1. Home
  2. Bengaluru: 31-yr-old techie arrested for accessing Aadhaar data

Bengaluru: 31-yr-old techie arrested for accessing Aadhaar data

coastaldigest.com news network
August 4, 2017

Bengaluru, Aug 4: Bengaluru city police has arrested a young techie on the charge of accessing Aadhaar data following a complaint filed by the Unique Identification Authority of India (UIDAI) last week.

The arrested is Abhinav Srivastav, 31, an IIT-Kharagpur graduate, who is currently employed by ANI Technologies, which owns the Ola brand, as a software development engineer. He has been accused of accessing Aadhaar information in January 2017 through an app named ‘Aadhaar e-KYC’, which was available on the Google Play store till recently.

Police said Srivastav had developed five apps and made ₹40,000 from advertisements displayed on them. Police are now scanning all his apps to see whether more violations were committed. The Aadhaar e-KYC app was downloaded over 50,000 times from the Google Play store since its launch in January, the police said.

City Police Commissioner T. Suneel Kumar said that based on the complaint, six teams of police comprising 26 personnel were formed to nab Srivastav and they tracked him down to Koramangala after a week. He has been accused of using the services of another app, ‘e-hospital’, which is listed as an authenticated user agency (AUA) authorised to access UIDAI data.

A senior police officer said there were around 400 entities that have been authorised to access the data for authentication. Srivastav’s company was not among those authorised.

A native of Kanpur, Srivastav completed his M.Sc. in Industrial Chemistry from IIT-Kharagpur and joined a private firm in 2010 as a security researcher. He launched Qarth technologies in 2012 and shut it down in 2016 owing to financial reasons. In March 2016, Ola announced that it had acquired Qarth and its mobile payments product, X-Pay. Srivastav then joined another private firm before joining ANI Technologies last year.

Investigation revealed that the e-hospital company is not aware of his activities. However, further probe is on to ascertain the facts.

The ability of a software engineer to bypass strict protocols set in place by the UIDAI to access critical data puts the spotlight firmly on the security measures employed to protect Aadhaar data.

Police investigation have revealed that Srivastav had piggy-backed on the infrastructure of another app for hacking the data base.

“Aadhaar related information, legally housed by the National Informatics Centre server, was illegally and without authorisation accessed and used to support this mobile application,” said the police statement.

Srivastav, in order to give his ‘Aadhaar e-KYC’ app an air of authenticity, hacked into the server of the NIC, which houses the e-hospital system, which is a solution for government hospitals to handle patient care and other services, including medical records management.

As part of its regulations, the UIDAI accords certain agencies the title of an AUA, which can then provide Aadhaar-enabled services to the cardholder. For authentication, these agencies have to connect to the Central Identities Data Repository (CIDR) through the services of a Authentication Service Agency (ASA). ASAs are bound by regulations that stipulate encryption of data and logging of access.

The 'e-hospital’ platform had access as a registered AUA. Srivastav used this server to route his app requests for data access and managed to steal the data, the police said.

Question raised

In 2016, a paper titled ‘Privacy and Security of Aadhaar: A Computer Science Perspective’ by the Computer Science and Engineering Department of IIT-Delhi raised the question of leakage of Aadhaar number from an AUA.

The paper, which also discusses several other possible threat scenarios, said, “This, however, does not fully mitigate the risks and the possibility of leakage of the Aadhaar number from an AUA, either from the database, or during “Know Your Customer” (KYC) processes, or even during availing services, cannot be ruled out. In particular, there appear to be no safeguards or even guidelines, either technical or legal, on how the Aadhaar number should be maintained and used by various AUAs in a cryptographically secure way, and how to prevent the Aadhaar number of an individual from becoming public.”

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 25,2024

Udupi: Six junior artists from the prequel of Kannada blockbuster film ‘Kantara’ were injured, when the bus they were travelling in overturned in the district, police said on Monday.

