Researcher- mAadhaar app Vulnerable to hacking due to bad coding

The uniqueness of the UIDAI’s app mAadhaar : allows people to feed their demographic information in this app along with the 12-digit Aadhaar card number in a digital format. Recently, it was reported by Robert Baptiste, a French security researcher that the mAadhaar app is under a threat of data leak. Baptiste reportedly posted a minute video on Twitter in which he portrayed the loopholes in the security of this app.

This loophole has brought one million users under constant vulnerability of their data hacking. Not to forget this data is linked to their bank accounts as well. He also mentioned that it is due to the carelessness in coding of this app which welcomes the hackers to bypass its password mechanism.

TECHGY_ mAadhaar's security was detected with some flaws which can be attached by hackers
Image Courtesy: alldigitaltricks.com

On Tuesday, Robert demonstrated the flaws hindering the security of the updated version of mAadhaar. Just a 1:18 minutes video was enough to bring  one million user’s data under threat openly.

“The main issue with the Aadhaar Android app is that if an attacker has a physical access to the device, he can easily bypass the password mechanism of the app,” Baptiste tweeted.

To cope up with this security issue, UIDAI has plans to add an additional layer of security called the Virtual-Id. However, it is unclear that this security update will give a solution to the persisting problem.  Until now, the mAadhaar is known to store, user password data (hash), notification, Ki value, electronic-Know Your Customer (e-KYC) profile data, Biometrics, Bio Lock Timeout and the App Configuration.

The e-KYC was a new rule implemented recently. It contains information including “User Id, Aadhaar Id Name, date of birth, gender, address and photo. UIDAI stores these biometric data in the user’s phone and if the phone is compromised, so is the information,” described the cybersecurity researcher.

It was not the first time that Robert brought out the flaws into public. In the month of January, he indicated four major defects which came along with the coding issue. Afterwhich, the defects were fixed with a new update.

The mAadhaar app was designed officially by Unique Identification Authority of India (UIDAI). This application was launched in the mid week of July, 2017. UIDAI realised the importance of Aadhaar card for regular citizens and hence developed this app. With this tool users can avoid carrying an Aadhaar card everyday which may get misplaced. The app saves information like  name, date of birth, gender & address along with photograph as linked with their Aadhaar Number in smart phones. Surprisingly, mAadhar seems to have more affection towards android users. As, mAadhar is not available for iOS users. I

If you want to download mAadhar app for iOS as well, click here for instructions.

In current phase of India, linking of Aadhaar card with all the necessary services providers has become mandatory. You might have also felt that linking of Aadhaar has become self proclaimed by the service providing companies. However, the deadline for linking Aadhaars has been extended till a legal judgement is passed. Aadhaar was launched in the year 2009.