NEW DELHI—The authenticity of the data stored in India's controversial Aadhaar identity database, which contains the biometrics and personal information of over 1 billion Indians, has been compromised by a software patch that disables critical security features of the software used to enrol new Aadhaar users, a three month-long investigation by HuffPost India reveals.
New Delhi: ​Aadhaar identity database has been compromised by a software patch that disables critical security features of the software used to enrol new Aadhaar users, a three month-long investigation by HuffPost India reveals.
The patch- freely available for Rs 2,500 allows unauthorised persons, based anywhere in the world, to generate Aadhaar numbers at will.
The patch lets a user bypass critical security features such as biometric authentication of enrolment operators to generate unauthorised Aadhaar numbers.
The patch disables the enrolment software's in-built GPS security feature (used to identify the physical location of every enrolment centre), which means anyone anywhere in the world - say, Beijing, Karachi or Kabul - can use the software to enrol users.
The patch reduces the sensitivity of the enrolment software's iris-recognition system, making it easier to spoof the software with a photograph of a registered operator, rather than requiring the operator to be present in person.
The root of the problem lies in the fact that private operators can install the aadhar software, install this patch that can be got from many what's app groups, and create as many aadhar cards as they want.
Evidently, security testing was not performed or was performed in a hap hazard manner just to beat an unrealistic deadline leading to a compromise in the security of the world's largest biometric product.​