Alderson hacks another government portal, Aadhaar still not safe

The french security researcher, Baptiste Robert (alias Elliot Alderson on Twitter), brought India’s data security issues into the limelight again. This time he hacked into the Aadhaar app, bypassing the programs password protection protocol within a minute.

The Internet has been in an uproar about how someone can so easily gain access to twenty thousand card specifics in the span of a day.

Speaking to IndiaToday about the vulnerabilities of the Aadhaar app, Robert said, “These cards can be found on the internet. Everything is public, no hack is required. You only need to use Google. These cards have not been found on the UIDAI server.”

Addressing the Aadhaar app in particular, Robert stated, “The main issue with the Aadhaar Android app is that if an attacker has a physical access to the device, he can easily bypass the password mechanism they put in place in the app.”

In their response UIDAI claimed, “Simply knowing someone's Aadhaar, one cannot impersonate and harm the person because Aadhaar alone is not sufficient to prove one's identity but it requires biometrics to authenticate one's Identity.”

Robert retorted, “They (UIDAI) also said that the Aadhaar card is an identity document which is inconsistent with their statement.” 

Basically meaning to address the fact that as long it can be used to establish your identity without biometric verification, the vulnerability of that information poses a serious threat.

To protect users Robert has said, “It's complicated, first don't use the Aadhaar Android App at all, be cautious when you give your Aadhaar card to anyone.” 

Which, is fair enough because a good system can only be successfully implement when there’s faith in its security.  

Meanwhile UIDAI has published an onslaught of tweets explaining how the Aadhaar system isn't vulnerable at all and hasn't been hacked in eight years. 

Earlier this month, Robert hacked into two BSNL portals, gaining access to sensitive employee data and has been warning the concerned departments of the government where their data is unsecured. He’s been known to reach out to the Punjab Police, Telangana Government, Paytm and the Indian Postal Service among many others. Most recently, he highlighted how patient data is at risk through the Apollo Hospitals website. 

Ethically, Robert has been communicating with the concerned organisations on Twitter itself keeping things open and transparent. He’s even publicly said that he’s not in it for the money, but to make data safer for users. 

Prabhjote Gill is the Senior Journalist at Business Insider India. She covering everything space, tech and defence at Business Insider India. She is also in-charge of allocating stories to junior writers.

Latest in Cyber Crime
A person scanning a QR code on a smartphone
Quishing is the new QR code scam you need to watch out for – here's how to stay safe
Ransomware on the rise: how small and medium-sized businesses can achieve cyber resilience during turbulent times
Ransomware on the rise: how small and medium-sized businesses can achieve cyber resilience during turbulent times
Text Phishing Scams
Do not fall for this dangerous Amazon shopping scam
Cyber-security
Safeguarding against next-gen cyber risks
The North Face jacket
Thousands of North Face customers accounts hacked, personal data stolen
Smartphone hacked with data flow in the background
9 signs your phone has been hacked
Latest in News
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently revealing the full cast for Avengers: Doomsday, and I think it's going to be a long-winded announcement
Samsung QN90F on yellow background
Samsung announces US prices for its 2025 mini-LED TV lineup, and it’s good and bad news
Nintendo Switch Lite
Forget the Nintendo Switch 2, the original Switch is getting one last hurrah in a surprise Nintendo Direct tomorrow