French Security Researcher Details Major Flaw in mAadhaar App
Aadhaar was ever going to be a privacy nightmare in the best of cases, but recent reports of severe data breaches and the ensuing Tribune investigation have shown how easy it is for random people to access Aadhaar data for every bit low as Rs. 500. The worst part is that, rather than owning up, the government went into encompass-upwardly mode, denying that the breach even happened, even every bit the man behind it admitted to selling Aadhaar data for peanuts.
Now, the controversial identification arrangement is once again under fire, this time thanks to an investigation by a well-known French security researcher Baptiste Robert aka Elliot Anderson, who says that the recently-released mAadhaar app has major security issues that makes it "super easy to get the password for the local database".
Anderson, for the uninitiated, is the aforementioned man who reported the presence of the EngineerMode APK in OnePlus' OxygenOS, leading to severe controversy and backfire confronting the company.
Co-ordinate to Anderson, the Aadhaar app is saving all the biometric details in a local database that's protected by a password. While that in itself is mutual practice, the fact that the app developers (KhoslaLabs) generate the password using a random number with 123456789 as seed and a hardcoded string db_password_123 is what's at present raising the hackles of privacy advocates. Co-ordinate to a proof-of-concept published by Anderson on Github, the generated password always remains the same, no thing how matter how many times to start the application.
The #Aadhaar #android app is saving your biometric settings in a local database which is protected with a countersign. To generate the password they used a random number with 123456789 equally seed and a hardcoded string db_password_123 🤦♂️ pic.twitter.com/Ty7cPmOjAb
— Baptiste Robert (@fs0c131y) January ten, 2018
According to Anderson, UIDAI responded to him saying that the app stores data on the device itself, but that was never the signal of contention. The things is, because the app doesn't 'actually' generate a random password every time, if you lose your telephone, the guy in control of information technology volition take access to all your details fifty-fifty though you're technically logged out from the app.
Source: https://beebom.com/french-security-researcher-major-flaw-maadhar-app/
Posted by: sharpebeight1953.blogspot.com
0 Response to "French Security Researcher Details Major Flaw in mAadhaar App"
Post a Comment