India is a country with a population of 2 world ranking. With a population of about 1.32 billion people more than 2 times the population in all countries in the Southeast Asian region, a combination that makes a database about this country’s population, is a gigantic storehouse of information. Collecting and caring for it is not easy, Recently, the Indian government missed makes database people leaked.
To deal with the enormous demographic The Indian government has set up Aadhaar central database that collects national data, personal identification information, including the identity of the biological fingerprint. And iris scans India, with a population of about 1.1 billion people are registered in the database of identity Aadhaar this.
Karan Saini, a security researcher from New Delhi informed that now the Aadhaar database, which is maintained by a private company named Indane under the supervision of the government. Vulnerable to no good can download the personal data of those registered in the system, everyone gets the name, identification number. As well as other information linked to the Aadhaar database such as bank account numbers. Payment services for utilities
Access to such data By the way, the endpoint of the API Indane used to verify the identity of the registration in the database endpoint problem is a url in a web of Indane themselves without protection against unauthorized access by third parties, the endpoint is open. to access the database by passwords embedded in the code (hardcoded access token) which decrypts the message. “INDAADHAARSECURESTATUS,” a direct and clear on who has access to this endpoint will find the Indian people from the database, you can do it without Aadhaar authentication to verify identity over the search again.
Although the information is required from the Aadhaar identification number of the correct information in order to get results with real data, but Saini said that this is not a hindrance at all. When accessing the database via the endpoint has been searching for this information, it did not do so. Because the system does not limit the amount of time in finding information. As long as the person has to do is wait for the random identification number would be millions of times. He said that with just one computer. He will find it thousands of times per minute
Saini also said that with the consent of his friends. He tried to find the friend of Aadhaar, which found the name, last name, ID number (customer number Indane used to identify individuals who are enrolled in Aadhaar) including bank account information, friends said. He has a display screen part he found the information
The UIDAI (Unique Identification Authority of India), the government agency responsible for personal information, identity of the Indian government. Has come out forcefully deny this. By posting a statement that the Aadhaar database does not leak.