The Delhi Police have identified several vulnerabilities in the Unique Identification Authority of India (UIDAI)’s system that allow dishonest individuals to exploit the Aadhaar service in different ways. The loopholes, discovered during investigations into recent cases, have raised concerns about security and privacy in the use of Aadhaar cards.
One major vulnerability uncovered during a bank fraud investigation was that the Aadhaar system was not performing facial biometrics matching when generating an ID for an individual. This flaw allowed unscrupulous people to create multiple Aadhaar cards, with different fingerprints but the same photograph, leading to the opening of bank accounts by different persons with the same image on their Aadhaar cards.
The police found that some criminals were using the credentials of authorized agents to access the UIDAI system. They obtained the agents’ silicon fingerprints and printouts of the IRIS scan, along with laptops configured to them. To bypass the GPS tracking implemented in the system, the crooks took the configured laptop once in two to three days to the designated government office and synchronized the system. The laptop would then pick up the GPS of the government office for the next two to three days, allowing the thieves to escape detection.
Moreover, the system was not able to differentiate between the silicon fingerprint and a live fingerprint of an individual. The fraudsters were able to log into the UIDAI system using the silicon fingerprints given to them by the authorized agents. The system was also unable to recognize the scan copy of IRIS Scan properly. However, criminals were able to use scanned color printouts of the image to log in undetected.
The police also discovered that the UIDAI system is not matching the facial biometric features in their database, and the accused persons were able to upload their photographs onto the database. Furthermore, after consulting with Aadhaar officials, it was found that the Aadhaar system was treating an individual’s ten fingerprints as a single identity, not as ten different unique identities. Consequently, the fraudsters were mixing fingerprints or placing them alternatively to create several Aadhaar cards with different fingerprints but the same photograph.
These findings highlight the need to strengthen the security and integrity of the UIDAI system, given its critical role in enabling individuals to access essential services such as banking, healthcare, and government subsidies. Aadhaar officials must urgently address these vulnerabilities, and the government needs to ensure that the UIDAI system is designed to safeguard individuals’ personal information and privacy. Such measures would bolster trust and confidence in the Aadhaar system, promoting its widespread adoption for the greater good of society.
