1. Home
  2. Bengaluru: 31-yr-old techie arrested for accessing Aadhaar data

Bengaluru: 31-yr-old techie arrested for accessing Aadhaar data

coastaldigest.com news network
August 4, 2017

Bengaluru, Aug 4: Bengaluru city police has arrested a young techie on the charge of accessing Aadhaar data following a complaint filed by the Unique Identification Authority of India (UIDAI) last week.

The arrested is Abhinav Srivastav, 31, an IIT-Kharagpur graduate, who is currently employed by ANI Technologies, which owns the Ola brand, as a software development engineer. He has been accused of accessing Aadhaar information in January 2017 through an app named ‘Aadhaar e-KYC’, which was available on the Google Play store till recently.

Police said Srivastav had developed five apps and made ₹40,000 from advertisements displayed on them. Police are now scanning all his apps to see whether more violations were committed. The Aadhaar e-KYC app was downloaded over 50,000 times from the Google Play store since its launch in January, the police said.

City Police Commissioner T. Suneel Kumar said that based on the complaint, six teams of police comprising 26 personnel were formed to nab Srivastav and they tracked him down to Koramangala after a week. He has been accused of using the services of another app, ‘e-hospital’, which is listed as an authenticated user agency (AUA) authorised to access UIDAI data.

A senior police officer said there were around 400 entities that have been authorised to access the data for authentication. Srivastav’s company was not among those authorised.

A native of Kanpur, Srivastav completed his M.Sc. in Industrial Chemistry from IIT-Kharagpur and joined a private firm in 2010 as a security researcher. He launched Qarth technologies in 2012 and shut it down in 2016 owing to financial reasons. In March 2016, Ola announced that it had acquired Qarth and its mobile payments product, X-Pay. Srivastav then joined another private firm before joining ANI Technologies last year.

Investigation revealed that the e-hospital company is not aware of his activities. However, further probe is on to ascertain the facts.

The ability of a software engineer to bypass strict protocols set in place by the UIDAI to access critical data puts the spotlight firmly on the security measures employed to protect Aadhaar data.

Police investigation have revealed that Srivastav had piggy-backed on the infrastructure of another app for hacking the data base.

“Aadhaar related information, legally housed by the National Informatics Centre server, was illegally and without authorisation accessed and used to support this mobile application,” said the police statement.

Srivastav, in order to give his ‘Aadhaar e-KYC’ app an air of authenticity, hacked into the server of the NIC, which houses the e-hospital system, which is a solution for government hospitals to handle patient care and other services, including medical records management.

As part of its regulations, the UIDAI accords certain agencies the title of an AUA, which can then provide Aadhaar-enabled services to the cardholder. For authentication, these agencies have to connect to the Central Identities Data Repository (CIDR) through the services of a Authentication Service Agency (ASA). ASAs are bound by regulations that stipulate encryption of data and logging of access.

The 'e-hospital’ platform had access as a registered AUA. Srivastav used this server to route his app requests for data access and managed to steal the data, the police said.

Question raised

In 2016, a paper titled ‘Privacy and Security of Aadhaar: A Computer Science Perspective’ by the Computer Science and Engineering Department of IIT-Delhi raised the question of leakage of Aadhaar number from an AUA.

The paper, which also discusses several other possible threat scenarios, said, “This, however, does not fully mitigate the risks and the possibility of leakage of the Aadhaar number from an AUA, either from the database, or during “Know Your Customer” (KYC) processes, or even during availing services, cannot be ruled out. In particular, there appear to be no safeguards or even guidelines, either technical or legal, on how the Aadhaar number should be maintained and used by various AUAs in a cryptographically secure way, and how to prevent the Aadhaar number of an individual from becoming public.”

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
May 29,2020

Bengaluru, May 29: The hotel industry is one of the worst-hit industries due to lockdown, along with the tourism industry. Bengaluru's hotel industry has incurred a loss of around Rs 1200 crore during the lockdown period however, the hotels here are likely to open in June if the State government issues guidelines for the resumption of their services.

Speaking to media, PC Rao, President, Bangalore Hotelier's Association said, "It's not only the loss of business, but we have lost the customer base as well. 
We don't expect any good future for the next six months. There will be a slow down in the business even after opening."

"We have requested our CM to give first preference to the hotels. We are going to restart our business in June if granted permission. Around 10 per cent of the hotels cannot open at all. They are in the stage of merging or closing down position. Few hotels may open after five or six months," he added.

He continued saying that many hotels are for sale but there are no buyers. There are around 21,000 restaurants in Bangalore, 3500 hotels with rooms and restaurant which has an average turnover of Rs 20 crores per day, Rao informed.

"We expect losses of around Rs 1200 crores in these two months. We are giving special online training to all the hoteliers and to our managers particularly to deal with the COVID-19 situation, including how to deal with the guests, employees, how to start the hotel services. 

Each and every manager has already been trained and we are still continuing it. We will conduct face to face meeting as well and brief the managers," said Rao.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
July 20,2020

Bengaluru, July 20: The Karnataka government has reiterated that no final decision has so far been taken on reopening of schools in the state.

The clarification comes after minutes of the July 15 HRD ministry meeting where Karnataka education department officials said schools are reopening on September 1 went viral on social media. 

“The state government has not decided yet on starting schools. That they will reopen in September was only a general opinion expressed by our officials at the meeting. At present, we have no plans to start schools unless there is a conducive environment. There’s no need for anxiety,” said primary and secondary minister S Suresh Kumar.

Kumar said the government is involved in meeting the education sector’s changed priorities in the current scenario.

The minutes were of a virtual conference on school-safety plans, with representatives of state governments and Union territories expressing views on reopening of schools. 

Against the name of Karnataka, “After September 1” was written. Similar datelines were given by Kerala, Ladakh, Manipur, Rajasthan, Odisha and Andhra Pradesh, while in case of many other states it said “no decision”.

An education department official said Karnataka submitted to MHRD that it will be able to take a decision only after September 1, depending on the situation in the state.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
February 14,2020

Bengaluru, Feb 14: Raja and Rani got married on Valentine's Day at Cubbon Park here.

The bride and the groom were decked up in bridal finery were heralded with traditional wedding music with nadaswaram and thavil (percussion) . The catch was that the married couple were horses.

Pro-Kannada activist and Kannada Vatal Party chairman Vatal Nagaraj performed the marriage ceremony of the two horses.

Nagaraj gave a dhoti and shirt to Raja (male horse) and a saree along with a taali (mangal sutra) to Rani (female horse).

Nagaraj has been conducting such ceremonies in the past too. Last year he had married off two sheep- Jacob and Carolyn in a similar ceremony.

The activist says he is all for love and urged anti-Valentine's Day supporters not to oppose lovers and their Valentine's Day celebration.

He also urged the Central government and the Karnataka state governments to give Rs 1 lakh and RS 50,000 respectively to the "lovers to support their love" by helping them get married.

Meanwhile, sweets were distributed to all the guests who had participated in the Valentine's Day marriage ceremony today.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.