The UIDAI keeps insisting that Aadhaar is secure. Biometics can’t be bypassed, enrolment software can’t be hacked, and so on. So I put together a quick list. This list is under construction. Keep checking for updates.
- April 2012: An enrolment agent was found to have issued 30,000 Aadhaar cards in a span of six months. 800 of these were enrolled using biometric exceptions for disabled people and when the police were asked to verify, they found that none of the disabled people lived at the addresses provided One Mohammed Ali, employee of IL&FS was arrested in this matter. Later, it was discovered that Mohammed Ali’s employment had been terminated in September of the previous year, and employees at 20 different centres in the city had been using his credentials to login and create Aadhaars. This was supposed to not be possible, but a flaw in the registration software allowed it.
- June 2012: Also in Hyderabad and also IL&FS. Seven were arrested including IL&FS officials and a ration card shop owner, when it was found that an ex-employee borrowed an official laptop to conduct some 60 enrolments, at least 13 of which were fraudulent and for the purposes of ration card fraud. In this case, it appears that the arrested person used his own fingerprints, which is how he was caught, but it is unclear how an ex-operator’s fingerprints were accepted by the system.
- The Aadhaar Aasara scam saw 3 individuals between ages 20 and 30 arrested when it was found that they created fraudulent Aadhaar cards to receive government old age pensions of Rs. 1000 per month to the tune of Rs. 50 lakh.
- The Kanpur Aadhaar enrolment Scam: the software was patched to bypass iris authentication and copies of fingerprints of authorized operators were used to login and create or update Aadhaar cards.
- Videos on YouTube demonstrate patches for the Aadhaar Enrolment software (and updates) and provide PayTM account details to pay for the patch in order to buy it.
- The Asia Times report of cracked ECMP software that worked “out of the box” – it came preconfigured with valid credentials of operators and a patch to bypass geographical restrictions that prevented access from unauthorized locations.
- Biometrics and details of nationalised bank officer Prashant Morvadiya were sold on a pen drive for Rs. 6000 to enable access to update Aadhaar data using his credentials, in a scam the police believe to be operating for a year when it was caught.
- Amroha Aadhaar Enrolment Scam used methods similar to the Kanpur Enrolment Scam, with copies of authorized operator’s fingerprints.
- The UIDAI itself has admitted on 20th June, 2017, that there are reports of biometrics being hacked, which is why it raised the penalty for bypassing biometrics to one lakh. “Due to various cases of bypassing the operator biometric capture being reported, UIDAI has decided to impose a penalty of Rs 100,000 per enrolment station found to be bypassing the operator biometric.”
- Cracked version of the Aadhaar enrolment software being sold on WhatsApp.
- Hundreds of Aadhaar cards found to be made using forged documents in Moga.
The title of this post is inspired by this tweet:
Nandan :- @India_Stack builds digital highways
— Srikanth ஸ்ரீகாந்த் (@logic) May 6, 2018