UIDAI Claims in Vain as mAadhaar Security Is Exposed by ‘Elliot Alderson’ Again

Poor Security of mAadhaar App Exposed in Video Posted by Infamous Security Expert

UIDAI’s claims of hack-proof nature of the Aadhaar database and the mAadhaar app’s robust security has been debunked time and again, but UIDAI has always been in denial mode. One person in particular, Baptiste Robert aka Twitter’s Elliot Alderson, a French cybersecurity expert has warned about vulnerabilities in the mAadhaar app as well as other Indian apps and services multiple times. But despite his claims of finding Aadhaar data in the wild, UIDAI maintained that Aadhaar and UID remains very secure in a long Tweetstorm last week.

Alderson today released a video in response to UIDAI’s boastful claims of security. Titled “How to bypass the password protection of the official Aadhaar android app in 1 minute.”, it details a relatively simple method to evade the mAadhaar app’s so-called robust security measures.

Only a few lines of code are needed to bypass the password security protocol of the app, which is an elementary error. As per the video uploaded by Alderson, one only needs to have physical access to someone’s smartphone which has a modded mAadhaar app installed on it. Once a command, which is nothing more than a few lines of code, is executed, the mAadhaar app takes the hacker straight to the password reset page, without even asking to enter details like Aadhaar number and the old password.

Moreover, one does not even have to root the stolen smartphone or perform complex hacking steps to bypass the mAadhaar app’s security firewall and access the Aadhaar details. The sheer ease with which the app’s poor security has been dodged is scary, and will surely give more sleepless nights to UIDAI chief Ajay Bhushan Pandey.

UIDAI’s attitude towards the security expert’s actions has been ‘unfriendly’ to say the least, indirectly labeling him as an ‘unscrupulous element’ whose claims should not be taken seriously. Well, now that the video has surfaced and has seemingly laid bare the truth of UIDAI’s claims, it remains to be seen what storm it stirs and what lesson UIDAI learns from the bitter realization.

comment Comments 0
Leave a Reply