Aadhaar is going to be the be all and end all of everything. But there is this nagging doubt if it is really safe and secure. This worry has grown manifold especially after a survey found that 13 crore Aadhaar cards had been leaked and could be compromised

With Aadhaar becoming mandatory for many public and private sector services and all government schemes, it is important to review its safety aspects.

" Linking ID to all services poses a danger"- says expert

"Chennai’s Cyber Society of India finds no threat as of now"

EASY COPY

Security researchers around the world say that a good actor(hacker) can easily fake biometric system and steal data.

In 2013, a European hacker had spoofed TouchID - fingerprint authentication system upgraded by Apple Inc in the devices. He bypassed the security system by photographing an iPhone user’s fingerprint from a glass surface and used that captured image to access login credentials. ‘Fingerprints should not be used to secure anything. You can leave them everywhere, and it is far too easy to make fake fingers out of lifted prints,’ said Starbug,security researcher on Chaos Computer Club’s site.

Jan Krissler, nicknamed as Starbug, the same security researcher, cloned the fingerprint of Germany's federal minister of defence using her pictures taken by a 'standard photo camera' in a news conference. And he claimed that the same technique is possible to fool iris biometric security systems.

In India, as of today, around 114,18,70,595 Aadhaar numbers are generated and 6,292,538,852 authenticated transactions were made through Aadhaar. In an interview with to a news channel, CEO of UIDAI, Ajay Bhushan Pandey, said, 'In this security world, there is nothing called fully secure and absolutely secure.’

MIGHTY SERIOUS

Starting from banks to government offices, Aadhaar has become one of the acceptable identities,which is mandatory to avail certain services. Especially in the telecom sector, Aadhaar playsa vital role. To buy a sim card, Aadhaar is the only easy option recommended by service providers.

Holding the ease of access as an advantage, many retailers opted for EKYC method. But they aren't aware of the security flaw. It is possible for a cyber criminal to get a new sim card using the fingerprint copy method.

Is that how far a fake fingerprint works? Honestly not, because accounts and data linked to your Aadhaar number, which require biometric authentication, can be accessed by the hacker. Just imagine, what will happen if the data of citizens of the entire nation is accessed and controlled by someone? Obviously, it's a national threat and there are chances that may lead to jeopardising national security.

TO SAFEGUARD

V Rajendran, immediate past president of Cyber Society of India, operating out of Chennai, said, 'While considering other security systems such as OTP, biometric is far better. The main thing in this biometric security can be faked but not spoofed or duplicated. Through government or private agency, the whole data can be stolen. But it's no use in the biometric fakes. Because only personal information related to Aadhaar can be found.’

If the government maintains the linked account data separately, it would be impossible for people to hack into it, he says.

As of today, there were no reports filed regarding Aadhaar biometric fake, he points out. In Western countries, researchers say biometric security can be easily faked. ‘But the Indian government says that our data is safe. And the main risk in Aadhaar data handling is with the data handlers. The government had given authorisation to private agencies to handle Aadhaar credentials. I don't know how far they are maintaining the agreement and due diligence in data handling. If the private agencies make any mistake in handling the data, then our data will get exposed. So, the government has to take responsibility in handling the data, instead of giving rights to private agencies. Till now, our data has been safe and secure,' he said.

FINGER PRINT IT

For genuine customers, getting a SIM card should be a breeze hereafter. All you need to carry is your finger to the retailer. All major service providers have now gone in for EKYC method by which you enter the biometric details and mention the Aadhaar number. BSNL is the only service provider that still, in some outlets, thrusts a form to be filled in to get a connection or SIM card.