Click it and Unblock the Notifications
Just In
Don't Miss
-
BMW i5 M60 xDrive Launched In India At Rs 1.195 Crore - 592bhp, 516km Range -
IPL 2024: How the 10 Most Expensive IPL 2024 Auction Buys have performed this Season? Complete Details and Ratings -
Vicky Kaushal To Zayed Khan; Bollywood Stars Who Slayed In All Black Ensembles At Heeramandi Screening -
Gold Prices Ayodhya: In Ram-Janma-Bhumi, 24carat Falls By Rs 380 In 10-Grams, Drops By Rs 3,800 In 100-gram -
JEE Main Result 2024 Out, Check Category- Wise Toppers' List Here -
Heeramandi Screening: Alia Bhatt, Ananya Panday, Rashmika Mandanna And Others Serve Finest Ethnic Style! -
Qubo InstaView Video Door Phone Launched in India: Check Price, Features -
Escape to Kalimpong, Gangtok, and Darjeeling with IRCTC's Tour Package; Check Itinerary
Aadhaar data can be stolen easily, techie arrested for theft holds demonstration
Abhinav Srivastava, the founder of Qarth Technologies Pvt Ltd was arrested for data theft
In a six hour demonstration, a Bengaluru techie and entrepreneur showed the police how easy it was for him to access Aadhaar data from the UIDAI data base. Abhinav Srivastava was arrested last week for the data theft following a complaint by the UIDAI authorities.
Cyber crime police in Bengaluru recorded Abhinav's modus operandi which highlighted a glaring security chink, the lack of Hypertext Transfer Protocol Secure (HTTPS) in the URL that helped Abhinav access details. The founder of an Ola subsidiary firm, Qarth Technologies Pvt Ltd, Abhinav used shortcuts to access data from various websites that used Aadhaar data.
HTTPS consists of communication over Hypertext Transfer Protocol within a connection encrypted by Transport Layer Security. In simpler terms, it is a far better secure connection than the HTTP. HTTPS is aimed at authentication of the visited website and protection of the privacy and integrity of the exchanged data. The lack of it helped the accused hack into an e-hospital website.
![[<strong>Bengaluru-based Ola-subsidiary firm booked for Aadhaar data theft]</strong>](https://imagesvs.oneindia.com/webp/fit-in/80x60/img/2017/07/aadhaar-card-28-1501224050.jpg "[<strong>Bengaluru-based Ola-subsidiary firm booked for Aadhaar data theft]</strong>")
On initial investigation, it was found that Abhinav accessed Aadhaar information from an e-hospital's server hosted by the National Informatics Centre. The hospital was a Know Your Customer user agency which has tied up with the UIDAI. Abhinav hacked into the hospital's system and linked the information on its server to an app that he developed.
The app, which was available on google store, has been removed now. It was able to redirect users to the e-hospital's servers to access KYC data. Even as he claimed that he did not steal any information but only gave access to a server, using Aadhaar data without prior permission from the UIDAI is a violation of the Aadhaar law.
Abhinav who holds a masters degree from IIT-Kharagpur used the loopholes in the e-hospital's URL to gain access to its unsecured servers. With his app, anyone could access details about anyone who had an Aadhaar card breaching the privacy of individuals. Following a complaint by the UIDAI, the High grounds police in Bengaluru booked Abhinav, his company and its promoters for accessing secure Aadhaar database and leaking information under sections 37, 38, 29(2) of Aadhaar (Targeted Delivery of Financial and other Subsidies, Benefits and Services) Act 2016, sections 65 and 66 of the IT Act.
OneIndia News
