Identity Project

How secure is Aadhaar? Gang arrested in Uttar Pradesh cloned its enrolment software

The Aadhaar authority, however, continues to maintain that the gang’s operation did not affect its database and processing system.

The Unique Identity Development Authority of India has always insisted that its database, which holds the biometrics of around 1.17 billion Indian residents, has never been breached.

However, a different vulnerability for India’s controversial unique identity project, also known as Aadhaar, was revealed last week when the police busted a racket in Kanpur, Uttar Pradesh, whose operators had cloned the Aadhaar client application. According to the police, the gang sold this replica to people, which potentially allowed them to run unauthorised enrolment centres where illegitimate Aadhaar numbers could be generated. Aadhaar is the 12-digit biometrically linked unique identification number that the government wants every Indian resident to have

The gang may have been caught after a complaint by the Unique Identity Development Authority of India – with 10 people arrested – but cyber security experts say the incident should bring the focus back on the state of security of the entire Aadhaar ecosystem, which has been plagued with leaks.

The Aadhaar authority, however, continues to maintain that the gang’s operation did not affect its database and processing system.

Responding to the arrests, the Unique Identity Development Authority of India said in a statement on Tuesday that it had noticed an unusually high number of logins into the client application by a few authorised operators, after which it filed a complaint with the police on August 16. It said: “The attempt to generate fake Aadhaar cards was foiled by the robust UIDAI system and the arrested gang could not succeed in its nefarious and illegal designs.”

The police is yet to ascertain the gang’s scale of operations. For this, it will need to establish how many people the gang sold the replica application to. The police would also have to facilitate an enrolment audit, a task in which the Unique Identity Development Authority of India will have to determine which Aadhaar numbers were generated by unauthorised persons using the cloned app.

Elaborate operation

The Aadhaar client application is only provided to authorised enrolment centres. Its operators are required to log in through a biometric system in which their fingerprints are scanned to check if they are authorised.

The members of the gang allegedly made copies of the login details of registered operators, including their fingerprints, and gained unauthorised access to the application, the police said. The fingerprints were replicated with the help of butter paper, and treated with chemicals and ultraviolet rays at different temperatures to create a mould using gelatin gel and latex, it said.

A few months ago, the Aadhaar authority added another layer of security to the login process for enrolment operators, making iris recognition mandatory for them to access the client application, the police said.

“But by then it was too late,” said Triveni Singh, additional superintendent of police with the Uttar Pradesh police’s Special Task Force. “The gang had already created a replica of the client application in which they had bypassed both the fingerprint and iris recognition requirements, and had started selling copies of the replica for Rs 5,000 each to individuals.”

Individuals who purchased the cloned application could log into the system using the basic login details of registered enrolment operators, which the gang members shared with them. Because the application had been altered, the biometric requirements were no longer mandatory, the police said.

“We are yet to track down the individuals to whom the cloned client application was sold,” said Singh. “Only then we will be able to ascertain details of the illegitimate Aadhaar enrolments they had carried out,” he added.

(Photo credit: Wikimedia Commons).
(Photo credit: Wikimedia Commons).

Cyber security of the Aadhaar ecosystem

According to cyber security expert Pavan Duggal, the cloning racket is a wake-up call for the Unique Identity Development Authority of India. “It has exposed the inadequacy of the Aadhaar framework in terms of cyber security,” he said. “Fishing out unauthorised Aadhaar cards, if any, from the system will be a massive challenge. The incident definitely raises concerns about the cyber security of the Aadhaar ecosystem, which the Aadhaar Act is silent about.”

He said that when the Aadhaar Act was enacted in 2016 the government’s plans to link Aadhaar with bank accounts, permanent account numbers, mobile phone numbers and so on, were not in place. Now Aadhaar has become part of an ecosystem in cyber space and it remains unprotected, he said. “The law has to be amended to take care of that,” he added.

Leaked source code

But how was it possible to make a clone of the client application so easily?

“The gang members had access to the source code of the original Aadhaar client application,” Triveni Singh said. “They tampered with it slightly just to bypass the biometric requirements for the login. It looks like they were helped by someone who is an expert in software development. We also suspect the involvement of an UIDAI [Unique Identity Development Authority of India] insider.”

