No Operator Can Make Or Update Aadhaar Unless Resident Himself Gives His Biometric: UIDAI On Software Hacking

The Logical Indian Crew India

September 12th, 2018 / 6:41 PM

Aadhaar Software Hacked

Image Credits: Khabare Hindi

The Unique Identification Authority of India (UIDAI), on September 11 posted a series of 24 tweets in which they dismissed a news report about the Aadhaar Enrolment Software being allegedly hacked as incorrect and irresponsible. It also said, “The claims lack substance and are baseless. UIDAI further said that certain vested interests are deliberately trying to create confusion in the minds of people which is completely unwarranted.”

It further added, “No operator can make or update Aadhaar unless resident himself give his biometric. Any enrolment or update request is processed only after biometrics of the operator is authenticated and resident’s biometrics is de-duplicated at the backend of UIDAI system.”

What news reports are saying?

While Aadhaar data security has always been the bone of contention since the inception of its framework back in 2009, UIDAI has found itself placed in a fresh controversy. UIDAI’s 24-part clarification comes after HuffPost India published an article claiming that they have access to a software patch which disables critical security features in the Aadhaar database, allowing hackers to generate unauthorised Aadhaar numbers. As per the report, the software patch is freely available for a price of Rs 2,500 only. Moreover, the report also said that the patch was analysed by three internationally reputed experts and two Indian analysts.

The investigative report by HuffPost India claims that the software patch compromises Aadhaar enrolment software on three fronts – users can bypass the need for biometric authentication, it disables the software’s inbuilt GPS system and finally, it reduces the sensitivity of the iris recognition feature.

The Aadhaar-issuing body clarified that it matches all the biometrics which include both iris and 10 fingerprints of the resident enrolling for Aadhaar with the biometrics of all other Aadhaar holders before issuing a new Aadhaar.

UIDAI claims that their system is robust and stringent

Abhiraj Krishna, a lawyer who deals with Aadhaar related matter for private entities, while speaking to The Logical Indian said that no Aadhaar-related authentication is completed without a biometric check. He further explained and while the news report talks of generating unauthorised Aadhaar numbers, it is unclear from the report as to whether such fake numbers can also get authenticated. Until and unless, the 12-digit number is authenticated (matched with biometrics) such fake numbers are unlikely to create ghost beneficiaries for Governmental schemes, he added. He said that UIDAI (from a legal and regulatory perspective) has built-in end-to-end security mechanisms in place and that the regulations are fairly robust.

Besides, he added, that biometric authentication is only permitted through registered devices that comply with technical requirements specified by the governing body – UIDAI. So, any potential security breach is required to be analysed holistically.

Refuting HuffPost’s claims, UIDAI clarified that enrolments operators, if found flouting prescribed norms are blacklisted and fined. Moreover, it added, “It is because of this stringent and robust system that as on date more than 50,000 operators have been blacklisted.”

It added, “People are also advised to approach only the authorised Aadhaar enrolment centres in bank branches, post offices and Government offices for their enrolment/updation.”

Earlier instances of Aadhaar data breach

The issue of Aadhaar data being leaked gained notoriety when The Tribune in their investigative reportage allegedly found out that anyone can gain access to billions of Aadhaar details just by paying Rs 500 to an anonymous seller over WhatsApp. Other news reports over the years have also highlighted the problem and loopholes in Aadhaar’s security measure in keeping the information private. Recently, Telecom Regulatory Authority of India (TRAI) Chairman and a former CEO of UIDAI, R S Sharma, in a bid to quash a twitter users’ challenge that Aadhaar data is insecure, the former UIDAI Chairman published his Aadhaar no. on July 28. In the tweet, which probably flouted UIDAI norms as well, Sharma asked the twitter user to give one concrete example of the harm that could be done to him.

Also Read: UP: Using ‘Fake’ Aadhaar Cards, 1.86 Lakh Transactions Done To Steal 2.2 Lakh Tonnes Of PDS Supply


Written by : Sromona Bhattacharyya

Edited by : Bharat Nayak

Share your thoughts..

Related Stories

Aadhaar Software Hacked

No Operator Can Make Or Update Aadhaar Unless Resident Himself Gives His Biometric: UIDAI On Software Hacking

“Aadhaar Doesn’t Certify Identity, Biometric Data Stored Not Unique”: UIDAI In RTI Reply


UIDAI To Impose 18% GST For Updating Aadhaar

Woman Complains Of Aadhaar Getting Linked To 9 Mobile No. Without Her Knowledge, UIDAI Replies, “Now You Know’’

Report Says You Can Access Billion Aadhaar Details With Just Rs 500, UIDAI Denies Breach

Aadhaar Services

Aadhaar Officials Make Huge Profits Using Aadhaar Services As Part Of Their Own Private Firms

Latest on The Logical Indian


Made In India Stents Just As Good As Their International Counterparts, Study From Germany Shows


This Website Needs Your Personal Details For NaMo T-Shirts. Here’s Why It’s Worrisome


Monkey Menace: Two People Killed In Agra On Same Day; Monkey Population Reaches 50,000


My Story: “I Saw A Kid Staring At The Ferris Wheel, He Didn’t Have Money Or Courage To Go Up”


On Family’s Request Kathua Victim’s Lawyer Removed From Case Over “Non-Appearance” In The Case


Low IQ Among Indian Children, Is Iodine Deficiency The Secret Reason?


Stories that deserve attention, delivered to your inbox!

Handpicked, newsworthy stories which deserve the attention of a rational generation.