Anybody not living under a rock over the past year will know that India’s unique ID system, Aadhaar, has been embroiled in huge controversies for exposing personal details of millions of citizens, including the recent revelation from cyber-security researcher ‘Elliot Alderson’ that a whole bunch of sensitive Aadhaar data is openly available online for anyone to find, just by Googling “Mera Aadhaar Meri Pehchan filetype:pdf“.
Now, the man with a mission has uploaded the source code of what he calls his ‘Aadhaar Search Engine’ on Github in an attempt to prove just how easy it is to find Aadhaar card details through basic Google searches by automating the whole process.
— Baptiste Robert (@fs0c131y) March 19, 2018
While such glaring lack of basic security can have potentially disastrous consequences for citizens, Aadhaar and mAadhaar have been big security nightmares from the start. What’s even worse, is that rather than fixing the security loopholes, UIDAI seems to be more interested in covering up its tracks, and has been blaming the media for reporting on Alderson’s revelations.
French cyber-security researcher who goes by the nom de guerre Elliot Alderson has been exposing several serious security flaws in mobile apps, smartphones and other internet services over the past year.
While he came into prominence last year after pointing out serious security loopholes in the website of France’s largest fundamental science agency, CNRS, he has since exposed many crtical flaws in the way the Aadhaar data is stored. While the response from UIDAI has largely been lackluster, Alderson has stuck at it, finding newer flaws that apparently don’t even need a skilled hacker to exploit.