New Delhi: The Delhi Police has learned that several vulnerabilities have been detected in the system of the Unique Identification Authority of India (UIDAI). This has allowed unscrupulous elements to exploit the Aadhaar service in various ways. In some of the recent cases, these lapses were detected during investigation.
During the investigation of a bank fraud, the police found a major vulnerability that the Aadhaar system was not matching facial biometrics while generating IDs for any individual.
“We observed that 12 bank accounts were opened digitally in the names of different persons after verification from the Aadhaar database, whereas the photographs on all the Aadhaar cards were of the same person. Thus, it became clear that it was multiple Aadhaar It is possible for the cards, a note prepared by the police for the UIDAI, to be generated by a single individual, where the fingerprints are different in each, but the photograph remains the same.
During investigation, the police found that the miscreants were using the credential details of authorized agents, who had given them printouts of their silicon fingerprint and IRIS scans, and laptops configured for them.
“According to UIDAI, authorized agents can log in or work only from a government institution or locations and their GPS location is to be captured by the system. To bypass the GPS system, miscreants configure once in 2-3 days Took the laptop. To the designated government institution/office and synced the machine. Through this process, the machine picked up the GPS of the government office for the next 2-3 days,” the note says.
Also, the system is unable to differentiate between a person’s silicon fingerprint and a live fingerprint. The miscreants were able to enter the UIDAI system using the silicon fingerprints given to them by the authorized agents.
“The UIDAI system is also unable to trace the scanned copy of the IRIS scan. IRIS scan is a biometric feature capable of detecting whether a person is alive and sitting in front of the machine to log in to the system. But These individuals were using color printouts of the IRIS scan to log in and were not detected by the system,” the note adds.
According to the police, the miscreants were also able to edit/upload photographs of 12 entities in UIDAI’s database. “Prima facie, it is clear that the UIDAI system is not matching the facial biometric features in its database and the accused persons were able to upload their photographs,” the note said.
The police also said that after discussion with Aadhaar officials, it was found that the Aadhaar system treated 10 fingerprints of a person as a single identity and not 10 different unique identities. Fraudsters were aware of this and created multiple Aadhaar cards by alternating fingerprints or by mixing fingerprints of one person with another.
During the investigation of a bank fraud, the police found a major vulnerability that the Aadhaar system was not matching facial biometrics while generating IDs for any individual.
“We observed that 12 bank accounts were opened digitally in the names of different persons after verification from the Aadhaar database, whereas the photographs on all the Aadhaar cards were of the same person. Thus, it became clear that it was multiple Aadhaar It is possible for the cards, a note prepared by the police for the UIDAI, to be generated by a single individual, where the fingerprints are different in each, but the photograph remains the same.
During investigation, the police found that the miscreants were using the credential details of authorized agents, who had given them printouts of their silicon fingerprint and IRIS scans, and laptops configured for them.
“According to UIDAI, authorized agents can log in or work only from a government institution or locations and their GPS location is to be captured by the system. To bypass the GPS system, miscreants configure once in 2-3 days Took the laptop. To the designated government institution/office and synced the machine. Through this process, the machine picked up the GPS of the government office for the next 2-3 days,” the note says.
Also, the system is unable to differentiate between a person’s silicon fingerprint and a live fingerprint. The miscreants were able to enter the UIDAI system using the silicon fingerprints given to them by the authorized agents.
“The UIDAI system is also unable to trace the scanned copy of the IRIS scan. IRIS scan is a biometric feature capable of detecting whether a person is alive and sitting in front of the machine to log in to the system. But These individuals were using color printouts of the IRIS scan to log in and were not detected by the system,” the note adds.
According to the police, the miscreants were also able to edit/upload photographs of 12 entities in UIDAI’s database. “Prima facie, it is clear that the UIDAI system is not matching the facial biometric features in its database and the accused persons were able to upload their photographs,” the note said.
The police also said that after discussion with Aadhaar officials, it was found that the Aadhaar system treated 10 fingerprints of a person as a single identity and not 10 different unique identities. Fraudsters were aware of this and created multiple Aadhaar cards by alternating fingerprints or by mixing fingerprints of one person with another.