Aadhaar data can be stolen easily, techie arrested for theft holds demonstration
Abhinav Srivastava, the founder of Qarth Technologies Pvt Ltd was arrested for data theft
In a six hour demonstration, a Bengaluru techie and entrepreneur showed the police how easy it was for him to access Aadhaar data from the UIDAI data base. Abhinav Srivastava was arrested last week for the data theft following a complaint by the UIDAI authorities.
Cyber crime police in Bengaluru recorded Abhinav's modus operandi which highlighted a glaring security chink, the lack of Hypertext Transfer Protocol Secure (HTTPS) in the URL that helped Abhinav access details. The founder of an Ola subsidiary firm, Qarth Technologies Pvt Ltd, Abhinav used shortcuts to access data from various websites that used Aadhaar data.
HTTPS consists of communication over Hypertext Transfer Protocol within a connection encrypted by Transport Layer Security. In simpler terms, it is a far better secure connection than the HTTP. HTTPS is aimed at authentication of the visited website and protection of the privacy and integrity of the exchanged data. The lack of it helped the accused hack into an e-hospital website.
On initial investigation, it was found that Abhinav accessed Aadhaar information from an e-hospital's server hosted by the National Informatics Centre. The hospital was a Know Your Customer user agency which has tied up with the UIDAI. Abhinav hacked into the hospital's system and linked the information on its server to an app that he developed.
The app, which was available on google store, has been removed now. It was able to redirect users to the e-hospital's servers to access KYC data. Even as he claimed that he did not steal any information but only gave access to a server, using Aadhaar data without prior permission from the UIDAI is a violation of the Aadhaar law.
Abhinav who holds a masters degree from IIT-Kharagpur used the loopholes in the e-hospital's URL to gain access to its unsecured servers. With his app, anyone could access details about anyone who had an Aadhaar card breaching the privacy of individuals. Following a complaint by the UIDAI, the High grounds police in Bengaluru booked Abhinav, his company and its promoters for accessing secure Aadhaar database and leaking information under sections 37, 38, 29(2) of Aadhaar (Targeted Delivery of Financial and other Subsidies, Benefits and Services) Act 2016, sections 65 and 66 of the IT Act.
OneIndia News
-
Kerala 2026 Elections: Opinion Poll Shows LDF-UDF Neck-and-Neck Race; NDA Emerges as Decisive Factor -
Why Is Noida Airport So Far From Noida? Abhijit Ganguly Questions Logic Behind Noida Airport Location -
Khushbu's Husband Sundar C To Contest Tamil Nadu Polls From Madurai -
Iran Crisis: Can Trump Really Rename The Strait Of Hormuz? -
Noida International Airport to Become India’s Most Uniquely Connected Airport, Linked to 5 Major Expressways -
Tamil Nadu Dry Days: TASMAC Shops To Be Closed On These Dates As EC Imposes Ban On Alcohol Sale -
DMK Announces Candidate List: CM MK Stalin To Contest From Kolathur, Udhayanidhi From Chepauk-Triplicane -
Elon Musk Joined Private Call Between Trump-Modi On Iran War: Report -
‘Picture Hai Vo? Teen Ghante Bakwaas’: Asaduddin Owaisi Tears Into Dhurandhar 2 Despite Record Box Office Run -
Aries Horoscope for Today March 28, 2026, Saturday - Fast Changes Demand Patience And Clear Choices -
From Tamil Nadu to Puducherry, DMK–Congress Ties Show Signs of Stress -
After Changing Officers, Why No Action? Mamata Banerjee Slams Murshidabad Clashes, Says “Don’t Blame Me”
Click it and Unblock the Notifications
Sign in with Google