Skip to content
Search
Close this search box.

mAadhaar security flaw makes stealing Aadhaar data easier

mAadhaar security flaw makes stealing Aadhaar data easier

Quick Answer

  • To explain the issue, the mAadhaar app saves all the biometric settings in a local database which is protected with a password and, to generate the password, UIDAI uses a random number with 123456789 as seed and a hardcoded string db_password_123 which makes it easy for anyone to crack it.
  • Earlier, there was a report last week that a major security loophole in the Aadhaar database made the unrestricted access to the database and Aadhaar data is available just for Rs.
  • He writes in his tweet to UIDAI that it is super easy to get the password of the local database of Aadhaar.

The Aadhaar card security concerns don’t seem to end. Now, a French security researcher has reportedly found a security flaw in the mAadhaar app. As per his report, the flaw makes it easier for someone with physical access to any user’s phone to acquire their Aadhaar card details.

The researcher named Elliot Alderson took to Twitter to explain the security flaw in the Aadhaar app. He pointed out the issues that would cause security issues in the Android app. He writes in his tweet to UIDAI that it is super easy to get the password of the local database of Aadhaar.

However, UIDAI in a response Tweet mentioned that “mAadhaar uses a local db to store the user preferences on the user’s device. This data is application preferences as created by the user on his/her phone. The app does not capture, store or take any biometric inputs. So the question of biometrics being compromised does not arise.”

To explain the issue, the mAadhaar app saves all the biometric settings in a local database which is protected with a password and, to generate the password, UIDAI uses a random number with 123456789 as seed and a hardcoded string db_password_123 which makes it easy for anyone to crack it.

He, in a later tweet, explained that debug feature that is enabled in the app by default lets someone repack the app with the logging activated and distribute it. So, all the Aadhaar data will be available to the hacker and the attacker can easily upload the log file to his server. He also mentioned a hacker is already stealing the data.

https://twitter.com/fs0c131y/status/951965819801567232

This is not the first time when someone has raised a question about Aadhaar’s privacy. Earlier, there was a report last week that a major security loophole in the Aadhaar database made the unrestricted access to the database and Aadhaar data is available just for Rs. 500. UIDAI, however, issued a restriction to some official to the Aadhaar portal. The authority will also release some new Aadhaar security features in March this year.

Was this article helpful?
YesNo

Share:

Our Little Story

GadgetsToUse.com and its youtube channel was founded in year 2012 by Abhishek Bhatnagar.

Abhishek Bhatnagar is a popular technology blogger & Tech YouTuber from India. A Software Engineer by qualification, he works as the Editor-in-Chief at Gadgets To Use. He runs several other technology websites as well.