by Vidyut French security researcher who goes by the persona 'Elliot Alderson' (Eliot Alderson is a character in the TV Show Mr Robot) revealed what appear to be serious flaws in the mAadhaar app recently. While Elliot described the risk of data theft due to the vulnerabilities, the alleged flaws actually are more dangerous than just leaking information and put Aadhaar holders at risk of data, identity and monetary theft. According to Google Playstore, the mAadhaar app has between 1 and 5 million installs. Alderson demonstrated how having access to a phone containing the mAadhaar app could let an attacker retrieve the Aadhaar information due to poor coding practices being used while making the app. https://twitter.com/fs0c131y/status/951154910569140225 The hard-coded string and lack of proper randomization lead to a predictable password being generated that can easily be hacked and used to access the data secured by the app. He published a proof of concept to demonstrate how that worked. https://twitter.com/fs0c131y/status/951384370346119168 And later published a short video showing how it would take less than a minute to access the Aadhaar details on the phone if a hacker knew what they were doing. https://twitter.com/fs0c131y/status/952826492383383552 Knowing the Aadhaar number provides information like the name of the bank where the Aadhaar holder has an account. An unauthorized person knowing your Aadhaar ID and having access to the SIM linked to it is extremely risky. How this could put the user at risk If an attacker has access to the mobile phone, accessing the Aadhaar number allows the…
