Aadhaar facial recognition on track for July 1 as fresh breach allegation leveled and denied
Facial recognition will be available as a means of authentication for Aadhaar users beginning on July 1, 2018, Unique Identification Authority of India (UIDAI) CEO Ajay Bhushan Pandey confirmed in a presentation to India’s Supreme Court, The Economic Times reports.
The introduction of face authentication for use in combination with one of fingerprint, iris, or OTP for identity verification was announced in January, with a July 1 target. The deadline for linking Aadhaar numbers with bank accounts and mobile phones, however, has been delayed, as the Supreme Court hears constitutional challenges to the national identity scheme.
Aadhaar is currently used by banks, telecommunications companies, government agencies and other entities to perform roughly 40 million daily authentications, the Times reports.
“Face authentication shall be available in fusion mode along with one more authentication factor like fingerprint/iris/OTP from July 1, 2018,” Pandey told the court in a presentation, in which he also emphasized the strength of Aadhaar’s encryption system.
Airports selected for Aadhaar-based biometric boarding pass pilot project
Outlook India reports that the Airports Authority of India (AAI) has chosen three airports to pilot a biometrics-based access system for passenger boarding.
AAI chairman Guruprasad Mohapatra said the State-owned agency would soon invite bids for the initiative which will see passengers’ Aadhaar details used for the biometrics-enabled boarding process. “We expect to issue tenders soon and should be able to start the project in the next 6-8 months.”
Breach allegation leveled and denied
Meanwhile, ZDNet reports that an endpoint vulnerability discovered by a security researcher left the Aadhaar database and personal information about everyone enrolled in the program exposed for weeks.
New Delhi-based security researcher Karan Saini showed ZDNet screenshots of an API used by state-owned utility company Indane, which returned data about individuals including their customer number with Indane and the bank they use, and did not limit the rate of requests.
The UIDAI denied the researcher’s findings in a statement posted to Twitter which called the story “totally baseless, false & irresponsible.” The statement did not deny that a breach had occurred at Indane, but rather that it was a separate database and no biometric data was compromised.
“There is no truth in this story as there has been absolutely no breach of UIDAI’s Aadhaar database. Aadhaar remains safe and secure,” the UIDAI said.