Following the expose on The Tribune on the availability of Aadhaar details, a new revelation raises questions about the security of private data. It has been discovered that a Google search can easily lead you Aadhaar details of several persons. This includes the person’s name, address, Aadhaar number, date of birth and photograph. They do not include the biometric details though.
The Quint has narrowed down on a few websites that have uploaded details of citizens publically. This includes the official government website of the Indian National Centre for Ocean Information Services, the All India Football Federation website and a private company called Starcards India. It may be possible that other websites may have leaked Aadhaar details as well.
The process to retrieve the Aadhaar details is so simple that a kid with a PC could easily pull data. One simply has to head over to Google and type: mera aadhaar meri pehchan filetype:pdf
This revelation comes as yet another embarrassment for the government which is encouraging more and more people to link their Aadhaars to various services. A few days back, a French security expert put up a video showing steps to bypass the Aadhaar app’s password protection in less than a minute. He claimed that he was using the latest version of the app and did not require a rooted phone. The researcher, who goes by the name Elliot Alderson advised people not to "use the Aadhaar Android App at all, be cautious when you give your Aadhaar card to anyone".
How to bypass the password protection of the official #Aadhaar #android #app in 1 minute.— Elliot Alderson (@fs0c131y) March 13, 2018
For this attack, the attacker need a physical access to the phone, rooted phone is not needed and yes this is the latest version of the app.
cc @uidai @ceo_uidai pic.twitter.com/7aZ0fvr0Wv