The Unique Identity Authority of India (UIDAI) on Tuesday dismissed a news report about Aadhaar Enrolment Software allegedly being hacked. The UIDAI termed the report as “completely incorrect and irresponsible”, saying that the “claims lack substance and are baseless”.
“Unique Identification Authority of India dismisses a news report appearing in social and online media about Aadhaar Enrolment Software being allegedly hacked as completely incorrect and irresponsible. The claims lack substance and are baseless,” read the statement released by the UIDAI.
The authority said that no operator could make or update Aadhaar unless a person voluntarily shares his/her biometrics.
“No operator can make or update Aadhaar unless resident himself give his biometric. Any enrolment or update request is processed only after biometrics of the operator is authenticated and resident’s biometrics is de-duplicated at the backend of UIDAI system,” the statement further read.
The statement by the UIDAI comes after an investigation by Huffpost India claimed that a crucial Aadhaar software, used to enrol new users, was hacked using a software patch that disabled the security features.
The report claimed that the investigation was done over a period of three months and it was found that the patch allowed unauthorised people to login as Aadhaar enrolment operators from anywhere in the world, and could register anyone to generate Aadhaar numbers.
HuffPost India claimed that it not just gained access to the patch, but also got it verified by multiple experts.
According to the reports, "The patch lets a user bypass some critical security features like biometric authentication of enrolment operators to generate unauthorised Aadhaar numbers.
The patch disables the enrolment software's in-built GPS security feature. The GPS security feature is used by UIDAI to identify the physical location of every enrolment centre. Disabling this security feature means that any operator can access it from any part of the world.
The patch also reduces the sensitivity of the UIDAI software's iris-recognition system. This makes it easier for unauthorised operators to use the photograph of a registered operator rather than requiring the operator to be present physically.
This software patch is reportedly available at just Rs 2,500."