No Operator Can Make Or Update Aadhaar Unless Resident Himself Gives His Biometric: UIDAI On Software Hacking

The Logical Indian Crew India

September 12th, 2018 / 5:30 PM

Aadhaar Software Hacked

Image Credits: Khabare Hindi

The Unique Identification Authority of India (UIDAI), on September 11 posted a series of 24 tweets in which they dismissed a news report about the Aadhaar Enrolment Software being allegedly hacked as incorrect and irresponsible. It also said, “The claims lack substance and are baseless. UIDAI further said that certain vested interests are deliberately trying to create confusion in the minds of people which is completely unwarranted.”

It further added, “No operator can make or update Aadhaar unless resident himself give his biometric. Any enrolment or update request is processed only after biometrics of the operator is authenticated and resident’s biometrics is de-duplicated at the backend of UIDAI system.”

What news reports are saying?

While Aadhaar data security has always been the bone of contention since the inception of its framework back in 2009, UIDAI has found itself placed in a fresh controversy. UIDAI’s 24-part clarification comes after HuffPost India published an article claiming that they have access to a software patch which disables critical security features in the Aadhaar database, allowing hackers to generate unauthorised Aadhaar numbers. As per the report, the software patch is freely available for a price of Rs 2,500 only. Moreover, the report also said that the patch was analysed by three internationally reputed experts and two Indian analysts.

The investigative report by HuffPost India claims that the software patch compromises Aadhaar enrolment software on three fronts – users can bypass the need for biometric authentication, it disables the software’s inbuilt GPS system and finally, it reduces the sensitivity of the iris recognition feature.

The Aadhaar-issuing body clarified that it matches all the biometrics which include both iris and 10 fingerprints of the resident enrolling for Aadhaar with the biometrics of all other Aadhaar holders before issuing a new Aadhaar.

UIDAI claims that their system is robust and stringent

Abhiraj Krishna, a lawyer who deals with Aadhaar related matter for private entities, while speaking to The Logical Indian said that no Aadhaar-related authentication is completed without a biometric check. He further explained and while the news report talks of generating unauthorised Aadhaar numbers, it is unclear from the report as to whether such fake numbers can also get authenticated. Until and unless, the 12-digit number is authenticated (matched with biometrics) such fake numbers are unlikely to create ghost beneficiaries for Governmental schemes, he added. He said that UIDAI (from a legal and regulatory perspective) has built-in end-to-end security mechanisms in place and that the regulations are fairly robust.

Besides, he added, that biometric authentication is only permitted through registered devices that comply with technical requirements specified by the governing body – UIDAI. So, any potential security breach is required to be analysed holistically.

Refuting HuffPost’s claims, UIDAI clarified that enrolments operators, if found flouting prescribed norms are blacklisted and fined. Moreover, it added, “It is because of this stringent and robust system that as on date more than 50,000 operators have been blacklisted.”

It added, “People are also advised to approach only the authorised Aadhaar enrolment centres in bank branches, post offices and Government offices for their enrolment/updation.”

Earlier instances of Aadhaar data breach

The issue of Aadhaar data being leaked gained notoriety when The Tribune in their investigative reportage allegedly found out that anyone can gain access to billions of Aadhaar details just by paying Rs 500 to an anonymous seller over WhatsApp. Other news reports over the years have also highlighted the problem and loopholes in Aadhaar’s security measure in keeping the information private. Recently, Telecom Regulatory Authority of India (TRAI) Chairman and a former CEO of UIDAI, R S Sharma, in a bid to quash a twitter users’ challenge that Aadhaar data is insecure, the former UIDAI Chairman published his Aadhaar no. on July 28. In the tweet, which probably flouted UIDAI norms as well, Sharma asked the twitter user to give one concrete example of the harm that could be done to him.

Also Read: UP: Using ‘Fake’ Aadhaar Cards, 1.86 Lakh Transactions Done To Steal 2.2 Lakh Tonnes Of PDS Supply


Written by : Sromona Bhattacharyya

Edited by : Bharat Nayak

Related Stories

OTP Fraud Bengaluru

Bengaluru: Two Men Siphon Off Lakhs From Businessmen By Hacking Their SMSs & Stealing Card Details

Mobile Phone Users Find UIDAI- Aadhaar Number Auto-Stored In Phonebook, Google Takes The Blame

On Taxpayers’ Money, UIDAI Wants To Monitor & Frame Public Opinion On Aadhaar, Releases Tender

Baal Aadhaar

UIDAI Introduces Blue Coloured ‘Baal Aadhaar’ For Kids Below 5 Years, Know About It

UIDAI Refuses To Disclose How Much It Spent On Advertising Aadhaar In Past 8 Years, Despite Being Asked Under RTI

“Aadhaar Doesn’t Certify Identity, Biometric Data Stored Not Unique”: UIDAI In RTI Reply

Latest on The Logical Indian

Get Inspired

Argentinian Gay Couple Adopts Girl Born With HIV Who Was Rejected By 10 Families

Get Inspired

How African Boy Harnessed Wind To Light His House


India Slips To 102nd Spot On Global Hunger Index Of 117 Nations, Behind Pak, Nepal, Bangladesh

My Social Responsibility

Cowshed As A Classroom & With Rs.800, He Started With 4 Students, Today He Teaches 500 Students For Free


It Wasn’t Just Me — A Journey From Hopeless To Hopeful

My Social Responsibility

Alarmed By Water Crisis, This Farmer’s Son Invented A Low-Cost Water Filter Which Needs No Electricity


Stories that deserve attention, delivered to your inbox!

Handpicked, newsworthy stories which deserve the attention of a rational generation.