1. Is Aadhaar security foolproof? Even as fraudsters try new tricks, UIDAI is way ahead

Is Aadhaar security foolproof? Even as fraudsters try new tricks, UIDAI is way ahead

With reports coming in of fraudsters creating fingerprints using laser printers and silicon, and using these to access part of the Aadhaar system—fraudsters slip on the silicon fingerprint to authenticate themselves—the worst fears regarding Aadhaar appear to be coming true.

By: | Published: September 13, 2017 4:33 AM
aadhaar, aadhaar security, uidai, aadhaar uidai Also, some have argued, hi-res photographs can also be used to create fake retinas to fool the system. Uttar Pradesh’s special task force may have arrested this gang, but the fact that they got so far is worrying.

With reports coming in of fraudsters creating fingerprints using laser printers and silicon, and using these to access part of the Aadhaar system—fraudsters slip on the silicon fingerprint to authenticate themselves—the worst fears regarding Aadhaar appear to be coming true. If the biometrics of those in charge of issuing Aadhaar numbers can be cloned, imagine what else can be done. Also, some have argued, hi-res photographs can also be used to create fake retinas to fool the system. Uttar Pradesh’s special task force may have arrested this gang, but the fact that they got so far is worrying.

Certainly, fraudsters will continue to evolve, and it is the job of a good system, not just Aadhaar, to stay one step ahead, to catch fraudsters and come up with solutions. By this yardstick, UIDAI which is the repository for Aadhaar, is doing a good job. The Kanpur bust, after all, was based on a UIDAI complaint. In order to ensure only authorised agents collect biometrics, UIDAI requires them to biometrically authenticate themselves. In this case, one agent created silicon copies of his own biometrics and gave these to various people who used them for authentication and then collected the biometrics of others. When UIDAI’s computers found the same biometrics being used in different places, possibly even simultaneously, they threw up an alert and the gang got busted and the biometrics collected were junked. It was, similarly, an alert UIDAI’s network threw up that resulted in the complaint being registered against Axis Bank/Suvidha/eMudra which was storing biometric data of one person and using this repeatedly to carry out transactions.

But if biometrics can be cloned, how will UIDAI stop/track this? For one, once person A complains of an unauthorised usage of his biometrics, UIDAI can track where it was used—at a ration shop or a bank—and linking all mobiles and bank accounts with Aadhaar means all transactions can be tracked. Two, last January, UIDAI decided that only biometric authentication requests that came from devices registered with it would be entertained. In the Kanpur case, another new feature came in handy—some time ago, in order to improve security, UIDAI insisted GPS trackers be used for each machine capturing biometric data; at some point in the future, even point-of-sale machines in ration shops or those with banks/merchants using AadhaarPay could also have GPS locators to help track users even more closely. Over time, fraudsters may develop ways around even this, and UIDAI will have to come up with more checks, but that’s what all security systems in banks and credit card companies do all the time. The fact that even Aadhaar’s biggest critics have not alleged the core database of biometrics has been breached must stand for something.