The source code is a set of computer instructions to build an application, written in a readable programming language.

According to cyber security expert Kislay Chaudhary, who works as a consultant with several government agencies, tampering with the source code of a website or application and creating a duplicate with little modifications is easy.

“The strength of any source code depends on the expertise of the software developers and web developers hired by an agency to design an application or website,” he said. “Many government agencies have websites that are literally copy-paste models, with their source codes almost entirely borrowed from others. They can be easily replicated.”

He added that the Kanpur cloning has clearly exposed the vulnerability of Aadhaar as far as cyber security is concerned, and that it was high time the Unique Identity Development Authority of India came out of its state of denial.

UIDAI’s statement

In its statement, besides claiming that its inbuilt safeguards were responsible for foiling the racket, the Unique Identification Authority of India drew attention to its efforts to put an end to malpractices. It said it conducts regular field investigations, and based on these investigations, operators and supervisors found involved in malpractices are blacklisted for up to five years, and even fined. It added that in the past nine months it has blacklisted around 49,000 operators for corrupt practices and fined 6,566 operators for overcharging to issue Aadhaar numbers.

We welcome your comments at letters@scroll.in.
Sponsored Content BY 

Ten awesome TV shows to get over your post-GoT blues

With those withdrawal symptoms kicking in, all you need is a good rebound show.

Hangovers tend to have a debilitating effect on various human faculties, but a timely cure can ease that hollow feeling generally felt in the pit of the stomach. The Game of Thrones Season 7 finale has left us with that similar empty feeling, worsened by an official statement on the 16-month-long wait to witness The Great War. That indeed is a long time away from our friends Dany, Jon, Queen C and even sweet, sweet Podrick. While nothing can quite replace the frosty thrill of Game of Thrones, here’s a list of awesome shows, several having won multiple Emmy awards, that are sure to vanquish those nasty withdrawal symptoms:

1. Billions

There is no better setting for high stakes white collar crime than the Big Apple. And featuring a suited-up Paul Giamatti going head-to-head with the rich and ruthless Damien Lewis in New York, what’s not to like? Only two seasons young, this ShowTime original series promises a wolf-of-wall-street style showcase of power, corruption and untold riches. Billions is a great high-octane drama option if you want to keep the momentum going post GoT.

Watch Billions Now

2. Westworld

What do you get when the makers of the Dark Knight Trilogy and the studio behind Game of Thrones collaborate to remake a Michael Crichton classic? Westworld brings together two worlds: an imagined future and the old American West, with cowboys, gun slingers - the works. This sci-fi series manages to hold on to a dark secret by wrapping it with the excitement and adventure of the wild west. Once the plot is unwrapped, the secret reveals itself as a genius interpretation of human nature and what it means to be human. Regardless of what headspace you’re in, this Emmy-nominated series will absorb you in its expansive and futuristic world. If you don’t find all of the above compelling enough, you may want to watch Westworld simply because George RR Martin himself recommends it! Westworld will return for season 2 in the spring of 2018.

Watch Westworld Now

3. Big Little Lies

It’s a distinct possibility that your first impressions of this show, whether you form those from the trailer or opening sequence, will make you think this is just another sun-kissed and glossy Californian drama. Until, the dark theme of BLL descends like an eerie mist, that is. With the serious acting chops of Reese Witherspoon and Nicole Kidman as leads, this murder mystery is one of a kind. Adapted from author Liane Moriarty’s book, this female-led show has received accolades for shattering the one-dimensional portrayal of women on TV. Despite the stellar star cast, this Emmy-nominated show wasn’t easy to make. You should watch Big Little Lies if only for Reese Witherspoon’s long struggle to get it off the ground.

Watch Big Little Lies Now

4. The Night of

The Night Of is one of the few crime dramas featuring South Asians without resorting to tired stereotypes. It’s the kind of show that will keep you in its grip with its mysterious plotline, have you rooting for its characters and leave you devastated and furious. While the narrative revolves around a murder and the mystery that surrounds it, its undertones raises questions on racial, class and courtroom politics. If you’re a fan of True Detective or Law & Order and are looking for something serious and thoughtful, look no further than this series of critical acclaim.