According to police, the accident occurred near Jadkal on Sunday night when the mini-bus carrying the crew of the film overturned.

“The incident happened while they were returning to Kollur after completing the shoot at Mudoor in Jadkal. The mini-bus was carrying 20 junior artistes when it met with the accident,” a police officer said.

The injured were rushed to hospitals in Jadkal and Kundapur for treatment, they said.

The Kollur police are investigating the matter.

"The news making rounds is completely false. The Kantara: Chapter 1 team began shooting at 06:00 AM today, and everything is proceeding as normal. A minor accident occurred 20 kilometres away from the shooting location, involving a local bus carrying some members of the Kantara team. However, no injuries were reported," a source close to the production said.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 22,2024

bjpprotest.jpg

Bengaluru, Nov 22: For the second day running, the Karnataka BJP on Friday staged a statewide protest condemning the government’s alleged move to notify land of farmers as Waqf property.

The BJP staged a protest before the offices of Deputy Commissioners at district headquarters.

The BJP leaders are vehemently demanding that the state government cancel a 1974 Gazette notification in this regard.

The agitators are also demanding scrapping of the Waqf Board and the resignation of Chief Minister Siddaramaiah and Minister for Waqf and Housing Zameer Ahmad Khan.

The BJP MLAs, MLCs, MPs gathered in the premises of Freedom Park and staged a protest under the leadership of Leader of Opposition R. Ashoka and slammed the state government.

MLA T.S. Srivatsa led the protest in Mysuru and hundreds of party workers and farmers staged the protest under the leadership of former MP Pratap Simha in Kodagu.

Former MP Sumalatha Ambareesh led the agitation in Mandya.

This was the first time that Sumalatha took part in the party’s programme after the Lok Sabha elections.

State President B.Y. Vijayendra claimed, “The Congress government in Karnataka is issuing notices to farmers claiming the ownership of their lands to the Waqf Board and pushing them on the streets overnight.”

In the first week of December, three teams formed by the BJP will travel across the state and record the grievances of farmers.

“The state government is attempting to snatch away the lands belonging to temples as well,” Vijayendra alleged and added that the teams would comprise all senior leaders of the BJP.

Meanwhile, the police have taken Sri Ram Sena chief Pramod Muthalik into custody while staging a protest march to the office of Zameer Ahmad Khan in Bengaluru.

Muthalik along with Hindutva activists was planning to lay siege to Zameer’s office over the Waqf row.

The police stopped Muthalik and requested him to submit the memorandum by reaching the minister’s office in a vehicle. However, Muthalik refused to go with the police and continued his footmarch. The police took him into custody following arguments.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 27,2024

gaza.jpg

Gaza health authorities say Israel’s military has "erased” over 1,400 Palestinian families in the besieged territory over the past year.

The Health Ministry said in a statement on Tuesday that the Israeli regime "completely erased about 1,410 families, numbering 5,444 people, from the civil registry during the same period.”

It said that there were 3,463 families with only one survivor, while 2,287 families had more than one survivor.

In northern Gaza, Israel’s warplanes have continued dropping bombs over Palestinian families, Palestinian news agency Wafa reported.

It said one airstrike hit a family home in Jabalia, causing numerous casualties on Tuesday.

According to Gaza's civil defense agency, at least seven people were killed and several others wounded in the attack.

Another person was killed in a strike on a house in nearby Beit Lahia, a town in northern Gaza, which has been declared “a disaster area" by the municipality due to "the Israeli war of extermination and siege, and it has no food, water, hospitals, doctors, services, or communications."

The health ministry said, “Israeli forces killed 14 people and injured 108 others in three massacres of families in the last 24 hours.”

“Many people are still trapped under the rubble and on the roads as rescuers are unable to reach them.”

International organizations and leaders believe that Israel’s genocidal war, now in its second year, is a deliberate attempt to destroy the population of Gaza.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.