Ever since the Aadhaar Card has been launched it has been in a storm of controversies. The recent controversy being the alleged hacking of the Aadhaar database by the use of a patch. Amidst all this Unique Identification Authority of India (UIDAI) has now asked experts working closely with it to declare that the database is not vulnerable to any such attacks.
EconomicTimes quoted Professor Rajat Moona, Director IIT Bhilai and member of the Security Review Committee of UIDAI – Claims of the database being hacked in media reports are “ill-informed”. He also said the claims stated by experts in media reports are based on their opinions and are based on incomplete information.
Mr. Moona further added – “It is prudent to know how Aadhaar system works. Several service providers (or Aadhaar enrollment centers) take requests from various Aadhaar holders on behalf of UIDAI for legitimate changes. These requests are validated by the operator by putting his/her signature and then sent to UIDAI for its action. Along with the requests, the identity establishment parameters (like biometric or OTP etc.) for the requestor are also carried. The server would and also should not take and honor the request only on the basis of the operator only. Further, in order to ensure that unnecessary request traffic is not built up and any errors are conveyed with preliminary checks to the requestor even before sending it to UIDAI, the programs for the enrollment centers will need to build such quick and preliminary checks.”
According to him, there is a misconception that such preliminary checks are the only checks and if such checks are bypassed the system is hacked or if such a request is conveyed to UIDAI the system is hacked. He made it clear that the final checks are to be performed at the UIDAI server side and merely accepting the requests or the preliminary checks does not suffice to act upon the requests at the end of UIDAI.”
Mr. Moona cited an example where he said if an organization prints and pastes a notice on the wall to declare a particular day as a holiday. Later someone walks in and scribbles something on the wall to declare the days as two. This does not mean that the person has been able to successfully change the company policy or rather ‘hack’ the company confidential papers. Also if the person takes the papers to the HR personnel and to question its authenticity. Does it mean that the company is now compromised?
Professor Jaideep Srivastava, Security and Tech matters advisor for UIDAI and a Ph.D. in Electrical Engineering and Computer Science from the University of California – Berkeley, said – “Even if, say, some hacking patch is able to bypass or manipulate some of the front end checks, because these checks along with many more ones are also done again at the backend by UIDAI, such fraudulent attempts from abroad can be easily thwarted. Therefore to say that such an unauthorized patch can disarm the Aadhaar security is completely incorrect.”
Also Read: iPhone XS and iPhone XS Max Announced