1. Home
  2. Bengaluru: 31-yr-old techie arrested for accessing Aadhaar data

Bengaluru: 31-yr-old techie arrested for accessing Aadhaar data

coastaldigest.com news network
August 4, 2017

Bengaluru, Aug 4: Bengaluru city police has arrested a young techie on the charge of accessing Aadhaar data following a complaint filed by the Unique Identification Authority of India (UIDAI) last week.

The arrested is Abhinav Srivastav, 31, an IIT-Kharagpur graduate, who is currently employed by ANI Technologies, which owns the Ola brand, as a software development engineer. He has been accused of accessing Aadhaar information in January 2017 through an app named ‘Aadhaar e-KYC’, which was available on the Google Play store till recently.

Police said Srivastav had developed five apps and made ₹40,000 from advertisements displayed on them. Police are now scanning all his apps to see whether more violations were committed. The Aadhaar e-KYC app was downloaded over 50,000 times from the Google Play store since its launch in January, the police said.

City Police Commissioner T. Suneel Kumar said that based on the complaint, six teams of police comprising 26 personnel were formed to nab Srivastav and they tracked him down to Koramangala after a week. He has been accused of using the services of another app, ‘e-hospital’, which is listed as an authenticated user agency (AUA) authorised to access UIDAI data.

A senior police officer said there were around 400 entities that have been authorised to access the data for authentication. Srivastav’s company was not among those authorised.

A native of Kanpur, Srivastav completed his M.Sc. in Industrial Chemistry from IIT-Kharagpur and joined a private firm in 2010 as a security researcher. He launched Qarth technologies in 2012 and shut it down in 2016 owing to financial reasons. In March 2016, Ola announced that it had acquired Qarth and its mobile payments product, X-Pay. Srivastav then joined another private firm before joining ANI Technologies last year.

Investigation revealed that the e-hospital company is not aware of his activities. However, further probe is on to ascertain the facts.

The ability of a software engineer to bypass strict protocols set in place by the UIDAI to access critical data puts the spotlight firmly on the security measures employed to protect Aadhaar data.

Police investigation have revealed that Srivastav had piggy-backed on the infrastructure of another app for hacking the data base.

“Aadhaar related information, legally housed by the National Informatics Centre server, was illegally and without authorisation accessed and used to support this mobile application,” said the police statement.

Srivastav, in order to give his ‘Aadhaar e-KYC’ app an air of authenticity, hacked into the server of the NIC, which houses the e-hospital system, which is a solution for government hospitals to handle patient care and other services, including medical records management.

As part of its regulations, the UIDAI accords certain agencies the title of an AUA, which can then provide Aadhaar-enabled services to the cardholder. For authentication, these agencies have to connect to the Central Identities Data Repository (CIDR) through the services of a Authentication Service Agency (ASA). ASAs are bound by regulations that stipulate encryption of data and logging of access.

The 'e-hospital’ platform had access as a registered AUA. Srivastav used this server to route his app requests for data access and managed to steal the data, the police said.

Question raised

In 2016, a paper titled ‘Privacy and Security of Aadhaar: A Computer Science Perspective’ by the Computer Science and Engineering Department of IIT-Delhi raised the question of leakage of Aadhaar number from an AUA.

The paper, which also discusses several other possible threat scenarios, said, “This, however, does not fully mitigate the risks and the possibility of leakage of the Aadhaar number from an AUA, either from the database, or during “Know Your Customer” (KYC) processes, or even during availing services, cannot be ruled out. In particular, there appear to be no safeguards or even guidelines, either technical or legal, on how the Aadhaar number should be maintained and used by various AUAs in a cryptographically secure way, and how to prevent the Aadhaar number of an individual from becoming public.”

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
May 12,2024

Mangaluru, May 12: In a shocking development, a group of pilgrims which had travelled from Mangaluru International Airport to Saudi Arabia earlier this month, to perform Umrah has alleged that 26,432 Saudi Riyals, which were kept in a bag, have been stolen. 

In a complaint submitted to the Bajpe Police, Soukath Banu, wife of Ahmed Iqbal of Ajyad Tours and Travels, said that her husband, Ahmed Iqbal, along with 35 members, planned and scheduled to perform the Umrah and were travelling from Mangaluru International Airport (MIA) via Mumbai to Jeddah. 

