1. Home
  2. Bengaluru: 31-yr-old techie arrested for accessing Aadhaar data

Bengaluru: 31-yr-old techie arrested for accessing Aadhaar data

coastaldigest.com news network
August 4, 2017

Bengaluru, Aug 4: Bengaluru city police has arrested a young techie on the charge of accessing Aadhaar data following a complaint filed by the Unique Identification Authority of India (UIDAI) last week.

The arrested is Abhinav Srivastav, 31, an IIT-Kharagpur graduate, who is currently employed by ANI Technologies, which owns the Ola brand, as a software development engineer. He has been accused of accessing Aadhaar information in January 2017 through an app named ‘Aadhaar e-KYC’, which was available on the Google Play store till recently.

Police said Srivastav had developed five apps and made ₹40,000 from advertisements displayed on them. Police are now scanning all his apps to see whether more violations were committed. The Aadhaar e-KYC app was downloaded over 50,000 times from the Google Play store since its launch in January, the police said.

City Police Commissioner T. Suneel Kumar said that based on the complaint, six teams of police comprising 26 personnel were formed to nab Srivastav and they tracked him down to Koramangala after a week. He has been accused of using the services of another app, ‘e-hospital’, which is listed as an authenticated user agency (AUA) authorised to access UIDAI data.

A senior police officer said there were around 400 entities that have been authorised to access the data for authentication. Srivastav’s company was not among those authorised.

A native of Kanpur, Srivastav completed his M.Sc. in Industrial Chemistry from IIT-Kharagpur and joined a private firm in 2010 as a security researcher. He launched Qarth technologies in 2012 and shut it down in 2016 owing to financial reasons. In March 2016, Ola announced that it had acquired Qarth and its mobile payments product, X-Pay. Srivastav then joined another private firm before joining ANI Technologies last year.

Investigation revealed that the e-hospital company is not aware of his activities. However, further probe is on to ascertain the facts.

The ability of a software engineer to bypass strict protocols set in place by the UIDAI to access critical data puts the spotlight firmly on the security measures employed to protect Aadhaar data.

Police investigation have revealed that Srivastav had piggy-backed on the infrastructure of another app for hacking the data base.

“Aadhaar related information, legally housed by the National Informatics Centre server, was illegally and without authorisation accessed and used to support this mobile application,” said the police statement.

Srivastav, in order to give his ‘Aadhaar e-KYC’ app an air of authenticity, hacked into the server of the NIC, which houses the e-hospital system, which is a solution for government hospitals to handle patient care and other services, including medical records management.

As part of its regulations, the UIDAI accords certain agencies the title of an AUA, which can then provide Aadhaar-enabled services to the cardholder. For authentication, these agencies have to connect to the Central Identities Data Repository (CIDR) through the services of a Authentication Service Agency (ASA). ASAs are bound by regulations that stipulate encryption of data and logging of access.

The 'e-hospital’ platform had access as a registered AUA. Srivastav used this server to route his app requests for data access and managed to steal the data, the police said.

Question raised

In 2016, a paper titled ‘Privacy and Security of Aadhaar: A Computer Science Perspective’ by the Computer Science and Engineering Department of IIT-Delhi raised the question of leakage of Aadhaar number from an AUA.

The paper, which also discusses several other possible threat scenarios, said, “This, however, does not fully mitigate the risks and the possibility of leakage of the Aadhaar number from an AUA, either from the database, or during “Know Your Customer” (KYC) processes, or even during availing services, cannot be ruled out. In particular, there appear to be no safeguards or even guidelines, either technical or legal, on how the Aadhaar number should be maintained and used by various AUAs in a cryptographically secure way, and how to prevent the Aadhaar number of an individual from becoming public.”

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
January 1,2020

Mangaluru, Jan 1: On the first day of 2020, Bajpe Police became somewhat of a Guardian Angel for a college student, who was wandering around the city in the wee hours of Wednesday, convincing and escorting him to his home safely, after coming to know about his residence.

According to Bajpe Police Probationary Sub-Inspector Anita Nikkam and Police Officer Devappa Hosamani, they noticed a youth, hailing from Handelu in Todaru and studying in a college at Moodbidri, wandering at around 0245 hrs.

When asked about his whereabouts, the boy did not respond initially. However, police managed to collect his address and his mother's phone number after half an hour of interrogation.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
March 9,2020

Bengaluru, Mar 9: The first case of Nov Corona patient was found in Karnataka with a 40 year-old Software Engineer, who returned from US, developing fever today at Rajiv Gandhi Hospital in the City. This is the first case reported in the State.

Disclosing this to newsmen, Karnataka Minister for Medical Education Dr K Sudhakar said that the techie, his wife and their one child arrived from US on Feb 28 and were under observation.

He said that there were no indication or any symptoms immediately after their arrival and also for the first four days, but on March 5 the Techie developed fever and today (Monday) it was confirmed that he is suffering from the killer disease.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
coastaldigest.com news network
May 21,2020

Bengaluru, May 21: Chief Minister B S Yediyurappa today slammed Law Minister JC Madhuswamy for yelling at a woman farmer in Kolar, an incident that attracted widespread criticism. 

The incident happened on Wednesday when Madhuswamy, who is also the minor irrigation minister, was inspecting the Koramangala-Challaghatta (KC) Valley project, under which Bengaluru’s sewage is treated and pumped into lakes in Kolar. 

During his visit, farmer Nalini Gowda questioned Madhuswamy on the encroachment of the 1,022-acre S Agrahara lake. At one point, Madhuswamy lost his cool and yelled, “Aye! Shut your mouth, rascal,” and asked the police to take her away. Before this, Madhuswamy told her, “Make a request. I’m a very bad man. You can only air your grievance. Don’t command us.” 

A video of this exchange was aired by news channels. 

“What (Madhuswamy) said is not right. I have warned him. None can forgive such an explicit manner of talking with a woman. That, too, behaving like that being a minister doesn’t bode well. I will talk to that woman also and I’ll ensure this doesn’t happen again,” Yediyurappa told reporters.

The incident has come as a shot in the arm to the Opposition Congress, which is already attacking the Yediyurappa administration on the COVID-19 crisis. Condemning Madhuswamy’s behaviour, Leader of the Opposition Siddaramaiah demanded an apology and asked Yediyurappa to sack him from the Cabinet. 

Karnataka Pradesh Congress Committee (KPCC) president D K Shivakumar said it was unbecoming of Madhuswamy to behave like that being a senior minister. “People will ask us questions and express their problems, naturally. What’s important is how we handle ourselves. Be it a woman or anyone, they come to us because we’re into public service. Calling them ‘rascal’ and things is not right. Maybe there was some irritation, but I agree with (Siddaramaiah) that he should be dropped from the Cabinet,” he said.

On his part, Madhuswamy said he felt intimidated. “If I have hurt the feelings of any woman, I will certainly apologise,” he said. “But citizens should realise, we go to their villages to ask about their problems. If they start abusing us publicly, how can we work? My secretary and I heard her for five minutes and then told her that we know our responsibility. We asked her to close the issue. She didn’t stop and I got tempted (sic),” the minister said.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.