'Crooks Exploiting Tech Vulnerabilities in Aadhaar System,' Delhi Police Writes to UIDAI

In an instance cited by Delhi Police, it notes that as many as 12 bank accounts were opened under the names of different persons, even though the photographs on the Aadhaar cards were all of the same individual's.

New Delhi: The Delhi Police has flagged several alleged vulnerabilities in the Aadhaar system that are being exploited by crooks, Times of India has reported.

Police investigation into recent cases, including a bank fraud, has allegedly led it to discover vulnerabilities like the fact that the Unique Identification Authority of India system was not matching facial biometrics while generating IDs.

As many as 12 bank accounts had been opened under the names of different persons, even though the photographs on the Aadhaar cards were all of the same individual’s, police told the UIDAI in a note, accessed by the paper.

Miscreants are also allegedly using credentials of authorised Aadhaar agents, who can log in only from a government institution. To bypass GPS tagging, miscreants reconfigured their laptops repeatedly to sync them with designated government institutions.

The Aadhaar system is also, notably, unable to differentiate between a silicone fingerprint and live fingerprint. This led miscreants to use silicone prints of pliant authorised agents, cops said. The same goes for iris scans, which are supposed to figure out if a live person has appeared. However, this check can be fooled with the use of colour print outs of people.

Among discoveries was also the fact that the Aadhaar system considered the 10 fingers of an individual as one single identity and not as 10 different identities. Thus, several cards were issued to individuals who switched up their finger prints, eg. placed their index at the ring finger slot.

In 2018, the UIDAI itself had submitted to the Supreme Court that authentication failure rates are as high as 6% for fingerprints and 8.5% for iris.

Among Aadhaar’s various critiques is its technical inadequacy.

The Wire, among other news outlets, has covered Aadhaar fraud, including the crime of faking cards or mass producing them.

Debates have been rife on how the system impinges on people’s privacy while at once having large data security gaps.