Aadhaar enrollment operators use a software provided by the UIDAI to collect or update information about individuals to be entered or updated into the Aadhaar database. This software is called the ECMP (Enrollment Client Multi Platform) and the UIDAI has claimed in the Supreme Court that it is extremely secure, to the point that not even the enrollment operators have access to the biometrics collected by the software.
The software uses the Aadhaar operator’s biometrics to grant them access to perform enrollments or updation.
This software is now reported to be cracked and available to buy illegally in the form of a “jailbreak” version. WhatsApp groups of former Aadhaar operators have this software for sale for as little as Rs. 500 to 2000 a copy, Asia Times reports.
Details provided by the Asia Times report show that the security measures to prevent unauthorized access have been bypassed, as the cracked software comes preconfigured with valid biometrics and user credentials of authorized operators. A patch bypasses the geo-location constraints coded into the original software, allowing the illegal users to bypass checks that restrict access to authorized locations and centres.
If, this is correct, the UIDAI, may not be able to identify either those who created and distributed the software, or those who use it, as the identifying details being sent by the software are manipulated to reflect authorized operators.
The Asia Times claims to have had the software examined by two information security professionals who confirmed that the software had been successfully cracked and that the “Jailbreak” version of UIDAI’s ECMP software does indeed do what it promises – to allow anyone to access the system as an Aadhaar operator and register or update Aadhaar numbers as any authorized Aadhaar operator can do.
According to the experts Asia Times spoke with, who examined the cracked software, the disabling of UIDAI’s security is so complete that anyone could update the Aadhaar data from anywhere in the world without even have ever been to India.
This, of course is a better quality of cracked software than the one that bypassed iris authentication that was used in the Kanpur Aadhaar Enrolment Scam (Update: as well as in the Amroha Aadhaar Enrolment Scam)