Since Aadhaar was introduced, there have been debates about it being a robust and secure identification system. While most people trust it, several developments now and then seem concerning.
And now, Delhi Police have detected and flagged numerous vulnerabilities in the Unique Identification Authority of India (UIDAI)’s system.
Multiple Aadhaar cards generated by one person
As per a TOI report, they uncovered these loopholes while probing some recent cases.
One of the prime vulnerabilities the cops found during an investigation into a bank fraud was that the Aadhaar system was not carrying out facial biometrics matching while generating an ID for any individual.
“We noticed that 12 bank accounts were opened digitally after verification from the Aadhaar database under the name of different persons even when the photographs on all the Aadhaar cards were of the same person. Thus, it became clear that it is possible for multiple Aadhaar cards to be generated by one person where the fingerprints in each are different but the photograph remains the same,” a note prepared by police for UIDAI.
Credentials of authorised agents used
The cops, while scrutinising, discovered that scammers were employing the credential details of authorised agents, who had provided them with their silicon fingerprints and printouts of the IRIS scan and the laptops configured to them.
“As per UIDAI, the authorised agents can log in or work only from a government institution or places and their GPS location is to be captured by the system. To bypass the GPS system, the crooks took the configured laptop once in 2-3 days to the designated government institution/office and synced the machine. Through this process, the machine picked up the GPS of the government office for the next 2-3 days,” the note says.
Moreover, the system didn’t distinguish between an individual’s silicon fingerprint and live fingerprint.
Thus it allowed the crooks to log into the UIDAI system with the help of the silicon fingerprints provided to them by the official agents.
“The UIDAI system is also unable to detect the scan copy of IRIS Scan. IRIS scan is a biometric feature that is enabled to ascertain if a person is alive and sitting in front of the machine to log in into the system. But these persons were using the colour printout of the IRIS scan to log in and the same was not detected by the system,” the note adds.
The cops revealed that the crooks were also able to edit/upload photos of 12 entities into the UIDAI database.
“Prima facie, it is evident the UIDAI system is not matching the facial biometric features in their database and the accused persons were able to upload their photographs,” says the note.
Discussion with Aadhaar officials
The police officers also said that after dialogue with Aadhaar officials, it was discovered that the Aadhaar system considered the 10 fingerprints of an individual as a single identity, not as 10 different unique identities.
The scammers were conscious of this and had made several Aadhaar cards by positioning the fingers alternatively or mixing the fingerprints of one individual with those of another.
For more on news and current affairs from around the world, please visit Indiatimes News.
Click Here: cheap bulldogs jersey