Thursday, August 16, 2018 06:00 PM

How security of the Aadhaar personal data and ECMP Software is being compromised

There are WhatsApp messages circulating about a patched version of the Enrolment Client Management Platform (ECMP) software used for off-line Aadhaar enrolment, which can potentially be used to bypass geo-location and bio-metrics, and also change the mapping between personal data of Aadhaar holders and their bio-metric data.

There are also many videos (such as https://www.youtube.com/watch?

v=i3ttp72P_Ww) uploaded to YouTube since middle of last year which claim to demonstrate how using a software patch to the ECMP software, geo-location and bio-metric security protection can be bypassed. According to these claims, the following can be done:

  1. New Aadhaar enrolment can be made without any verification.
  2. That personal information pertaining to existing Aadhaar numbers can be changed, bypassing any security checks including OTPs and bio-metric verification.

If this is true, then it is a matter of very serious concern as it endangers the sanctity

of the entire Aadhaar database. We would like to know whether UIDAI authority has carried out any examination of these claims, and if there is any merit to these claims regarding the security of the Aadhaar enrolment  software being compromised, questions Y Kiran Chandra,General Secretary  and Prabir Purkayastha, President of  Free Software Movement of India.

 

We would also like to bring to your notice that the PayTM account 7041704604

was mentioned in the youtube video https://www.youtube.com/embed/i3ttp72P_Ww. This account was tracked down to a certain Bharat B. who claimed to work for Computer Sciences

Corporation (CSC) e-Governance division. Since CSC was contracted by UIDAI for Aadhaar Enrolment  services, could this possibly be the case of rogue insiders who have used their access to this software to create illegal patched versions and are then selling it to the grey market?

 

Is UIDAI aware of this, as this has been reported in the press in the last few days?

Please refer to:

  1. http://www.atimes.com/article/indias-ambitious-digital-id-project-faces-new-securitynightmare/
  2. https://www.buzzfeed.com/pranavdixit/for-30-anyone-can-add-or-edit-entries-in-indiascreepy?

utm_term=.nggwlJb2y#.ugaRJ9xNv

  1. https://medium.com/karana/aadhaar-a-self-certified-id-a63e299b36f5

What are the steps the UIDAI is taking to make the Aadhaar system safe, as the security problems seem to emanate from inherent design flaws in the Client Server architecture of Aadhaar. Also, given that it appears that solicitations to sell the patched version of software seem to have been uploaded to the net, and doing the rounds of WhatsApp from at least the last one year, what is the sanctity of information stored in the Aadhaar database? What steps is UIDAI taking to verify the validity of data already uploaded by private players to the Aadhaar database? And whether it has been corrupted by such rogue patches being sold in the blackmarket?

This is a  serious issue having an imminent threat to our national security given the widespread use of Aadhaar for identification purposes. UIDAI should treat this matter with utmost seriousness.

image

Challenging Article 35A

Article 35A was introduced by a presidential order in 1954 to safeguard the rights and guarantee the unique identity of the people of Jammu and Kashmir. This provision gives the Jammu and Kashmir legislature the right to decide who are..

image

In defence of Article 35A of the Constitution of India

The Supreme Court is hearing a petition  challenging Article 35 A of the Constitution of India - Special Provision for the State of Jammu and Kashmir - introduced as per Constitution (application to Jammu and Kashmir) Order 1954...

image

NRC: What is to be done

THE publication of the draft National Register of Citizens (NRC) in Assam has caused widespread consternation as over four million persons who had applied have not found a place in the Register...

image

Assam NRC: No Indian Should be Left Out

The National Register of Citizens (NRC) was part of the Assam Accord which decided on the cut-off date of 1971 to determine the question of illegal migrants settled in Assam.  The work for preparing such a register did not proceed until the..

image

Simultaneous Elections:For and Against

Addressing the fourth meeting of NITI Aayog, Prime Minister Narendra Modi again flagged the issue of simultaneous elections for parliament and state assemblies, calling for a widespread debate on the issue. ..

image

BJP: Political Failure in J&K

The decision of the BJP to withdraw from the coalition government with the PDP in Jammu & Kashmir at this particular moment has the potential of creating greater political instability in the state. It signifies the total political failure of..

image

Jammu & Kashmir: Steps Needed to Begin Dialogue

Once again, there is some talk about talks to be held on Jammu & Kashmir.  On May 26, the Union Home Minister Rajnath Singh, in a media interview said that the government is ready to hold talks with Hurriyat, if the Hurriyat leadership is..

image

Karnataka, Kairana undermine BJP's mission Sout India

The Karnataka and Kairana developments seriously undermine BJP's efforts to penetrate into south India either on its own or with the support of allies. The  swift move by congress  in Karnataka deprived BJP of prospective ally like JD(S) ...

image

BJP loses as opposition unites in the By-poll

The by-election results indicate that opposition can only challenge Narendra Modi if it can arrive at state level consolidation of anti-BJP vote. BJP in Palghar and NCP in Bhandara-Gondia in Maharastra and RLD in Kairana indicate this trend...

image

Cobra Post Sting exposes Media-Hindutva Nexus

Cobra Post and its intrepid journalists, particularly Pushp Sharma and Anirudh Behl, conducted daring sting operation on some of the biggest media houses in the country. They have exposed on camera the enormous greed of the media barons, who..

image

What happened at Thoothukudi?

At least 12 people were killed and scores of others including women and children injured in a brutal police attack and firing on people agitating against Sterlite Copper, a subsidiary of global mining conglomerate Vedanta, in the city of..

image

Who should form the Government in a hung Assembly?

If a majority of elected MLAs formed a coalition, the governor would be constitutionally right to invite the leader of the majority coalition to form the government and prove their majority within a short period...

image

Karnataka Outcome: Mining Mafia comes alive again

The Karnataka election has resulted in a hung Assembly.  The BJP has emerged as the single largest party winning 104 seats but falling short of a majority by eight;   the Congress was defeated getting only 78 seats and the Janata Dal..