FB pixel

Missing fingerprint liveness detection opens the door for Aadhaar spoofing attacks

| Joel R. McConvey
Categories Biometrics News  |  Fingerprint Recognition  |  Liveness Detection
Missing fingerprint liveness detection opens the door for Aadhaar spoofing attacks
 

Aadhaar is leaking again, and the Unique Identification Authority of India (UIDAI) is facing questions about the deployment of liveness detection in its biometric fingerprint authentication system. The Hindu reports that cases of financial fraud have been traced to fingerprint authentication in the Aadhaar-enabled Payment System (AePS) that did not employ liveness detection, which UIDAI had promised to roll out in March 2023.

Using thumbprint data and Aadhaar numbers downloaded from the Stamps and Registration Department in the state of Karnataka, perpetrators were able to create 3D images of the prints that fooled the unprotected authentication and allowed them to withdraw money through AePS. Victims were unaware of the transactions.

The Hindu says its requests for a comment from UIDAI on the lack of liveness detection in the modality have thus far gone unanswered. In February, UIDAI raised the issue of spoofing attempts with state governments and announced that it would introduce the liveness-enabled FMR-FIR (Finger Minutiae Record – Finger Image Record) fingerprint authentication modality on March 1.

With the Aadhaar national digital identity system being adopted for more use cases, India has hosted over 100 billion total authentication transactions. Liveness detection in biometric fingerprint authentication is working in some areas of the country – but not, apparently, Karnataka.

Aadhaar’s permeability has become an ongoing talking point, with questions about biometric data breaches, bugs, digital ID data offered for sale on the dark web, and, in this case, the use of single-factor authentication for financial transactions.

There are proposed fixes. In light of the AePS fraud, Karnataka will block out the first eight digits on all documents related to registration. However, questions about feasibility and timelines hover around practical implementation, and police point out that a similar blocking of digits was mandated before, but ignored.

Meanwhile, police are also seeking access to Aadhaar data in court, despite UIDAI restrictions on the use of biometric data by law enforcement.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

UK online child safety rules finalized by Ofcom ahead of July deadline

New rules have been set for protecting UK children from online harms with the publication of the Protection of Children…

 

IAM funding deals and dev challenge aim to solve enterprise identity threat

Identity security is under grave threat. For all of its advantages, digital identity represents a vulnerability that can be leveraged…

 

WISeKey in talks with several African govts for digital ID systems rollout

Swiss digital ID provider WISeKey has announced that it is negotiating with an undisclosed number of African governments for the…

 

Biometrics startup gets accelerator backing for Africa, Middle East expansion

Startup Vove ID has secured funding from The Baobab Network to support an expansion of its biometric KYC and AML…

 

NHIs see new funding, products and security approaches

Non-human identities (NHI) like AI agents now outnumber human users in many organizations. Companies are coming up with products to…

 

White House includes NSF research on deepfakes among threats to free speech

The U.S. National Science Foundation (NSF) has new priorities, and while some might call them great priorities – tremendous priorities,…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Market Analysis

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events