1. Home
  2. Bengaluru: 31-yr-old techie arrested for accessing Aadhaar data

Bengaluru: 31-yr-old techie arrested for accessing Aadhaar data

coastaldigest.com news network
August 4, 2017

Bengaluru, Aug 4: Bengaluru city police has arrested a young techie on the charge of accessing Aadhaar data following a complaint filed by the Unique Identification Authority of India (UIDAI) last week.

The arrested is Abhinav Srivastav, 31, an IIT-Kharagpur graduate, who is currently employed by ANI Technologies, which owns the Ola brand, as a software development engineer. He has been accused of accessing Aadhaar information in January 2017 through an app named ‘Aadhaar e-KYC’, which was available on the Google Play store till recently.

Police said Srivastav had developed five apps and made ₹40,000 from advertisements displayed on them. Police are now scanning all his apps to see whether more violations were committed. The Aadhaar e-KYC app was downloaded over 50,000 times from the Google Play store since its launch in January, the police said.

City Police Commissioner T. Suneel Kumar said that based on the complaint, six teams of police comprising 26 personnel were formed to nab Srivastav and they tracked him down to Koramangala after a week. He has been accused of using the services of another app, ‘e-hospital’, which is listed as an authenticated user agency (AUA) authorised to access UIDAI data.

A senior police officer said there were around 400 entities that have been authorised to access the data for authentication. Srivastav’s company was not among those authorised.

A native of Kanpur, Srivastav completed his M.Sc. in Industrial Chemistry from IIT-Kharagpur and joined a private firm in 2010 as a security researcher. He launched Qarth technologies in 2012 and shut it down in 2016 owing to financial reasons. In March 2016, Ola announced that it had acquired Qarth and its mobile payments product, X-Pay. Srivastav then joined another private firm before joining ANI Technologies last year.

Investigation revealed that the e-hospital company is not aware of his activities. However, further probe is on to ascertain the facts.

The ability of a software engineer to bypass strict protocols set in place by the UIDAI to access critical data puts the spotlight firmly on the security measures employed to protect Aadhaar data.

Police investigation have revealed that Srivastav had piggy-backed on the infrastructure of another app for hacking the data base.

“Aadhaar related information, legally housed by the National Informatics Centre server, was illegally and without authorisation accessed and used to support this mobile application,” said the police statement.

Srivastav, in order to give his ‘Aadhaar e-KYC’ app an air of authenticity, hacked into the server of the NIC, which houses the e-hospital system, which is a solution for government hospitals to handle patient care and other services, including medical records management.

As part of its regulations, the UIDAI accords certain agencies the title of an AUA, which can then provide Aadhaar-enabled services to the cardholder. For authentication, these agencies have to connect to the Central Identities Data Repository (CIDR) through the services of a Authentication Service Agency (ASA). ASAs are bound by regulations that stipulate encryption of data and logging of access.

The 'e-hospital’ platform had access as a registered AUA. Srivastav used this server to route his app requests for data access and managed to steal the data, the police said.

Question raised

In 2016, a paper titled ‘Privacy and Security of Aadhaar: A Computer Science Perspective’ by the Computer Science and Engineering Department of IIT-Delhi raised the question of leakage of Aadhaar number from an AUA.

The paper, which also discusses several other possible threat scenarios, said, “This, however, does not fully mitigate the risks and the possibility of leakage of the Aadhaar number from an AUA, either from the database, or during “Know Your Customer” (KYC) processes, or even during availing services, cannot be ruled out. In particular, there appear to be no safeguards or even guidelines, either technical or legal, on how the Aadhaar number should be maintained and used by various AUAs in a cryptographically secure way, and how to prevent the Aadhaar number of an individual from becoming public.”

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
May 1,2020

Mangaluru, May 1: Dakshina Kannada on Friday two more positive cases of coronavirus in the district, taking the total number of cases to 24.

According to the state health bulletin, the 62-year old husband of the 58-year old woman of Boloor who tested positive for COVID-19 on Thursday, also tested positive for the virus.

Another 69-year old patient hailing from Kasaba in Bantwal Taluk also tested positive for the infection.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
February 12,2020

Mangaluru, Feb 12: More than 7,000 people at Mangalore International Airport (MIA) and over 1,000 at the New Mangalore Port (NMP) have undergone thermal screening for the novel coronavirus in the past few days, a taluk health official said on Wednesday.

A few more ships are scheduled to arrive at the port and all precautionary measures to check the ship’s passengers and crew are ready, he said.

Soon after a positive case of deadly pathogen surfaced in Kerala, the district health officials here actively started monitoring all entry points in the bordering district. 

Apart from Mangaluru, there is bus connectivity to Puttur, Sullia, Bantwal, Dharmasthala and Subrahmanya from Kerala. More than eight to 10 trains arrive at Mangaluru daily from Kerala.

Hence, it is impossible to take up screening of all the vehicles arriving from Kerala, sources in District Health and Family Welfare said.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
July 1,2020

Bengaluru, Jul 1: Karnataka Primary and Secondary Education Minister S Suresh Kumar on Wednesday played down reports about confusion regarding valuation of Second Pre- University and the Secondary School Leaving Certificate exam papers.

"Creating confusion has become a habit. There was confusion before the exam, during the exam and now confusion about the valuation of the exam papers," Kumar told reporters in Ramanagara when asked about the confusion over the valuation of answer sheets.

He had gone there to inspect a few centres where the SSLC or the 10th standard exams are underway.

The minister reminded people not to speak about the abilities of the students with contempt.

"Our students have toiled hard and are enthusiastically appearing for the examination. They are eligible for the marks they will score. So we should not speak about our children with disrespect," Kumar said.

The Education Minister said he had spoken to many leaders including former chief ministers Siddaramaiah and H D Kumaraswamy on conducting the examinations.

"Kumaraswamy had insisted on postponing the examination. I personally spoke to him and apprised him about the steps taken by us. I told him that we will work with more sincerity to ensure the safety of the children," Kumar said.

The SSLC exam was scheduled to take place from March 27 but due to the coronavirus-induced lockdown, it was postponed.

While the CBSE and a few other states either decided to give marks based on the students' performance in the previous examinations such as quarterly and half-yearly exams or gave general promotion to the students, Karnataka went ahead to hold the exam.

According to Karnataka Secondary Education Examination Board officials, around 8.5 lakh students have enrolled this year for the SSLC examination.

The exams are being held at 2,879 exam centres across the state.

Prior to the SSLC examination, the last exam of the Second PUC was also conducted on June 18, which was also put on hold due to the lockdown.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.