Thiruvananthapuram

26°C

Haze

Enter word or phrase

Look for articles in

Last Updated Saturday August 12 2017 04:36 PM IST

‘It’s safe’ croons govt, but Aadhaar data leaks all the way

Text Size
Your form is submitted successfully.

Recipient's Mail:*

( For more than one recipient, type addresses seperated by comma )

Your Name:*

Your E-mail ID:*

Your Comment:

Enter the letters from image :

‘It’s safe’ croons govt, but Aadhaar data leaks all the way

Even while the central government has been repeatedly assuring that the Aadhaar data is kept with foolproof security, the Aadhaar network is fraught with security loopholes. An IT graduate from an IIT leaked the Aadhaar information of 50,000 people through a mobile app the other day, exposing the vulnerability of its safety protocols. It also points to the serious lapses from the part of National Informatics Centre (NIC), one of the agencies entrusted with the safe handling of the Aadhaar information.

Were did it sunder?

As a precautionary measure to prevent the leakage of the data, the Central Identities Data Repository (CIDR) is not connected to internet. The Aadhaar data is stored in CIDR. But the authentication service, for ensuring the identity of the original card holder, is entrusted with 27 different KYC Service Agencies (KSA). The identification details of the clients are verified by various authentication or KYC user agencies (KUA) functioning under these KSAs. Various telecom operators and banks are among the KYC user agencies. The data transfer up to this point is through a dedicated line. The data is also encrypted to avoid data theft. But the problem lies with the data transfer beyond this point in the huge network. For instance, the vulnerabilities in e-hospital, a mobile app which authenticates Aadhaar document via NIC, came handy for the IIT graduate from Kanpur who leaked the Aadhaar data.

This is how the data leaked

- The network from Aadhaar CIDR to the NIC was foolproof. However, the transfer of data from the NIC to the e-hospital app was not encrypted.

-The techie who earlier worked with the NIC had the access to the source code of the mobile app. It also had the access code to collect Aadhaar information.

-Using this, the accused developed a new app. It replicated the code of the e-hospital app and hence, the data automatically flowed from the e-hospital app to the new app.

- From January to July, about 50,000 people used the proxy app created by the techie. But the NIC and Aadhaar authorities never had a clue about the data theft.

What it forbodes...

More than 250 KYC user agencies part of the Aadhaar project. There are umpteen apps under each of these agencies. If the codes of these apps are not safe enough, anybody could get hold of the Aadhaar data. So, an effective security audit from the top to the very bottom of the network is the need of the hour.

Read: Latest Nation News | Court restrains publication and sale of book on Baba Ramdev's life

Your form is submitted successfully.

Recipient's Mail:*

( For more than one recipient, type addresses seperated by comma )

Your Name:*

Your E-mail ID:*

Your Comment:

Enter the letters from image :

The opinions expressed here do not reflect those of Malayala Manorama. Legal action under the IT Act will be taken against those making derogatory and obscene statements.

Email ID:

User Name:

User Name:

News Letter News Alert
News Letter News Alert