The biggest issue is with third party companies collecting Aadhaar data. Aadhaar numbers are spread among companies, some of which have poor security
Mayank Jain | New Delhi
Last Updated at March 19, 2018 02:13 IST
ALSO READ
- Securing Aadhaar: Letter to BS on UIDAI introduces 16-digit 'Virtual ID'
Aadhaar privacy row: Enough data to clone digital identity of somebody else
Improved privacy
Twin existential crisis: Ways in which Aadhaar violates right to privacy
Report says you can get Aadhaar details for Rs 500; UIDAI denies breach
Over the past few weeks, an anonymous person, claiming to be a French mobile app developer, has been using his Twitter account to flag security concerns in the Aadhaar system.
Recently, the account released a video showing a hack into the Aadhaar application (app). The Unique Identification Authority of India (UIDAI) has maintained that Aadhaar remains safe and secure. Mayank Jain spoke to Robert Baptiste, the man behind the Twitter account called ‘Elliot Alderson’, to understand the way forward for citizens to keep their information safe. Edited excerpts:
Did you convey these findings to the UIDAI?
I published all my findings on Twitter, tagging the UIDAI. I asked them to take action but they never responded.
Why did you publish the details and how can people protect their data?
I want to help citizens and the government to protect data. I want to spread the word that security cannot be taken lightly. To protect their data, especially Aadhaar, people have to be careful about what information they provide to third parties, who are happy to collect this data.
In the light of these vulnerabilities, how secure is Aadhaar?
The biggest issue is with third party companies collecting Aadhaar data. Aadhaar numbers are spread among companies, some of which have poor security. This can be a serious threat for citizens.
Any substantial danger to people’s lives from these security flaws?
The biggest threat from Aadhaar is of identity theft.
Are you open to working with authorities to fix the system?
I am open to working with any authority on fixing these issues. This is the goal of my efforts. I want to communicate with them and help fix the flaws before someone exploits.
The implications of your findings?
By tampering with the app, you can bypass the password protection. It is easy for a developer to do this. When inside, you can access a person’s Aadhaar details and impersonate them.
Are you scared of being legally prosecuted for exposing vulnerabilities in the Aadhaar system?
I would not be doing this if I were scared of consequences.
Why are you interested in Aadhaar?
I am a freelance Android developer. Someone asked me to check the Aadhaar app. This is how I found security flaws and loopholes.
Have you found any significant vulnerabilities in the system?
I looked at the Android app, not the Aadhaar system as a whole, and found a lot of security issues that need to be fixed as soon as possible.
I looked at the Android app, not the Aadhaar system as a whole, and found a lot of security issues that need to be fixed as soon as possible.
Did you convey these findings to the UIDAI?
I published all my findings on Twitter, tagging the UIDAI. I asked them to take action but they never responded.
Why did you publish the details and how can people protect their data?
I want to help citizens and the government to protect data. I want to spread the word that security cannot be taken lightly. To protect their data, especially Aadhaar, people have to be careful about what information they provide to third parties, who are happy to collect this data.
In the light of these vulnerabilities, how secure is Aadhaar?
The biggest issue is with third party companies collecting Aadhaar data. Aadhaar numbers are spread among companies, some of which have poor security. This can be a serious threat for citizens.
Any substantial danger to people’s lives from these security flaws?
The biggest threat from Aadhaar is of identity theft.
Are you open to working with authorities to fix the system?
I am open to working with any authority on fixing these issues. This is the goal of my efforts. I want to communicate with them and help fix the flaws before someone exploits.
The implications of your findings?
By tampering with the app, you can bypass the password protection. It is easy for a developer to do this. When inside, you can access a person’s Aadhaar details and impersonate them.
Are you scared of being legally prosecuted for exposing vulnerabilities in the Aadhaar system?
I would not be doing this if I were scared of consequences.
First Published: Mon, March 19 2018. 06:50 IST