Aadhaar database and its security continues to be a topic of discussion. Now, a French security researcher has hacked into the official Android app for Aadhaar, which is issued and developed by the UIDAI, and highlighted its less-than-ideal safety mechanism.
This revelation comes just days after UIDAI refuted reports that Aadhaar data was available on the black market for just Rs 500, and introduced the concept of 'Virtual ID' which Aadhaar-card holder can generate from its website and give for various purposes, including SIM verification, instead of sharing the actual 12-digit biometric ID.
Representative Image
Going by the name of Elliot Alderson, the white hacker drew attention to the fact that mAadhaar (the official Android app for Aadhaar) had poor security standards built in. The security researcher further alleged that "it's?super easy to get the password of the local database" of the app.
The hacker further suggested that the Android?app for Aadhaar is "saving your biometric settings in a local database which is protected with a password. To generate the password they used a random number with 123456789 as seed" and further chose a very easy to guess password.
Not the best development practice, especially if you're tasked with safeguarding the integrity of the largest biometric database in the world -- and when everyone and their grandmother knows to never pick such a simple password. On a sidenote, "123456789" is the sixth worst password of 2017.
Looks like UIDAI has some more explaining to do -- especially if its official Aadhaar app for Android can be picked apart so "easily" as this French security researcher suggests, who by the looks of it has indicated he might expose more holes in Aadhaar's app security layer.