 "Identity theft is the biggest threat from Aadhaar, says Robert Baptiste")
Over the past few weeks, an anonymous person, claiming to be a French mobile app developer, has been using his Twitter account to flag security concerns in the Aadhaar system. Recently, the account released a video showing a hack into the Aadhaar application (app). The Unique Identification Authority of India (UIDAI) has maintained that Aadhaar remains safe and secure. Mayank Jain spoke to Robert Baptiste, the man behind the Twitter account called ‘Elliot Alderson’, to understand the way forward for citizens to keep their information safe. Edited excerpts:
Why are you interested in Aadhaar?
I am a freelance Android developer. Someone asked me to check the Aadhaar app. This is how I found security flaws and loopholes.
Have you found any significant vulnerabilities in the system?
I looked at the Android app, not the Aadhaar system as a whole, and found a lot of security issues that need to be fixed as soon as possible.
Did you convey these findings to the UIDAI?
I published all my findings on Twitter, tagging the UIDAI. I asked them to take action but they never responded.
Why did you publish the details and how can people protect their data?
I want to help citizens and the government to protect data. I want to spread the word that security cannot be taken lightly. To protect their data, especially Aadhaar, people have to be careful about what information they provide to third parties, who are happy to collect this data.
In the light of these vulnerabilities, how secure is Aadhaar?
The biggest issue is with third party companies collecting Aadhaar data. Aadhaar numbers are spread among companies, some of which have poor security. This can be a serious threat for citizens.
Any substantial danger to people’s lives from these security flaws?
The biggest threat from Aadhaar is of identity theft.
Are you open to working with authorities to fix the system?
I am open to working with any authority on fixing these issues. This is the goal of my efforts. I want to communicate with them and help fix the flaws before someone exploits.
The implications of your findings?
By tampering with the app, you can bypass the password protection. It is easy for a developer to do this. When inside, you can access a person’s Aadhaar details and impersonate them.
Are you scared of being legally prosecuted for exposing vulnerabilities in the Aadhaar system?
I would not be doing this if I were scared of consequences.
Why are you interested in Aadhaar?
I am a freelance Android developer. Someone asked me to check the Aadhaar app. This is how I found security flaws and loopholes.
Have you found any significant vulnerabilities in the system?
I looked at the Android app, not the Aadhaar system as a whole, and found a lot of security issues that need to be fixed as soon as possible.
Did you convey these findings to the UIDAI?
I published all my findings on Twitter, tagging the UIDAI. I asked them to take action but they never responded.
Why did you publish the details and how can people protect their data?
I want to help citizens and the government to protect data. I want to spread the word that security cannot be taken lightly. To protect their data, especially Aadhaar, people have to be careful about what information they provide to third parties, who are happy to collect this data.
In the light of these vulnerabilities, how secure is Aadhaar?
The biggest issue is with third party companies collecting Aadhaar data. Aadhaar numbers are spread among companies, some of which have poor security. This can be a serious threat for citizens.
Any substantial danger to people’s lives from these security flaws?
The biggest threat from Aadhaar is of identity theft.
Are you open to working with authorities to fix the system?
I am open to working with any authority on fixing these issues. This is the goal of my efforts. I want to communicate with them and help fix the flaws before someone exploits.
The implications of your findings?
By tampering with the app, you can bypass the password protection. It is easy for a developer to do this. When inside, you can access a person’s Aadhaar details and impersonate them.
Are you scared of being legally prosecuted for exposing vulnerabilities in the Aadhaar system?
I would not be doing this if I were scared of consequences.
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%