FB pixel

Missing fingerprint liveness detection opens the door for Aadhaar spoofing attacks

| Joel R. McConvey
Categories Biometrics News  |  Fingerprint Recognition  |  Liveness Detection
Missing fingerprint liveness detection opens the door for Aadhaar spoofing attacks
 

Aadhaar is leaking again, and the Unique Identification Authority of India (UIDAI) is facing questions about the deployment of liveness detection in its biometric fingerprint authentication system. The Hindu reports that cases of financial fraud have been traced to fingerprint authentication in the Aadhaar-enabled Payment System (AePS) that did not employ liveness detection, which UIDAI had promised to roll out in March 2023.

Using thumbprint data and Aadhaar numbers downloaded from the Stamps and Registration Department in the state of Karnataka, perpetrators were able to create 3D images of the prints that fooled the unprotected authentication and allowed them to withdraw money through AePS. Victims were unaware of the transactions.

The Hindu says its requests for a comment from UIDAI on the lack of liveness detection in the modality have thus far gone unanswered. In February, UIDAI raised the issue of spoofing attempts with state governments and announced that it would introduce the liveness-enabled FMR-FIR (Finger Minutiae Record – Finger Image Record) fingerprint authentication modality on March 1.

With the Aadhaar national digital identity system being adopted for more use cases, India has hosted over 100 billion total authentication transactions. Liveness detection in biometric fingerprint authentication is working in some areas of the country – but not, apparently, Karnataka.

Aadhaar’s permeability has become an ongoing talking point, with questions about biometric data breaches, bugs, digital ID data offered for sale on the dark web, and, in this case, the use of single-factor authentication for financial transactions.

There are proposed fixes. In light of the AePS fraud, Karnataka will block out the first eight digits on all documents related to registration. However, questions about feasibility and timelines hover around practical implementation, and police point out that a similar blocking of digits was mandated before, but ignored.

Meanwhile, police are also seeking access to Aadhaar data in court, despite UIDAI restrictions on the use of biometric data by law enforcement.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Boarding tomorrow: SITA envisions the future of air travel in Singapore Experience Center

Jewel Changi waterfall at Singapore Changi Airport, November 2025 (Photo/Lu-Hai Liang) Singapore Changi has a singular distinction among airports. Besides the…

 

AgeAware goes live, setting up faceoff between reusable age check systems

AgeAware, the cryptographic token-based age assurance system developed by the nonprofit euCONSENT ASBL, has gone live. The launch comes in…

 

Scottish Biometrics Commissioner launches strategic plan, 4 police reviews

A better public understanding of how police in Scotland use biometrics and a series of reviews to provide assurance that…

 

EU AI Act proposals could rewire GDPR, water down tech regulations

The European Commission is considering amending its landmark AI Act as Brussels faces overwhelming pressure from U.S. tech companies and…

 

Yubico adds Hypr, Nametag identity verification options to passkey service

Yubico has added support for digital identity verification from Hypr and Nametag to its YubiKey as a Service platform to…

 

Wallets for the win: digital payment model enters pantheon of everyday tech

After Commodores, IBMs and Macs; Segas and Nintendos; mp3s and streaming services; smartphones and tablets and apps; biometrics and everything…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events