  1. R
    Reader
    Oct 13, 2017 at 6:01 am
    A centralized and inter-linked biometric database like Aadhaar will lead to profiling and self-censorship, endangering freedom. Personal data gathered under the Aadhaar program is prone to misuse and surveillance. Aadhaar project has created a vulnerability to identi-ty fraud, even identi-ty theft. Easy harvesting of biometrics traits and publicly-available Aadhaar numbers increase the risk of impersonation, especially online and banking fraud. Centralized databases can be hacked. Biometrics can be cloned, copied and reused. Thus, BIOMETRICS CAN BE FAKED. High-resolution cameras can capture your fingerprints and iris information from a distance. Every eye hospital will have iris images of its patients. So another person can clone your fingerprints and iris images without your knowledge, and the same can be used for authentication. If the Aadhaar scheme is NOT STOPPED by the Supreme Court, the biometric features of Indians will soon be cloned, misused, and even traded.
    Reply
    1. K
      Kes
      Sep 13, 2017 at 4:08 pm
      For every 1 criminal caught in India, there are 9 who dont get caught. Same is the case here. UIDAI is so smug that it is unwilling to see the numerous ways in which Aadhaar based systems can be compromised.
      Reply
      1. #
        #AADHAARFAIL
        Sep 13, 2017 at 2:48 pm
        When your bank account gets looted via aadhaar pay, you will call 1947, wait for 3 hours to get connected, the call center folks will simply ask you to visit aadhaar enrollment center, waiting list being 3 months, you will bribe 1000 INR and get an appointment with aadhaar enrollment center to resolve aadhaar misuse, they will ask you to email help at uidai dot gov dot in, you will send 10 emails in 10 days and then get a generic mail, asking you to specify all your details including preferred condom b , etc, you will respond with all details, you will follow up for 3 more days, then you will get a generic FINAL response, "Please lock your bio-metrics in UIDAI , Jai Hind!", after that even if you send 100 emails you will NOT get any response. You lock your bio-metrics, the criminal go to an aadhaar enrollment center and unlock your bio-metrics using stolen fingerprint and keep on looting your hard earned money.
        Reply
        1. #
          #AADHAARFAIL
          Sep 13, 2017 at 2:41 pm
          When your bank account gets looted via aadhaar pay, you will call 1947, wait for 3 hours to get connected, the call center folks will simply ask you to visit aadhaar enrollment center, waiting list being 3 months, you will bribe 1000 INR and get an appointment with aadhaar enrollment center to resolve aadhaar misuse, they will ask you to email help uidai.gov , you will send 10 emails in 10 days and then get a generic mail, asking you to specify all your details including preferred condom b , etc, you will respond with all details, you will follow up for 3 more days, then you will get a generic FINAL response, "Please lock your bio-metrics in UIDAI , Jai Hind!", after that even if you send 100 emails you will NOT get any response. You lock your bio-metrics, the criminal go to an aadhaar enrollment center and unlock your bio-metrics using stolen fingerprint and keep on looting your hard earned money.
          Reply
          1. #
            #AADHAARFAIL
            Sep 13, 2017 at 2:25 pm
            When your bank account gets looted via aadhaar pay, you will call 1947, wait for 3 hours to get connected, the call center folks will simply ask you to visit aadhaar enrollment center, waiting list being 3 months, you will bribe 1000 INR and get an appointment with aadhaar enrollment center to resolve aadhaar misuse, they will ask you to email help uidai.gov , you will send 10 emails in 10 days and then get a generic mail, asking you to specify all your details including preferred condom b , etc, you will respond with all details, you will follow up for 3 more days, then you will get a generic FINAL response, "Please lock your bio-metrics in UIDAI , Jai Hind!", after that even if you send 100 emails you will NOT get any response. You lock your bio-metrics, the criminal go to an aadhaar enrollment center and unlock your bio-metrics using stolen fingerprint and keep on looting your hard earned money.
            Reply
            1. #
              #AADHAARFAIL
              Sep 13, 2017 at 9:45 am
              AADHAAR is Trillion dollar scam to enslave billion Indians. You can throw AADHAAR in dustbin by putting Fevicol in finger before you are forced to give fingerprint. It will blind the fingerprint scanner. Jai Hind! 25 lakh families in Rajasthan are unable to withdraw ration even after seeding Aadhaar with their ration card. Aadhaar authentication does not work for half billion Indians. Aadhaar authentication does not work even after updating bio-metrics and waiting for 90 days. AADHAAR bio-metrics can be stolen, printed and used for Aadhaar pay. Aadhaar does not work for NRIs, people outside India. Aadhaar cannot be generated if a person's fingerprint matches with someone else's with 60 percentage probability. Rogue government can deactivate your Aadhaar blocking your gas, electricity, mobile, bank account. Aadhaar works for millions of illegals staying in India. Millions of duplicate Aadhaar were created by Aadhaar agents using “biometric-exception”. Aadhaar is blocking subsidies for
              Reply
              1. R
                Reader
                Sep 13, 2017 at 7:02 am
                UK’s Biometric ID Database was dismantled. Why the United Kingdom's biometrics-linked National Identi-ty Card project to create a centralized register of sensitive information about residents similar to Aadhaar was scrapped in 2010?? The reasons were the massive threat posed to the privacy of people, the possibility of a surveillance state, the dangers of maintaining such a huge centralized repository of sensitive information, and the purposes it could be used for, and the dangers of such a centralized database being hacked. The other reasons were the unreliability of such a large-scale biometric verification processes, and the ethics of using biometric identification.
                Reply
                1. R
                  Reader
                  Sep 13, 2017 at 7:02 am
                  The US Social Security Number (SSN) card has no biometric details, no photograph, no physical description and no birth date. All it does is confirm that a particular number has been issued to a particular name. Instead, a driving license or state ID card is used as an identification for adults. The US government does not collect the biometric details of its own citizens.
                  Reply
                  1. R
                    Reader
                    Oct 13, 2017 at 8:38 am
                    The US government DOES NOT collect the biometric details of its own citizens for the purpose of issuing Social Security Number. The US collects the fingerprints of only those citizens who are involved in any criminal activity (it has nothing to do with SSN), and the citizens of other countries who come to the US.
                    Reply
                  2. Load More Comments

                  Go to Top