1. Home
  2. Bengaluru: 31-yr-old techie arrested for accessing Aadhaar data

Bengaluru: 31-yr-old techie arrested for accessing Aadhaar data

coastaldigest.com news network
August 4, 2017

Bengaluru, Aug 4: Bengaluru city police has arrested a young techie on the charge of accessing Aadhaar data following a complaint filed by the Unique Identification Authority of India (UIDAI) last week.

The arrested is Abhinav Srivastav, 31, an IIT-Kharagpur graduate, who is currently employed by ANI Technologies, which owns the Ola brand, as a software development engineer. He has been accused of accessing Aadhaar information in January 2017 through an app named ‘Aadhaar e-KYC’, which was available on the Google Play store till recently.

Police said Srivastav had developed five apps and made ₹40,000 from advertisements displayed on them. Police are now scanning all his apps to see whether more violations were committed. The Aadhaar e-KYC app was downloaded over 50,000 times from the Google Play store since its launch in January, the police said.

City Police Commissioner T. Suneel Kumar said that based on the complaint, six teams of police comprising 26 personnel were formed to nab Srivastav and they tracked him down to Koramangala after a week. He has been accused of using the services of another app, ‘e-hospital’, which is listed as an authenticated user agency (AUA) authorised to access UIDAI data.

A senior police officer said there were around 400 entities that have been authorised to access the data for authentication. Srivastav’s company was not among those authorised.

A native of Kanpur, Srivastav completed his M.Sc. in Industrial Chemistry from IIT-Kharagpur and joined a private firm in 2010 as a security researcher. He launched Qarth technologies in 2012 and shut it down in 2016 owing to financial reasons. In March 2016, Ola announced that it had acquired Qarth and its mobile payments product, X-Pay. Srivastav then joined another private firm before joining ANI Technologies last year.

Investigation revealed that the e-hospital company is not aware of his activities. However, further probe is on to ascertain the facts.

The ability of a software engineer to bypass strict protocols set in place by the UIDAI to access critical data puts the spotlight firmly on the security measures employed to protect Aadhaar data.

Police investigation have revealed that Srivastav had piggy-backed on the infrastructure of another app for hacking the data base.

“Aadhaar related information, legally housed by the National Informatics Centre server, was illegally and without authorisation accessed and used to support this mobile application,” said the police statement.

Srivastav, in order to give his ‘Aadhaar e-KYC’ app an air of authenticity, hacked into the server of the NIC, which houses the e-hospital system, which is a solution for government hospitals to handle patient care and other services, including medical records management.

As part of its regulations, the UIDAI accords certain agencies the title of an AUA, which can then provide Aadhaar-enabled services to the cardholder. For authentication, these agencies have to connect to the Central Identities Data Repository (CIDR) through the services of a Authentication Service Agency (ASA). ASAs are bound by regulations that stipulate encryption of data and logging of access.

The 'e-hospital’ platform had access as a registered AUA. Srivastav used this server to route his app requests for data access and managed to steal the data, the police said.

Question raised

In 2016, a paper titled ‘Privacy and Security of Aadhaar: A Computer Science Perspective’ by the Computer Science and Engineering Department of IIT-Delhi raised the question of leakage of Aadhaar number from an AUA.

The paper, which also discusses several other possible threat scenarios, said, “This, however, does not fully mitigate the risks and the possibility of leakage of the Aadhaar number from an AUA, either from the database, or during “Know Your Customer” (KYC) processes, or even during availing services, cannot be ruled out. In particular, there appear to be no safeguards or even guidelines, either technical or legal, on how the Aadhaar number should be maintained and used by various AUAs in a cryptographically secure way, and how to prevent the Aadhaar number of an individual from becoming public.”

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
June 8,2020

Bengaluru, Jun 8: Veteran Congress leader Mallikarjun Kharge on Monday filed his nomination as the party's candidate for the June 19 Rajya Sabha polls from Karnataka.

The former union minister filed his nomination in the presence of KPCC President D K Shivakumar, Leader of Opposition Siddaramaiah and other senior party leaders at the office of Legislative Assembly Secretary M K Vishalakshi, who is the returning officer for the polls.

Ahead of filing of nomination, the Congress Legislature Party meeting was held under the leadership of Siddaramaiah, after which Shivakumar issued "B-form" to Kharge.

The Congress high command on June 5 had announced Kharge as the party's candidate for the Rajya Sabha polls.

The election is scheduled on June 19 to fill four Rajya Sabha seats from Karnataka represented by Rajeev Gowda and BK Hariprasad of the Congress, Prabhakar Kore of the BJP and D Kupendra Reddy of the JD(S) that will fall vacant on June 25, with their retirement.

June 9 is the last date for filing nominations.

Congress with 68 MLAs in the assembly can win one of the four seats easily on its own, so Kharge's victory is said to be certain.

This will be the first stint in Rajya Sabha for Kharge, who has always got elected directly by the people in his political career spanning over four decades.

The leader, earlier popularly known as "solillada Saradara", (a leader without defeat), faced his first electoral loss in his political life against BJP's Umesh Jadhav in Gulbarga by a margin of 95,452 votes during the 2019 Lok Sabha polls.

A nine-time MLA and two-term Lok Sabha member, he had served as Congress floor leader in the previous Lok Sabha, and also as Union Railway and Labour Minister during the UPA government.

Kharge, who is 77-years-old, has also served as minister during several Congress governments in the state, and as KPCC President and Leader of Opposition in the Karnataka Assembly in the past.

His son, Priyank Kharge, is currently MLA representing Chittapur constituency and had served as minister during the previous Congress and coalition governments.

JD(S) patriarch and former Prime Minister HD Deve Gowda is the JD(S) candidate.

The regional party that has 34 seats in the assembly is not in a position to win a seat in Rajya Sabha on its own, and will need the support from the Congress with its surplus votes.

A minimum of 44 votes are required for candidates to win.

BJP with 117 members in the assembly (including Speaker), can ensure easy victory in two seats.

The BJP's central leadership on Monday sprang a surprise by fielding Eranna Kadadi and Ashok Gasti as its candidates for the Rajya Sabha election ignoring the recommendations of the state BJP unit.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
April 19,2020

Bengaluru, Apr 19:  Karnataka's Technical Education department following Union Home Ministry’s guidelines, on Sunday directed all its colleges not to use the Zoom application to conduct online classes during the ongoing lockdown period.

Considering Union Home Ministry's advisory that Zoom app is not safe, the department has taken the decision and issued a circular asking all government, aided and unaided engineering, polytechnic (Diploma) colleges to stop using the app immediately.

The department recommended the use of a free app developed by TCS: "TCS iON Digital class room" or any other App recommended by All India Council for Technical Education (AICTE) to conduct the online classes.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
April 19,2020

Bengaluru, Apr 19: With six new cases of COVID-19 in the last 24 hours, Karnataka's total count of coronavirus patients has surged to 390, said the State's Health Department on Sunday.

"Six new cases have been confirmed for COVID-19 in the State from 5 pm yesterday till 5 pm today. Cumulatively, 390 COVID-19 positive cases have been confirmed in the state," said the Health Department in a statement.

The total coronavirus cases in the State include 16 deaths and 111 discharges.

Deputy Chief Minister CN Ashwath Narayan said that "only essential and critical number of" employees of the Information Technology (IT) companies will be allowed to work from offices from April 20 onwards in Bengaluru, while others will have to continue working from home.

According to the latest update by the Ministry of Health and Family Welfare, the total number of positive cases in India has mounted to 16,116 and 519 deaths have been reported till now.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.