Thursday, March 28, 2024
-Advertisement-
Reimagining Public Sector Analytics
Reimagining Public Sector Analytics
HomeNewsCyber SecuritySecurity flaw in mAadhaar app can allow hackers to steal your Aadhaar data: Security researcher

Security flaw in mAadhaar app can allow hackers to steal your Aadhaar data: Security researcher

Follow Tech Observer on Google News

A Security researcher alias Elliot Alderson has tweeted a serious security vulnerability in UIDAI’s mAadhaar app for Android devices.

Google News

A Security researcher alias Elliot Alderson has tweeted a serious security vulnerability in 's mAadhaar app for Android devices. According to the researcher, the is saving user sensitive data including the biometric data in a password protected local database. The password for the database is generated using a random number “123456789 as seed” and a hardcoded string db_password_123 which remains same for every phone.

Besides this, Elliot has also uploaded a proof-of-concept on Github to demonstrate the flaw. He made an application with the exact same code as it was written in the to prove that even if you run it multiple times, it will give you the same password over and over again instead of the randomised password the app is supposed to generate.

The researcher has stated that if a person is able to crack the password, they can access the entire Aadhaar account details of the user. He further said that as per the documentation for the mAadhaar app, the app will store personal details and the user's photo in their local database.

UIDAI has however confirmed that the app creates a local database with innocuous data like user preferences. Further, they said that since the app doesn't ask for any biometric data, such data can't be compromised.

According to Ankush Johar, Director at Infosec Ventures, although the exploitability of this issue is pretty low, nonetheless, information as critical as Biometrics along with other PII is something that should not be exposed to even the slightest risk.

“Recently, with alleged leakage of Aadhaar details of over a billion citizens, hackers might already have access to every information printed on our Aadhaar cards and can easily replicate it. Even though a person has replicated your , he/she will still need your Biometric info for authentication. If by any chance the hackers are able to gain the biometric data as well, then it will catastrophic,” said Johar.

He further said, “As the UP cloning fraud showed us that making a physical clone of the fingerprints is not too difficult, such leakage could do irreversible damage as you can change your passwords but you cannot change your fingerprints.”

Get the day's headlines from Tech Observer straight in your inbox

By subscribing you agree to our Privacy Policy, T&C and consent to receive newsletters and other important communications.
Sanjay Singh
Sanjay Singh
Sanjay Singh covers startups, consumer electronics and telecom for TechObserver.in
- Advertisement -
Reimagining Public Sector Analytics
Reimagining Public Sector Analytics
- Advertisement -Veeam
- Advertisement -Reimagining Public Sector Analytics
- Advertisement -ESDS SAP Hana

Subscribe to our Newsletter

83000+ Industry Leaders read it everyday

By subscribing you agree to our Privacy Policy, T&C and consent to receive newsletters and other important communications.
- Advertisement -

How AI power struggle opens up new frontier in global geopolitics

The far-reaching influence AI has on information processing, national security, military operations, the economy, and strategic decision-making is set to reshape the geopolitical landscape and redefine the power dynamics between nations.

RELATED ARTICLES