Cyber law expert Pavan Duggal told FinancialExpress.com that it will advisable for users not to use Aadhaar till security-related issues are addressed.
Less than a week after Ram Sewak Sharma, chairman of the Telecom Regulatory Authority of India (Trai), gave out his Aadhaar number and challenged people to show how the information could be misused against him, the UIDAI (Unique Identification Authority of India) which looks after Aadhaar number, finds itself in another controversy. Sharma’s move has not gone down well with the hacking community across the globe who revealed his phone number, date of birth (DOB), and address which UIDAI claimed wasn’t because of his revealed Aadhaar card number but at the same time, advised people not to reveal “personally sensitive information”.
Now, in what appears to be yet another controversy, many people in the country found an alleged Aadhaar toll-free number on their mobile phones on Thursday leading to confusion on social media platforms. UIDAI’s statement that it didn’t authorise any service provider or manufacturer to pre-load the number, comes as a more concerning sign for the users.
Cyber law expert Pavan Duggal told FinancialExpress.com that it will be advisable for users not to use Aadhaar till security-related issues are addressed. “The learnings are very clear that we have to revisit the cybersecurity paradigm in the Aadhaar ecosystem. This is a rude wake-up call for users and it will be advisable for users not to use Aadhaar till these cybersecurity hiccups are addressed,” he said.
Duggal added that the latest attack was a reaction to Sharma’s challenge for which people are having to pay. He said that Trai chairman’s challenge has woken up the hacking community which wants to show Aadhaar’s vulnerability.
“I look at this as a manifestation of a growing campaign and targetting the Aadhaar ecosystem by various hacker communities. Actually, it also started with Mr Sharma’s challenge that no harm could be done to him. That challenge has gone out into the world in a viral manner and has woken up the relevant hacking communities who are now increasingly targetting Aadhaar to show its vulnerability and insecurity. I think its too early to predict what kind of harms are likely to happen, leave challenges like this,” Duggal said.
He called the recent turn of events a massive threat and added that it would have required a lot of ingenuity to pull off something like this.
“This is a massive threat, it is a massive cybersecurity breach for the users. Also, it is a threat which is once again showing the inadequacy of Aadhaar as a paradigm. This is a security breach that has happened on Android phones users but imagine to have that happened at this level. It required a lot of ingenuity and the purpose of doing this is simple – to demonstrate to the entire world that don’t depend on Aadhaar – it is not secure,” he said.
Duggal believes that the hacking community doesn’t like being challenged and we can expect more incidents like this in the coming days because Aadhaar appears to be their target who are all out to prove that it is not completely secure and must be abolished.
“The thing is that the hacking community doesn’t like to be challenged. And, if you do that, they will go to all extent possible to prove their points. All of this happening in less than a week of Sharma’s challenge shows that it is a continuing attack and we should be expecting more of these incidents in the coming time,” he said.
Earlier in the day, UIDAI had clarified in a press statement that it has not asked or communicated to any manufacturer or service provider for providing UIDAI numbers in the mobile phones. “It is emphasised that the said 18003001947 is not a valid UIDAI Toll free number and some vested interest are trying to create unwarranted confusion in the public,” it had tweeted.