment gateway of UIDAI), and it can be purchased at Rs. 2,500 It can be installed on any other software on the computer, and by changing some Java libraries using the cut-paste command. Once installed, the patch enrollment helps the operator abandon the use of his fingerprint to reach the enrollment software. This disables GPS and reduces the sensitivity of the Iris scanner, as well as spreads over the length of each login session. Since patch enables private operators to use enrollment software without using their fingerprint, so a single operator can log in several machines simultaneously. This helps in minimizing the nomination cost, and thus enrollment increases its adoption among the operators, who are paid at least rupees. 30 per nomination

A former base enrollment operator in the report says that other operators were using patches to make base entries privately for a higher fee. 100 and Rs. 500. The operator also had to say that he had written to inform UIDAI CEO and others about illegal illegal access. Patches are still effective, and other out-of-work operators have aligned with sources in the authorized base stations with sources of "completing the registration process for fee".

The new software patch is not allowing access to the database to be accessed, but instead enables the base system to add new information. This means that using patches, fake identities can be added to the base database. Rajendran Narayanan, assistant professor of Azeem Premji University of Bangalore said, "If a person is able to enter the database, then potentially a person can make many base cards. Then only one person can remove ration of many people. . " As quoted by Halfpost India.

HuffPost India claims that a copy of the patch was provided to the National Critical Infrastructure Infrastructure Protection Center (NCIIPC) in the beginning of this year, but the government body, which is the nodal agency responsible for the base security, refuses to share its findings. done. UIDAI did not respond to the communication made prior to publishing the development. In addition, some of the large-scale use of patch can be shown in the "ecmp bypass" tutorial from YouTube videos.

We have reached UIDAI for clarity on patches and have also emailed the questionnaire to the UIDAI CEO to understand future steps to ensure legal registration. We have received a statement from the UIDAI on this issue, and you can see it completely below. The Authority rejected the report of Halfpost India, essentially saying it "completely false and irresponsible". It repeats that "some inherent interests are deliberately trying to create confusion in the minds of the people," during the Aadhaar Toll Free Number dispute last month something was said.

UIDAI is currently working on a face recognition facility which was recently delayed. The purpose of the facility is to strengthen the security by verifying the users through facial identification with the Iris and fingerprint scans.

The Unique Identification Authority of India (UIDAI) is reportedly being hacked as a completely false and irresponsible report of a news report appearing in social and online media about the base enrollment software. Claims lack substance and are baseless. UIDAI further said that some inherent interests are deliberately trying to create confusion in the minds of those people who are completely unwanted.
In a statement, UIDAI said in a statement today that due to weakening of the claims made in the report to the ghost entries in the base database, due to the biometric authentication of operators, due to weakening many base cards, The way is baseless. The report itself recognizes that "this (fix) get to does not get to data put away in the database". And the claim of "submitting information" in the base database is completely unfounded, because before the issuance of the base, the biometrics of all the holders corresponds with all the biometric (10 fingerprints and both iris) of the nomination for the basis of the basis. .
UIDAI said that it has taken all the necessary security measures spread from standardized software, before saving any discs, protecting data using data tampering, identifying each of the operators in every "nomination", thousands Encrypts the whole data before identifying each of the machines using a unique machine registration process, which ensures That is used to track each encrypted packet. UIDAI has taken complete steps to ensure security by the end of the resident data, while resident data is spreading through complete encryption of data, resistant tampering, physical security, access control, network security, strict audit mechanism, 24x7 security And monitoring of fraud management system, and data splitting and data encryption within the UIDAI controlled data centers Measures
UIDAI further clarified that no operator can make or update the base till the residents themselves give their biometrics. Any nomination or update request is processed only after operator's biometrics is certified and the resident's biometrics is de-duplicated on the backend of the UIDAI system.
UIDAI said that as part of stringent enrollment and updating process, UIDAI examines the biometric and other parameters of the nomination operator before processing of enrollment or update and only after the successful completion of all the checks, the resident's nomination or update has been processed. goes. Therefore it is not possible to present ghost entries in the base database.
UIDAI said that even in a hypothetical situation, where necessary parameters such as biometrics of the operator or resident biometrics are not captured by some recreational efforts, they become staining and sent such ghost nomination / update packet to UIDAI It is recognized by the same strong backend system, UIDAI's, and all such nomination packets are dismissed and no support is available. A 'does not. In addition, related enrollment machines and operators have been permanently identified, blocked and blacklisted by the UIDAI system. In appropriate cases, police complaints are also filed for such fraudulent efforts.
UIDAI said that during the hearing of the Aadhaar case before the Constitution Bench, similar allegations were made before the Honorable Supreme Court, which was adequately answered by the UIDAI in the Hon'ble Supreme Court.
UIDAI said that "Any base can enter the database, at that point the individual can make many base cards" is totally false.
Some checks include the operator's biometric investigation, the validity of the operator, the nomination machine, the nomination agency, the registrar, etc., which are verified in the backend system of UIDAI before the further process. In cases where any check fails, the nomination request is rejected and therefore there is no liability for making multiple bases and database compromising.
If an operator violates the strict nomination and updating procedures of the UIDAI or if any one is involved in any type of fraud or corrupt practices, then the UIDA blocks and blacklist them and imposes financial penalty of up to Rs 1 lakh per instance. UIDAI said that because of this stringent and robust system, 50,000 operators have been blacklisted till date.
UIDAI said that it keeps adding new security features to its system from time to time as unscrupulous elements to fail the new security threats.
UIDAI has advised people to contact only authorized Aadhar Nomination Centers for their nomination / updation in bank branches, post offices and government offices so that their nomination / update can be done only on authorized machines and due to their denial of efforts Do not waste their enrollment or update. (The list of authorized base stations is available at the UIDAI website www.uidai.gov.in).
Next Post »