Watch The Night Of Now

5. American Horror Story

As the name suggests, AHS is a horror anthology for those who can stomach some gore and more. In its 6 seasons, the show has covered a wide range of horror settings like a murder house, freak shows, asylums etc. and the latest season is set to explore cults. Fans of Sarah Paulson and Jessica Lange are in for a treat, as are Lady Gaga’s fans. If you pride yourself on not being weak of the heart, give American Horror Story a try.

Watch American Horror Story Now

6. Empire

At its heart, Empire is a simple show about a family business. It just so happens that this family business is a bit different from the sort you are probably accustomed to, because this business entails running a record label, managing artistes and when push comes to shove, dealing with rivals in a permanent sort of manner. Empire treads some unique ground as a fairly violent show that also happens to be a musical. Lead actors Taraji P Henson and Terrence Howard certainly make it worth your while to visit this universe, but it’s the constantly evolving interpersonal relations and bevy of cameo appearances that’ll make you stay. If you’re a fan of hip hop, you’ll enjoy a peek into the world that makes it happen. Hey, even if you aren’t one, you might just grow fond of rap and hip hop.

Watch Empire Now

7. Modern Family

When everything else fails, it’s comforting to know that the family will always be there to lift your spirits and keep you chuckling. And by the family we mean the Dunphys, Pritchetts and Tuckers, obviously. Modern Family portrays the hues of familial bonds with an honesty that most family shows would gloss over. Eight seasons in, the show’s characters like Gloria and Phil Dunphy have taken on legendary proportions in their fans’ minds as they navigate their relationships with relentless bumbling humour. If you’re tired of irritating one-liners or shows that try too hard, a Modern Family marathon is in order. This multiple-Emmy-winning sitcom is worth revisiting, especially since the brand new season 9 premiers on 28th September 2017.

Watch Modern Family Now

8. The Deuce

Headlined by James Franco and Maggi Gyllenhaal, The Deuce is not just about the dazzle of the 1970s, with the hippest New York crowd dancing to disco in gloriously flamboyant outfits. What it IS about is the city’s nooks and crannies that contain its underbelly thriving on a drug epidemic. The series portrays the harsh reality of New York city in the 70s following the legalisation of the porn industry intertwined with the turbulence caused by mob violence. You’ll be hooked if you are a fan of The Wire and American Hustle, but keep in mind it’s grimmer and grittier. The Deuce offers a turbulent ride which will leave you wanting more.

Watch The Deuce Now

9. Dexter

In case you’re feeling vengeful, you can always get the spite out of your system vicariously by watching Dexter, our favourite serial killer. This vigilante killer doesn’t hide behind a mask or a costume, but sneaks around like a criminal, targeting the bad guys that have slipped through the justice system. From its premier in 2006 to its series finale in 2013, the Emmy-nominated Michael C Hall, as Dexter, has kept fans in awe of the scientific precision in which he conducts his kills. For those who haven’t seen the show, the opening credits give an accurate glimpse of how captivating the next 45 minutes will be. If it’s been a while since you watched in awe as the opening credits rolled, maybe you should revisit the world’s most loved psychopath for nostalgia’s sake.

Available starting October

10. Rome

If you’re still craving an epic drama with extensive settings and a grandiose plot and sub-plots, Rome, co-produced by HBO and BBC, is where your search stops. Rome is a historical drama that takes you through an overwhelming journey of Ancient Rome’s transition from a republic to an empire. And when it comes to tastes, this series provides the similar full-bodied flavour that you’ve grown to love about Game of Thrones. There’s a lot to take away for those who grew up quoting Julius Caesar, and for those looking for a realistic depiction of the legendary gladiators. If you’re a history buff, give this Emmy-winning show a try.

Watch Rome Now

For your next obsession, Hotstar Premium has you covered with its wide collection of the most watched shows in the world. Apart from the ones we’ve recommended, Indian viewers can now easily watch other universally loved shows such as Silicon Valley and Prison Break, and movies including all titles from the Marvel and Disney universe. So take control of your life again post the Game of Thrones gloom and sign up for the Hotstar Premium membership here.

This article was produced by the Scroll marketing team on behalf of Hotstar and not by the Scroll editorial team.