I have to admire the courage of the people who have investigated and reported this, given that the entire leadership of UIDAI and its backers in the central government are intolerant of any criticism and have been known to file police complaints[1] against journalists, critics and whistleblowers. Even its visionary and leading cheerleader from the private sector preferred to imagine conspiracies rather than acknowledging its weaknesses [2].
This is one of the main reasons that this report doesn’t touch upon read access of the database. Rachna Khaira, one of the reporters already has a police case against her for her previois reporting on Aadhar database compromise. Getting even one user record would have landed all three journalists behind bars. It is left for the reader to conclude, and validated by various experts, that whole database is hacked. If a $5 tool can give you write access to a database, it is obvious whole database can be accessed too.
Btw, 4 months ago the UIDAI had completely denied of existence of such a patch calling it as "totally baseless, false, misleading, and irresponsible" [0].
It’s actually even better. There is no server side authentication on the application. And this keygen type of crack removes the client side authentication too. Full firehose access.
This can't be upvoted enough. The organization which outsources critical authentication to CIA-MI6 linked companies, and yet find the courage to indulge in the Orwellian-doublespeak of 'nationalism' is something that needs grave attention.
you link anything to `thewire.in`, I would call it propaganda. The other commenter on the thread asked a question about why can't the said journalist back up the claims about a $10 app.
Hate the govt all you want, but the Aadhar as you know is started by previous govt. It is if designed properly a good way to eradicate corruption for welfare schemes, so any ideas on how to do that are more appreciated than playing blame game on HN.
> you link anything to `thewire.in`, I would call it propaganda.
So you would colour everything by a certain journal with the same brush, without even looking into the reported claims? In the cited case, the content in the link (and the claim for which they were cited) is easily verified from multiple sources: [1], [2], and [3]. Even when The Daily Mail reports something outrageous and easily verified I verify it, and The Daily Mail is a tabloid.
> Hate the govt all you want, but the Aadhar as you know is started by previous govt.
This is neither here nor there. The "previous govt." was four years ago. In these four years, the current govt. — who used to claim to be staunchly against Aadhaar back then — have turned tail and zealously forced people into registering for Aadhaar and linking it with their phones, bank accounts, and even made it mandatory for kids to attend school. "But four years ago, someone else started it!" is a pointless argument when the current party has far more than enough time to fix it, or even just acknowledge the flaws.
> so any ideas on how to do that are more appreciated than playing blame game on HN.
Criticism is not a "blame game", unless the criticised turns it around and blames someone without accepting or refuting the criticism. Entertaining and listening to criticism IS a good way to improve one's product, not stuffing one's fingers into one's ears and claiming your product is the best ever and "unhackable" and filing police complaints against your critics to silence them.
[1]: https://thewire.in/tech/uidai-files-fir-tribune-reporter-aad...
[2]: https://timesofindia.indiatimes.com/india/theres-an-orchestr...