Friday, May 25, 2018 06:37 AM

How security of the Aadhaar personal data and ECMP Software is being compromised

There are WhatsApp messages circulating about a patched version of the Enrolment Client Management Platform (ECMP) software used for off-line Aadhaar enrolment, which can potentially be used to bypass geo-location and bio-metrics, and also change the mapping between personal data of Aadhaar holders and their bio-metric data.

There are also many videos (such as https://www.youtube.com/watch?

v=i3ttp72P_Ww) uploaded to YouTube since middle of last year which claim to demonstrate how using a software patch to the ECMP software, geo-location and bio-metric security protection can be bypassed. According to these claims, the following can be done:

  1. New Aadhaar enrolment can be made without any verification.
  2. That personal information pertaining to existing Aadhaar numbers can be changed, bypassing any security checks including OTPs and bio-metric verification.

If this is true, then it is a matter of very serious concern as it endangers the sanctity

of the entire Aadhaar database. We would like to know whether UIDAI authority has carried out any examination of these claims, and if there is any merit to these claims regarding the security of the Aadhaar enrolment  software being compromised, questions Y Kiran Chandra,General Secretary  and Prabir Purkayastha, President of  Free Software Movement of India.

 

We would also like to bring to your notice that the PayTM account 7041704604

was mentioned in the youtube video https://www.youtube.com/embed/i3ttp72P_Ww. This account was tracked down to a certain Bharat B. who claimed to work for Computer Sciences

Corporation (CSC) e-Governance division. Since CSC was contracted by UIDAI for Aadhaar Enrolment  services, could this possibly be the case of rogue insiders who have used their access to this software to create illegal patched versions and are then selling it to the grey market?

 

Is UIDAI aware of this, as this has been reported in the press in the last few days?

Please refer to:

  1. http://www.atimes.com/article/indias-ambitious-digital-id-project-faces-new-securitynightmare/
  2. https://www.buzzfeed.com/pranavdixit/for-30-anyone-can-add-or-edit-entries-in-indiascreepy?

utm_term=.nggwlJb2y#.ugaRJ9xNv

  1. https://medium.com/karana/aadhaar-a-self-certified-id-a63e299b36f5

What are the steps the UIDAI is taking to make the Aadhaar system safe, as the security problems seem to emanate from inherent design flaws in the Client Server architecture of Aadhaar. Also, given that it appears that solicitations to sell the patched version of software seem to have been uploaded to the net, and doing the rounds of WhatsApp from at least the last one year, what is the sanctity of information stored in the Aadhaar database? What steps is UIDAI taking to verify the validity of data already uploaded by private players to the Aadhaar database? And whether it has been corrupted by such rogue patches being sold in the blackmarket?

This is a  serious issue having an imminent threat to our national security given the widespread use of Aadhaar for identification purposes. UIDAI should treat this matter with utmost seriousness.

image

What happened at Thoothukudi?

At least 12 people were killed and scores of others including women and children injured in a brutal police attack and firing on people agitating against Sterlite Copper, a subsidiary of global mining conglomerate Vedanta, in the city of..

image

Who should form the Government in a hung Assembly?

If a majority of elected MLAs formed a coalition, the governor would be constitutionally right to invite the leader of the majority coalition to form the government and prove their majority within a short period...

image

Karnataka Outcome: Mining Mafia comes alive again

The Karnataka election has resulted in a hung Assembly.  The BJP has emerged as the single largest party winning 104 seats but falling short of a majority by eight;   the Congress was defeated getting only 78 seats and the Janata Dal..

image

Modi vs. Siddaramaiah

Siddaramaiah issues a legal notice of defamation to Prime Minister. This is perhaps the first time in India that a defamation notice is issued to the Prime Minister. This notice issued five days before elections is a clever attempt by the..

image

How did Siddaramaiah turn Karnataka into Gujarat  

BJP countered Congress' revitalised campaign in Gujarat led by a transformed Rahul Gandhi by rousing the 'Gujarati Asmitha' epitomised through Modi-Shah duo who personally led the party's campaign.

 The Karnataka chief minister seeks to inflict the 'Kannadiga Asmitha' damage on Modi-led BJP's campaign avenging what Congress lost in Gujarat campaign trail.

image

Siddaramaiah's Defamation notice to Prime Minister

Siddaramaiah issues a legal notice of defamation to Prime Minister. This is perhaps the first time in India that a defamation notice is issued to the prime minister. This notice issued five days before elections is a clever attempt by the..

image

Modi in Karnataka: BJP alters poll strategy

With Narendra Modi being brought to center stage of electioneering in Karnataka, the BJP attempts to redraw the contours of poll landscape. Firstly, the BJP and the prime minister  are trying to convert the  electoral battle from Siddaramaih..

image

BJP hopes on Modi to win Karnataka

BJP  desperately depends on Narendra Modi's campaign that begins on Tuesday to wrest power in crucial south Indian state. Though Modi factor delivered BJP handsome victories many a time since 2014, the Karnataka poll terrain is not conducive..