UIDAI Left Red-Faced as mAadhaar Security Is Exposed by 'Elliot Alderson' Again

UIDAI'southward claims of hack-proof nature of the Aadhaar database and the mAadhaar app's robust security has been debunked time and once more, just UIDAI has always been in denial manner. One person in particular, Baptiste Robert aka Twitter'southward Elliot Alderson, a French cybersecurity expert has warned about vulnerabilities in the mAadhaar app as well equally other Indian apps and services multiple times. Just despite his claims of finding Aadhaar data in the wild, UIDAI maintained that Aadhaar and UID remains very secure in a long Tweetstorm last week.

Alderson today released a video in response to UIDAI'due south boastful claims of security. Titled "How to bypass the password protection of the official Aadhaar android app in one minute.", it details a relatively simple method to evade the mAadhaar app's so-called robust security measures.

How to bypass the password protection of the official #Aadhaar #android #app in 1 minute.
For this attack, the attacker demand a physical admission to the phone, rooted phone is non needed and yep this is the latest version of the app.
cc @uidai @ceo_uidai pic.twitter.com/7aZ0fvr0Wv

— Baptiste Robert (@fs0c131y) March 13, 2018

Only a few lines of code are needed to bypass the password security protocol of the app, which is an elementary error. As per the video uploaded by Alderson, i only needs to have concrete access to someone's smartphone which has a modded mAadhaar app installed on it. Once a command, which is nothing more than a few lines of code, is executed, the mAadhaar app takes the hacker straight to the countersign reset page, without even asking to enter details like Aadhaar number and the old password.

The APK used has been tampered. To bear the attack, the attacker will demand this APK + a concrete access to the victim phone

— Baptiste Robert (@fs0c131y) March 13, 2018

Moreover, one does non even have to root the stolen smartphone or perform complex hacking steps to bypass the mAadhaar app's security firewall and access the Aadhaar details. The sheer ease with which the app's poor security has been dodged is scary, and will surely give more sleepless nights to UIDAI chief Ajay Bhushan Pandey.

UIDAI's attitude towards the security expert's actions has been 'unfriendly' to say the least, indirectly labeling him as an 'unscrupulous chemical element' whose claims should non exist taken seriously. Well, now that the video has surfaced and has seemingly laid bare the truth of UIDAI'due south claims, information technology remains to exist seen what tempest it stirs and what lesson UIDAI learns from the bitter realization.