Soukath Banu had given Ahmed Iqbal 2,000 Saudi Riyals for performing Umrah and other expenses. The group members were also told to bring Saudi Riyals to meet their expenses.

In her plaint, Soukath stated that the group had left for Jeddah on an IndiGo flight via Mumbai, and their return ticket to India was booked for May 13. 

At the airport, she said that 26,432 Saudi Riyals were collected in total, and they decided to keep them in baggage that had a lock. Accordingly, it was kept in the bag of Mohammad Badruddin Kadambar. The airport staff had even questioned what he had kept in the bag. 

The group reached Jeddah on May 1. To their surprise, Kadambar found that the baggage lock was broken open, the zip was damaged, and cash was stolen upon reaching Jeddah.

DCP (Law and Order) Sidharth Goyal said that following the complaint, one round of CCTV checks was conducted at the MIA along with the CISF personnel. The loading at the MIA was intact.

Further checks have to be carried out at Mumbai and Jeddah Airport as the victim found out that cash was missing only when they got the bag at the final destination, he added.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
May 10,2024

Mangaluru: A teenage boy from a remote village in Dakshina Kannada district, who was undergoing treatment for stomach pain for past few days, breathed his last after hospitalization. 

The deceased has been identified as Nithin Kumar, 19, who had completed PUC and was attending computer classes. 

According to police, on May 4, when he informed his family that he had been suffering from a stomach-ache for the past 4-5 days, his family members took him to a clinic in Kaniyoor.

The doctors who examined him advised him to undergo scanning. He was informed about a kidney stone and later, they returned home. That same night, he suffered from stomach-ache again and was rushed to a private hospital in Puttur.

On May 7, as per doctors’ advice, he was discharged around 12:45pm. However, when he came home around 2:30pm, he again suffered from stomach-ache and was taken to another private hospital in Puttur, where doctors conducted a surgery.

On Wednesday, as per doctors’ advice, he was asked to be shifted to Mangaluru for better treatment.

He visited a private hospital in Derakatte, where doctors suggested that he be shifted to government Wenlock Hospital.

The doctors who examined him at the Wenlock Hospital declared him dead. A case has been registered at the Bellare police station, and an investigation is on.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
May 12,2024

param.jpg

Bengaluru: Karnataka Home Minister G Parameshwara on Sunday said that the Special Investigation Team (SIT), probing into sexual abuse charges against Hassan MP Prajwal Revanna, will not be going abroad to bring him back, and the Interpol will share information about him.

He also cautioned political leaders about making public statements or sharing information in connection with the case, which is sensitive.

The 33-year-old Prajwal Revanna, who is grandson of JD(S) patriarch and former Prime Minister H D Deve Gowda, is facing charges of sexually abusing several women.

The scandal has raised a political storm with the ruling Congress and BJP-JD(S) engaged in a slugfest.

Prajwal Revanna is said to have flown abroad on April 27, a day after the first phase of Lok Sabha polls in Karnataka was held.

He was BJP-JD(S) alliance's joint candidate from Hassan Lok Sabha segment, which went to polls in the first phase.

"No, there is no such option. Blue Corner Notice has been issued and the Interpol will share the information. The respective country in which he is found or identified - they will inform them (Interpol) and then our agencies, the CBI will get to know, and through them we will get to know."

"So far there is no information," Parameshwara said.

He was responding to a question on reports about the SIT team travelling abroad in connection with the case.

Speaking to reporters, he said, "Investigation is going on, not to affect the investigation we don't want to share any information."

Responding to a question on Union Minister Pralhad Joshi's statement alleging conspiracy behind the arrest of BJP leader Devaraje Gowda, for making allegations against Congress leaders in connection with the case, Parameshwara said, "If anyone says anything I cannot react to it. We cannot respond to every public statement. As this is a serious case, we cannot share information until the investigation is completed."

"My request to the public and to our leaders is to be cautious while making statements. If not, based on the statements given by them, we may have to call them for investigation and record their statement under 41 A of CrPC," he added.

Asked whether JD(S) leader H D Kumaraswamy will also be served notice, the Minister said he is a former CM and that he believes that the former has taken this case seriously.

"Before giving any statements on this case or before sharing any information in the public domain, one has to be cautious, and this applies to all," he added.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.