March 14, 2018
The Supreme Court on March 13 decided to stay the deadline for the mandatory linking of Aadhaar to your bank account and mobile number. And a good thing too, considering how insecure various aspects of it have proved to be. French cybersecurity researcher Baptiste Robert, who hacked into the Aadhaar android app earlier in January, has now posted a video online, detailing just how to crack into the app in just over a minute.
How to bypass the password protection of the official #Aadhaar #android #app in 1 minute.
For this attack, the attacker need a physical access to the phone, rooted phone is not needed and yes this is the latest version of the app.
cc @uidai @ceo_uidai pic.twitter.com/7aZ0fvr0Wv
— Elliot Alderson (@fs0c131y) March 13, 2018
“For this attack, the attacker need a physical access to the phone,” Robert said in a tweet. However, he does specify that the phone doesn’t even need to be rooted to exploit this vulnerability. And yes, we’re talking about the latest version of the app.
Robert seems to be hell bent on trying to disprove the UIDAI’s insistent claims that Aadhaar systems are secure, and it’s the second time around he’s done so.
It’s a bigger slap in the face that this hack only requires a few lines of code, something that should not be possible for a national documentation system of every human being in the country, complete with biometric data and bank accounts. And once complete, the hack takes you right to the password reset page in the app.
You don’t even need to enter your Aadhaar number or old password to do it.