1. Home
  2. Bengaluru: 31-yr-old techie arrested for accessing Aadhaar data

Bengaluru: 31-yr-old techie arrested for accessing Aadhaar data

coastaldigest.com news network
August 4, 2017

Bengaluru, Aug 4: Bengaluru city police has arrested a young techie on the charge of accessing Aadhaar data following a complaint filed by the Unique Identification Authority of India (UIDAI) last week.

The arrested is Abhinav Srivastav, 31, an IIT-Kharagpur graduate, who is currently employed by ANI Technologies, which owns the Ola brand, as a software development engineer. He has been accused of accessing Aadhaar information in January 2017 through an app named ‘Aadhaar e-KYC’, which was available on the Google Play store till recently.

Police said Srivastav had developed five apps and made ₹40,000 from advertisements displayed on them. Police are now scanning all his apps to see whether more violations were committed. The Aadhaar e-KYC app was downloaded over 50,000 times from the Google Play store since its launch in January, the police said.

City Police Commissioner T. Suneel Kumar said that based on the complaint, six teams of police comprising 26 personnel were formed to nab Srivastav and they tracked him down to Koramangala after a week. He has been accused of using the services of another app, ‘e-hospital’, which is listed as an authenticated user agency (AUA) authorised to access UIDAI data.

A senior police officer said there were around 400 entities that have been authorised to access the data for authentication. Srivastav’s company was not among those authorised.

A native of Kanpur, Srivastav completed his M.Sc. in Industrial Chemistry from IIT-Kharagpur and joined a private firm in 2010 as a security researcher. He launched Qarth technologies in 2012 and shut it down in 2016 owing to financial reasons. In March 2016, Ola announced that it had acquired Qarth and its mobile payments product, X-Pay. Srivastav then joined another private firm before joining ANI Technologies last year.

Investigation revealed that the e-hospital company is not aware of his activities. However, further probe is on to ascertain the facts.

The ability of a software engineer to bypass strict protocols set in place by the UIDAI to access critical data puts the spotlight firmly on the security measures employed to protect Aadhaar data.

Police investigation have revealed that Srivastav had piggy-backed on the infrastructure of another app for hacking the data base.

“Aadhaar related information, legally housed by the National Informatics Centre server, was illegally and without authorisation accessed and used to support this mobile application,” said the police statement.

Srivastav, in order to give his ‘Aadhaar e-KYC’ app an air of authenticity, hacked into the server of the NIC, which houses the e-hospital system, which is a solution for government hospitals to handle patient care and other services, including medical records management.

As part of its regulations, the UIDAI accords certain agencies the title of an AUA, which can then provide Aadhaar-enabled services to the cardholder. For authentication, these agencies have to connect to the Central Identities Data Repository (CIDR) through the services of a Authentication Service Agency (ASA). ASAs are bound by regulations that stipulate encryption of data and logging of access.

The 'e-hospital’ platform had access as a registered AUA. Srivastav used this server to route his app requests for data access and managed to steal the data, the police said.

Question raised

In 2016, a paper titled ‘Privacy and Security of Aadhaar: A Computer Science Perspective’ by the Computer Science and Engineering Department of IIT-Delhi raised the question of leakage of Aadhaar number from an AUA.

The paper, which also discusses several other possible threat scenarios, said, “This, however, does not fully mitigate the risks and the possibility of leakage of the Aadhaar number from an AUA, either from the database, or during “Know Your Customer” (KYC) processes, or even during availing services, cannot be ruled out. In particular, there appear to be no safeguards or even guidelines, either technical or legal, on how the Aadhaar number should be maintained and used by various AUAs in a cryptographically secure way, and how to prevent the Aadhaar number of an individual from becoming public.”

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
July 6,2020

Bengaluru, Jul 6: Criminal cases will be registered against private hospitals that refuse treatment to COVID-19 patients, Medical Education Minister Dr K Sudhakar said on Sunday.

Addressing a press conference here at Vidhana Soudha, he said: "No hospital should refuse to admit patients and if any hospital is found denying treatment criminal cases will be registered against them."

He spoke to media persons after returning from his surprise visit to Jayanagar General Hospital and Rajiv Gandhi Chest Hospital responded to the questions regarding private hospitals refusing to treat covid patients.

"The government has come up with 6 different systems for treatment of COVID-19 patients. COVID care centres, government medical colleges, private medical college, government hospitals, corporate hospitals and home isolation with proper facilities and according to government guidelines," the minister added.

Dr Sudhakar gave the statistics of 4 metropolitan cities in the country including Delhi, Mumbai, Chennai and Bengaluru.

"Bengaluru's and the mortality rate is the lowest at 1.46%. The aim is to increase testing by optimal utilisation of capacity especially in private labs. Once we increase testing, it is natural that the positive cases will also increase," he said.

"So citizens need not panic due to this but should take all precautionary measures. He advised to get tested in the nearest fever clinics as soon as any symptoms like cough, fever etc are found. Guidelines regarding the home isolation will be released soon," the minister said.

He announced that 400 ambulances will be deployed in Bengaluru and 2 each for every ward.

He said that the government recommended patients at private hospitals will be provided with insurance under Suvarna Arogya Suraksha Trust.

"If private hospitals refuse to admit the patients, call 1912 helpline to get assistance. If admitted in Private hospital voluntarily the treatment cost will be borne by patients as per the rates fixed by the government," Sudhakar said.

He said that the cost of testing at private labs has been capped at Rs 2,200 as per test.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
June 4,2020

Udupi, Jun 4: Karnataka Medical Education Minister Dr K Sudhakhar on Wednesday said that he will take up an issue before a high-powered committee on COVID-19 to find out the possibility of imposing lockdown on a particular house of the person infected with the virus instead of sealing down of entire areas.

Talking to reporters here on Tuesday after reviewing the district's prevailing COVID situation, the minister said the concept and modalities of declaring any area as containment zone has undergone changes in the last two months.

"Hitherto, we were declaring the entire area as the containment zone after detection of coronavirus positive cases. Subsequently, the area of the containment zone was decreased from the whole area to a particular street," the Minister said.

"Now, BJP MLA Raghupati Bhat has given a suggestion to seal down a particular house of the positive patient which would be taken up before the high-powered panel. The district administration concerned could supply all essential items to the particular family," he said.

He further said that the Union government has been providing all facilities to all the states to deal with the situation."

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
March 10,2020

Mangaluru, Mar 10: Tension prevailed in the city after an international flyer quarantined at the District Wenlock Hospital walked out of the facility.

The passenger, with a recent travel history to high-risk countries, refused to cooperate with health officials. The day-long drama ended when the district administration intervened and the flyer agreed to get himself re-admitted.

Deputy commissioner Sindhu B Rupesh said the passenger had fever and was sent to an isolation ward. “The passenger is cooperating with the treatment and samples have been collected for testing,” she said. The samples will be sent to a testing centre in Bengaluru.

Sources told  that rude behaviour by staff at Mangalore International Airport may have angered the passenger and he walked out of the quarantine facility.

She said if passengers show reluctance to be screened, they should first be counselled and allowed to get themselves admitted to a hospital of their choice with quarantine facility. If they still refuse to cooperate, they will have to be hospitalised forcefully, she added.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.