
Fresh concerns after cops bust gang cloning fingerprints of Aadhaar operators
The arrest of 10 men for allegedly cloning fingerprints to subvert Aadhaar’s vaunted biometric-based security system has revealed fresh vulnerabilities in India’s controversial identity project.
On Sunday, the Uttar Pradesh police announced they had busted a Lucknow-based gang, which stole the fingerprints of authorised Aadhaar enrolment operators.
These fingerprints were cloned and used to access the Unique Identification Authority of India (UIDAI)’s enrolment service to create “fake” Aadhaar numbers.
“The gang hijacked the fingerprints and login-ids of Aadhaar enrolment operators, and also bypassed UIDAI’s iris-scan based security,” Uttar Pradesh’s additional superintendent of police for cybercrime, Dr Triveni Singh, told HT, describing a modus-operandi that sounded like the plot of a sci-fi movie.
The arrests were made on the basis of a complaint filed by the Unique Identification Authority of India on August 16 this year. In a press note, the UIDAI said “the attempt to generate fake Aadhaar card was foiled by the robust UIDAI system”.
However, experts say the arrests point to the inherent vulnerability of Aadhaar’s architecture.
Modus operandi
Enrolling a fresh user to the Aadhaar database requires the presence of an authorised enrolment operator, who accesses the UIDAI system using his fingerprints and a scan of his retina.
In the Lucknow case, the police said, the gang acquired images of the fingerprints of Aadhaar enrolment operators, printed these images on butter-paper, and placed these prints on a sheet of a light-sensitive resin which was then exposed to ultra-violet light.
The cloned fingerprint obtained at the end of this process, Dr Singh said, looks like an office rubber-stamp that can be pressed down on a biometric reader.
When the police raided the gang’s premises, they confiscated 46 such fingerprint stamps.
The hackers also devised a way to subvert the retina-scan requirement. “We are on the lookout for the software developer who helped them bypass the retina-scan,” Dr Singh said, adding that fingerprint stamps and technical knowhow was widely distributed to allow multiple logins and enrolments using the stolen credentials.
Security experts have repeatedly pointed to the inherent vulnerability of systems like Aadhaar that rely on biometric security.
“Biometrics are public information as they can be captured and replicated using a high resolution camera,” said Subhashis Banerjee, Professor of Computer Science Engineering at IIT Delhi, “Using biometrics alone as a passcode is conceptually flawed.”
However, many new applications like the Aadhaar-Enabled Payment System (AEPS) use biometrics as the sole authenticator for financial transactions.
Prof. Banerjee said biometric theft was likely to increase as the widespread adoption of aadhaar, particularly for financial transactions, would increase the incentives for criminal activity.

Gadkari urges MSMEs to avail concessional finance and install rooftop solar

C'garh govt will bear cost of Covid-19 vaccination, says chief minister

PM Modi to inaugurate 1st digital toy fair on February 27: All you need to know

Workers block NH-16, call for bandh to protest privatisation of Vizag Steel
- Ignoring the continuous protests by the workers of the plant, the Centre has begun the exercise of disinvestment in the steel plant.

Health ministry says over 1.37 crore Covid-19 vaccine doses administered

In past 3 months, Feb registers highest number of travellers in India: Report
- According to the report, bookings surged in Goa for both February 15 and February 22 by over 20%.

'Together in fight against pandemic': PM Modi thanks WHO chief on Covax delivery

New rules for social media, OTT require right implementation: Nasscom

News updates from HT: Maharashtra records 8000 new cases of Covid-19
- Here are today’s top news, analysis, and opinion. Know all about the latest news and other news updates from Hindustan Times.

Congress prepared for upcoming state elections, says KC Venugopal

India extends ban on international flights till March 31

Everyone talking about miracle in Surat: Kejriwal on AAP's Gujarat performance

Maharashtra records over 8,000 fresh Covid-19 cases again, 1,035 cases in Mumbai

Dharavi reports 16 coronavirus cases, highest spike in four months
