Sponsored Links

Yet another security vulnerability afflicts India’s citizen database

A data leak allows anyone to retrieve Aadhaar member data.
Bloomberg via Getty Images
Bloomberg via Getty Images
Mallory Locklear
Mallory Locklear|@mallorylocklear|March 23, 2018 11:53 PM

India's Aadhaar database is a national system that contains personal data and biometric information on over 1.1 billion Indian citizens. While joining is technically voluntary (for now, at least), enrollment has become necessary for things like opening bank accounts and applying for loans, filing tax returns and buying or selling property. But Aadhaar has been rife with security issues and ZDNet reports that another, currently unaddressed, problem is exposing Indian citizens' information.

ZDNet is withholding details about the security lapse because it says Indian officials haven't done anything about it. Karan Saini, a New Delhi-based security researcher, spotted the vulnerability and says a data leak in a state-owned utility company's system is letting anyone retrieve information on any Aadhaar member. Names, Aadhaar identity numbers and bank information are all exposed.

ZDNet spent over a month trying to get in touch with Indian authorities and after receiving no replies, it contacted the Indian Consulate in New York. ZDNet spent two weeks describing the problem, but it remained unaddressed. It said the vulnerability was still accessible at the time of publication.

Aadhaar has experienced a number of other security issues in the past. Earlier this year, reporters at Indian publication The Tribune were able to buy an Aadhaar administrator ID and password from an individual through WhatsApp. It cost less than $8, took 20 minutes and they were able to enter any Aadhaar ID number and access that person's name, address, photo, phone number and email.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

Aadhaar has attracted a lot of criticism for the repeated security lapses it has suffered over the years and the country's Supreme Court is currently assessing Aadhaar's constitutional validity.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
Yet another security vulnerability afflicts India’s citizen database