FB pixel

State government fixes bug exposing Aadhaar biometric records

Philippines responds to breach allegations
| Chris Burt
Categories Biometrics News  |  Civil / National ID  |  ID for All
State government fixes bug exposing Aadhaar biometric records
 

Fingerprint biometrics submitted to India’s national ID system, Aadhaar, have been exposed by the West Bengal state government website, TechCrunch reports.

Security researcher Sourajeet Majumder found and reported a bug that exposed Aadhaar digital ID numbers, identity documents, photographs and images of fingerprints on the e-District web portal. Soon after he reported the bug to government cybersecurity body CERT-In and the West Bengal government, it was fixed, according to the report.

The bug allowed a prospective attacker to guess sequences of 16-digital deed application numbers, and publicly available tools enabled valid numbers to be identified based on responses from the server.

The fear is that a malicious attacker may have discovered the path to people’s biometrics before Majumder reported it and could use the data to mount spoof attacks. The Unique Identification Authority of India (UIDAI) recently implemented liveness detection for fingerprint biometrics to stem incidents of fraud carried out with presentation attacks against the Aadhaar-enabled Payment System.

The UIDAI has launched a bug bounty program to find and close security vulnerabilities in Aadhaar’s biometric database last year.

India has been plagued by data breaches from state government and private sector portals over the past decade, though the UIDAI has denied allegations that biometric data has been leaked from the centralized database.

Philippines denies details of data breach accusations

The Philippine Statistics Authority (PSA) has responded to allegations on social media of a data breach by assuring the public that biometric and digital ID data held by the Philippine Identification System (PhilSys) and the Civil Registration System (CRS) has not been stolen.

The allegations themselves are malware attempts, the agency says. However, an investigation by the PSA’s Data Breach Response Team found that personal data from the Community-Based Monitoring System, a local planning tool, may have been compromised.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

OCR Studio expands KYC fraud detection for AI-generated identity documents

Fake documents made with the help of generative AI are becoming increasingly more convincing. Document analysis and data extraction software…

 

ID4Africa speakers urge legal identity inclusion for refugees, stateless persons

African governments must accelerate efforts to provide legal and digital identity to refugees and stateless populations, according to speakers at…

 

Biometrics lawyer Dan Saeedi talks BIPA on Biometric Update Podcast

Dan Saeedi is a BIPA buster. The renowned Chicago attorney, CIPP/US,a partner and team co-lead of the biometric privacy team…

 

World Bank, African DPAs outline formula for trusted digital identity, DPI

Trust has moved steadily to the center of the conversation around digital public infrastructure and identity at ID4Africa, and the…

 

UK watchdog warns of legal risks as London police deploy LFR at protest

London’s Metropolitan Police will deploy live facial recognition (LFR) technology at a protest for the first time this weekend, prompting…

 

Age assurance debate arrives in Bangladesh

The dominos continue to fall in the game of global online safety legislation targeting social media platforms. Bangladesh is weighing…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis and Buyer's Guides

DIGITAL ID for ALL NEWS

Featured Company

Learn More

ID for ALL FEATURE REPORTS

BIOMETRICS WHITE PAPERS

BIOMETRICS EVENTS

EXPLAINING BIOMETRICS