The Unique Identification Authority of India (UIDAI) might have to answer questions as new report claims to have found a new security flaw in the Aadhaar identity database.
According to a three-month long investigation by HuffPost India, biometrics and personal information of over 1 billion Indians, has been compromised by a software patch that disables critical security features of the software used to enroll new Aadhaar users.
What is rather surprising is the fact that the patch is freely available for as little as Rs 2,500. This opens up the vulnerability to unknown people, who can generate Aadhaar numbers at will, and is still in widespread use, added the report.
The news of the Aadhaar patch emerges just a few days before the launch of the face recognition facility in the country.
Aadhaar-issuing body UIDAI recently announced a phased rollout of face recognition feature as an additional mode of authentication, starting with telecom service providers from September 15. The Authority had earlier planned to roll out face recognition feature from July 1, a target that was later pushed to August 1.
UIDAI proposed a two-factor authentication for use of face recognition by telcos, where an individual provides an Aadhaar number, the authentication will be done using fingerprint or iris and face. For individuals providing Virtual ID, the authentication can be on basis of fingerprint or iris. UIDAI said in case where an individual is unable to authenticate fingerprint or iris, face authentication can be used as an additional mode, to make the system more inclusive.
For authentication agencies other than telecom service providers (TSPs), UIDAI said specific instructions would be issued on implementation of face authentication feature, but did not give a fresh deadline.
Significantly, the Unique Identification Authority of India (UIDAI) has further said 'live face photo' capture and its verification with the photo obtained in eKYC will be essential in those cases where Aadhaar is used for issuance of mobile SIMs.
