Aadhaar app hacked in one minute; 22,000 card details exposed

By Bhavika Bhuwalka

Mar 16, 2018

10:10 am

What's the story

To highlight India's data security issues, French security researcher Baptiste Robert alias Elliot Alderson has hacked into the Aadhaar app. He was able to bypass the system's password protection protocol within a minute and gain access to 22,000 Aadhaar card details. "These cards can be found on the internet. They are not on the UIDAI server. Everything is public, no hack is required," he said.

Twitter Post

Here is how he did it

How to bypass the password protection of the official #Aadhaar #android #app in 1 minute.
For this attack, the attacker need a physical access to the phone, rooted phone is not needed and yes this is the latest version of the app.
cc @uidai @ceo_uidai pic.twitter.com/7aZ0fvr0Wv
— Elliot Alderson (@fs0c131y) March 13, 2018

Twitter Post

Without biometric data breach, we are completely safe: Aadhaar

It is reiterated that Aadhaar remains safe and secure and there has not been a single breach from its biometric database during that last eight years of its existence. 11/11.
— Aadhaar (@UIDAI) March 11, 2018

Details

But this is Robert's point: Aadhaar is an identity document

According to Robert, as long the Aadhaar card can simply be used to establish a user's identity without biometric verification, its information becoming vulnerable to cyber attackers poses a serious threat. In terms of user protection, Robert said, "It's complicated, first don't use the Aadhaar Android App at all, be cautious when you give your Aadhaar card to anyone."

Information

The ethical hacker has exposed vulnerabilities in BSNL, Apollo Hospitals

In the past, Robert has discovered vulnerabilities in the online portals of Punjab Police, Telangana Government, Paytm, Indian Postal Service, Apollo Hospitals, and BSNL. To be ethical and transparent about the whole thing, Robert has stuck to communicating with the concerned organizations on Twitter itself.