Ethical Hacker Breaks Into Aadhaar’s Official Android App To Reveal Its Poor Security

The Aadhaar card has been under a lot of public scrutiny recently. This is because of the recent revelation that the data can be bought for just Rs. 500. However, the UIDAI also gave out a statement refuting all the allegations.

Image Source

In another attempt to prove how low the Aadhaar card security is this online researcher tried something else. Going by the name of Elliot Alderson he brought to light that the mAadhaar (the official Android app for Aadhaar) has poor security standards.

He illustrated each point he was trying to make with a code he had used to hack the system.

He further said that they are “saving your biometric settings in a local database which is protected with a password. To generate the password they used a random number with 123456789 as seed” and use way too easy passwords to protect vital information.

Now I’m no expert but even I can understand that this is definitely not the best safeguarding strategy. Maybe not keep a password like “123456789” for what is the largest biometric database in the world?

He even explained everything the Aadhaar card database contains. And tagged the UIDAI calling them out for their poor security measures.

However, the UIDAI responded to the user and clarified that the “question of biometrics doesn’t arise” because the mAadhaar doesn’t “capture, store or take any biometric inputs”.

Elliot then tried to prove his point by replying to the UDAI.

While companies like Facebook and Google offer bounty to anyone who can hack their platforms and report it to them, it’s the denial of the Aadhaar authorities that’s alarming. No system is full-proof, but with the help of white-hat hackers like Elliot (and hundred others), the least UIDAI can do is to acknowledge gracefully and fix the loopholes.

Cover Image Source