1. Home
  2. Bengaluru: 31-yr-old techie arrested for accessing Aadhaar data

Bengaluru: 31-yr-old techie arrested for accessing Aadhaar data

coastaldigest.com news network
August 4, 2017

Bengaluru, Aug 4: Bengaluru city police has arrested a young techie on the charge of accessing Aadhaar data following a complaint filed by the Unique Identification Authority of India (UIDAI) last week.

The arrested is Abhinav Srivastav, 31, an IIT-Kharagpur graduate, who is currently employed by ANI Technologies, which owns the Ola brand, as a software development engineer. He has been accused of accessing Aadhaar information in January 2017 through an app named ‘Aadhaar e-KYC’, which was available on the Google Play store till recently.

Police said Srivastav had developed five apps and made ₹40,000 from advertisements displayed on them. Police are now scanning all his apps to see whether more violations were committed. The Aadhaar e-KYC app was downloaded over 50,000 times from the Google Play store since its launch in January, the police said.

City Police Commissioner T. Suneel Kumar said that based on the complaint, six teams of police comprising 26 personnel were formed to nab Srivastav and they tracked him down to Koramangala after a week. He has been accused of using the services of another app, ‘e-hospital’, which is listed as an authenticated user agency (AUA) authorised to access UIDAI data.

A senior police officer said there were around 400 entities that have been authorised to access the data for authentication. Srivastav’s company was not among those authorised.

A native of Kanpur, Srivastav completed his M.Sc. in Industrial Chemistry from IIT-Kharagpur and joined a private firm in 2010 as a security researcher. He launched Qarth technologies in 2012 and shut it down in 2016 owing to financial reasons. In March 2016, Ola announced that it had acquired Qarth and its mobile payments product, X-Pay. Srivastav then joined another private firm before joining ANI Technologies last year.

Investigation revealed that the e-hospital company is not aware of his activities. However, further probe is on to ascertain the facts.

The ability of a software engineer to bypass strict protocols set in place by the UIDAI to access critical data puts the spotlight firmly on the security measures employed to protect Aadhaar data.

Police investigation have revealed that Srivastav had piggy-backed on the infrastructure of another app for hacking the data base.

“Aadhaar related information, legally housed by the National Informatics Centre server, was illegally and without authorisation accessed and used to support this mobile application,” said the police statement.

Srivastav, in order to give his ‘Aadhaar e-KYC’ app an air of authenticity, hacked into the server of the NIC, which houses the e-hospital system, which is a solution for government hospitals to handle patient care and other services, including medical records management.

As part of its regulations, the UIDAI accords certain agencies the title of an AUA, which can then provide Aadhaar-enabled services to the cardholder. For authentication, these agencies have to connect to the Central Identities Data Repository (CIDR) through the services of a Authentication Service Agency (ASA). ASAs are bound by regulations that stipulate encryption of data and logging of access.

The 'e-hospital’ platform had access as a registered AUA. Srivastav used this server to route his app requests for data access and managed to steal the data, the police said.

Question raised

In 2016, a paper titled ‘Privacy and Security of Aadhaar: A Computer Science Perspective’ by the Computer Science and Engineering Department of IIT-Delhi raised the question of leakage of Aadhaar number from an AUA.

The paper, which also discusses several other possible threat scenarios, said, “This, however, does not fully mitigate the risks and the possibility of leakage of the Aadhaar number from an AUA, either from the database, or during “Know Your Customer” (KYC) processes, or even during availing services, cannot be ruled out. In particular, there appear to be no safeguards or even guidelines, either technical or legal, on how the Aadhaar number should be maintained and used by various AUAs in a cryptographically secure way, and how to prevent the Aadhaar number of an individual from becoming public.”

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
February 6,2020

Washington, Feb 6: The US has expressed concern over the current situation of religious freedom in India and raised the issue with Indian officials, a senior State Department official has said.

The remarks came in the wake of widespread protests held across India against the Citizenship Amendment Act (CAA).

The senior State Department official, on condition of anonymity, said that he has met with officials in India about what is taking place in the nation and expressed concern.

"We are concerned about what's taking place in India. I have met with the Indian foreign minister. I've met with the Indian ambassador (to express my concern)," the official, who was recently in India, told reporters on Wednesday.

The US has also "expressed desire first to try to help and work through some of these issues", the official said as Secretary of State Mike Pompeo launched a 27-nation International Religious Freedom Alliance.

"To me, the initial step we try to do in most places is say what can we do to be of help you work through an issue to where there's not religious persecution. That's the first step, is just saying can we work with you on this," the official said.

India maintains that the Indian Constitution guarantees fundamental rights to all its citizens, including its minority communities.

It is widely acknowledged that India is a vibrant democracy where the Constitution provides protection of religious freedom, and where democratic governance and rule of law further promote and protect fundamental rights, a senior official of the Ministry of External Affairs has said.

According to the CAA, members of Hindu, Sikh, Buddhist, Jain, Parsi and Christian communities who have come from Pakistan, Bangladesh and Afghanistan till December 31, 2014 following religious persecution there will get Indian citizenship.

The Indian government has been emphasising that the new law will not deny any citizenship rights, but has been brought to protect the oppressed minorities of neighbouring countries and give them citizenship.

Defending the CAA, Prime Minister Narendra Modi last month said that the law is not about taking away citizenship, it is about giving citizenship.

"We must all know that any person of any religion from any country of the world who believes in India and its Constitution can apply for Indian citizenship through due process. There's no problem in that," he said.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
July 22,2020

New Delhi, Jul 22: With a spike of 37,724 cases and 648 deaths reported in the last 24 hours, the total number of COVID-19 cases in India stands at 11,92,915, according to the Union Ministry of Health and Family Welfare.

The total number of cases includes 4,11,133 active cases, 7,53,050 cured/discharged/migrated and 28,732 deaths, the Health Ministry informed.

Maharashtra remains the worst affected state with 3,27,031 cases and 12,276 deaths.
The second worst-hit state, Tamil Nadu has reported 1,80,643 COVID-19 cases so far while Delhi has reported 1,25,096 cases, according to the Ministry.

Other states that have witnessed a higher number of COVID-19 positive cases include, Andhra Pradesh with 58,668 cases, Karnataka with 71,069 while Telangana has reported 47,705 COVID-19 positive cases.

Meanwhile, as per the information provided by the Indian Council of Medical Research (ICMR), the total number of samples tested up to July 21 is 1,47,24, 546 including 3,43,243 samples tested yesterday.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
March 5,2020

Bengaluru, Mar 5: Flipkart co-founder Sachin Bansal's wife Priya Bansal has filed a dowry harassment case against the entrepreneur at Kormangala police station in Bengaluru, sources said.

Priya alleged that ahead of their wedding, her father had spent Rs 50 lakh for the arrangements and given Rs 11 lakh in cash to Sachin instead of a car. Further, she has also alleged that Sachin has been pressurising her to transfer all the properties that were in her name to him. However, after refusing to do so her in-laws started harassing her.

A First Information Report (FIR) has been filed against Sachin and three others at Kormangala police station in Bengaluru.

The police are investigating the matter.

Further details awaited.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.