The Unique Identification Authority of India (UIDAI) Aadhaar software that enrols new users may have been hacked using a software patch that disables security features, revealed an investigation by HuffPost India. The investigation report further said that this patch is readily available in the market at a one-time charge of as low as Rs 2,500.
This patch, allows unauthorised persons, that too from anywhere in the world, to generate Aadhar numbers and, as per the report, the patch is already used by many enrolment operators across the country.
HuffPost India has claimed to have gained access to the patch, that bypasses the critical security features including GPS, the GPS security feature is used by UIDAI to track the physical location from where the number is generated.
WHAT IS A SOFTWARE PATCH?
A patch is a code used to alter the function of any programme. It’s used to update existing programmes.
WHAT DOES HUFFPOST INDIA CLAIMS THIS SOFTWARE PATCH DOES TO AADHAAR?
The HuffPost India in its investigation has revealed 3 major security breaches that this software patch allows:
First, it allows anyone to bypass the biometric authentification of enrolment operators to generate new IDs, meaning that anyone including a terrorist, if in possession of this patch, can generate his/her own Aadhaar number.
Second, the patch disables the GPS security feature, that is used by the UIDAI to identify the location of every enrolment centre, meaning that a person in Pakistan can generate his ID without the UIDAI noticing the location.
Third, the software patch reduces the sensitivity of the iris-recognition system, meaning that anyone even with the photo of any registered enrolment operator can log into his/her account. The operator need not be present in person to log in.