Aadhaar Security Breach: Addressing The Problem At It's Core

If you have been following the technology news, you’ve probably heard of the UIDAI Aadhaar security breach that has sprung up recently and is still circulating like wildfire in the cybersecurity world.

For those of you who do not know what the Aadhaar is, it is a 12 digit unique identification number issued by the Indian government to every individual resident of India. The Aadhaar project was initiated as an attempt towards having a single, unique identification document or number that would capture all the details of a citizen, including demographic and biometric information of every Indian resident.

It is the duty of the citizens of India to adhere to government policies whether we like it or not. The Aadhaar requires a lot of information from us. Our names, phone numbers, place of residence and more are all in the hands and the mercy of the government. All of which we ‘assume’ is secure.

Aadhaar Security Breach - What We Know

Yes, we are aware of what the Aadhaar security breach reports state; the data obtained from this breach was acquired by paying no more than Rupees 500. We also know that for an additional Rupees 300 printing access was granted to the journalists. However, no one's talking about the root causes and the measures to prevent these incidents. Through all this chaos and madness we’ve been sidetracked into thinking that this wasn’t really a security issue but rather an issue with proper authorization and access to the database of users.

Last I checked, if anything has been obtained without wilful consent, it would be considered stealing, or in this case a compromise to security. We can’t really blame the Aadhaar security breach on the UIDAI because it was nothing but imminent. It was only a matter of time before it struck. We’ve been warned time and time again by some of security’s finest.

Robert Mueller, Ex FBI Director.

As alarming as the statement seems, I’m surprised to see both the government and businesses (especially in India) take security so lightly.

Security is a vast space, right from the security guard in front of your building to the complicated lines of code that keep away hackers from your database. If I am able to get past your walls be it physical or digital, it’s a clear security breach, Period! We could start playing the blame game here and bring up past incidents that shame the people responsible for the act but that just makes us move backward.

Instead, for the safety of the women in India, the children and even yourselves, start to educate yourself about how security works, especially when you give away your sensitive information to people who may not be so concerned about your security.

To paint a picture of how security breaches like this affect the end user, here are a few things I’ve heard and seen. I’ve been often told and seen that a lot of women in our country have to opt to change their phone number during the year. And upon asking why? - She stated, ‘ because I am getting creepy and constant calls from some weird numbers and guys’. Oh! and don’t even get me started on the crazy marketing people that call me each day. These are just a few common realities of leaked personal information compared to the other absurd things that are happening on the ground.

While in the case of businesses, we need to understand that security and cybersecurity, in particular, involves many intricate components that are pieced together to form a common security structure that is solid enough to keep away malpractices of any sort. So it’s not about getting a compliance check or it's not about just hiring a cybersecurity company to help you keep secure. It’s about finding specialists for each individual component of cybersecurity to make sure your business (which today is often powered by applications) is implementing thorough security measures not only for your success but also for the user’s personal privacy and security.

Now for what the Government can do, you may ask. The only way to take security seriously is to implement laws that put a serious penalty on businesses who’s security gets compromised. Kind of like what our friends in Singapore and the United States are doing. A single data breach detected there could cost businesses up to a million dollars if prerequisite measures were not taken. If you ask me, I’d rather invest in good security measures for a few thousand dollars rather than live with the fear of losing a million dollars falling victim to a security breach.

We’ve put some strict laws on the traffic in our cities, I think it's time to take our security and in particular our cybersecurity to the next level. Let's not wait till something worse happens, the Aadhaar security breach is only a small incident compared to the massive things that may unfold in the near future. Let’s raise our voices, ask appropriate questions and push towards a safer Digital India.

Automated Mobile App Security Testing

Published on Jan 5, 2018
Darell Khin
Written by Darell Khin

Questions?

Chat With Us

Using Other Product?

Switch to Appknox

2 Weeks Free Trial!

Get Started Now