wordpress blog stats
Connect with us

Hi, what are you looking for?

, , , , ,

Gang held for counterfeiting Aadhaar cards was cloning fingerprints; Our Take

Ten members of a gang that was counterfeiting Aadhaar Cards were been arrested by the police in Uttar Pradesh, reports NDTV. The gang was led by Saurabh Singh from Kanpur. We couldn’t find a note on this on the UP Police website or twitter handle.

According to a note we’ve seen (the same as this), albeit unvalidated, the group had used biometric devices to get the fingerprint of authorised operators. They printed this scanned fingerprint on butter paper, and used UV rays on a photo polymer resin – first at 10 degrees temperature, then at 40 degrees – to create an artificial fingerprint similar to the original. They used this log into the Aadhaar website. The note also mentions that although the UIDAI also mandates iris scan for login, the group bypassed iris (retina) based authentication by using a tampered client application. Apparently, they were selling this application to others for Rs 5000. A single login was able to work on multiple machines, and create fake Aadhaar cards. The note also mentions that Registrars, Enrollment Agencies Supervisors, verifiers, and operators haven’t implemented new security policies instituted by the UIDAI.

A few points to note:

1. Biometrics aren’t only held by the CIDR: the UIDAI has been saying that the data base which holds Aadhaar information (CIDR: Central Identities Database Repository) is secure and data hasn’t leaked from it. The biometric information is safe, is something that has been specified repeatedly. But the truth is that the biometrics can be leaked from the source too: from people. We’re leaking fingerprints all the time: I’m currently typing on a keyboard. Detective stories point towards fingerprints taken from glasses of water. We’re leaking this data, and it can be cloned. Because it’s meant to be an irrefutable password that you cannot change, and because lots different services are being connected to it, fingerprints will be cloned. They have even been cloned from photographs. Users will be left compromised forever.

2. Creating a policy isn’t the same as implementing it: The UIDAI may have an updated process to ensure that only authorised agents can log in for Aadhaar enrollment, but that doesn’t mean that the process will be followed.

Advertisement. Scroll to continue reading.

3. This problem will scale as Aadhaar scales: eKYC and the usage of Aadhaar for authenticating multiple services only expands the problem. As more end nodes get created with more services being linked to Aadhaar, the risks will increase.

4. Fingerprint authentication doesn’t necessarily prevent corruption: Fingerprints were meant to provide the irrefutable proof of presence of an individual when claiming rations/payment for work done under NREGA. Clearly, they can be cloned, and do not provide proof of authorisation.

5. How do you prove that you didn’t authenticate something? Imagine if fingerprints and/or aadhaar are used to withdraw money from bank accounts in the future. How does one prove that they didn’t authenticate the transaction?

Written By

Founder @ MediaNama. TED Fellow. Asia21 Fellow @ Asia Society. Co-founder SaveTheInternet.in and Internet Freedom Foundation. Advisory board @ CyberBRICS

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

News

In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...

News

By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

News

By Stella Joseph, Prakhil Mishra, and Yash Desai The Government of India circulated proposed amendments to the Consumer Protection (E-Commerce) Rules, 2020 (“E-Commerce Rules”) which...

You May Also Like

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