UIDAI Invites Top Hackers To Expose Vulnerabilities In Aadhaar’s Security System

UIDAI Invites Top Hackers To Expose Vulnerabilities In Aadhaar’s Security System

SUMMARY

UIDAI has called for empanelment of 20 top white hat hackers to expose any vulnerabilities in its Central Identities Data Repository

In its endeavour to secure Aadhaar data hosted in UIDAI’s CIDR, the UIDAI intends to conduct a ‘Bug Bounty’ program along with responsible disclosure of vulnerabilities, a circular said

The selected candidates will sign non-disclosure agreements with the UIDAI to avoid any breach of sensitive information acquired during the process

The Unique Identification Authority of India (UIDAI) has announced a ‘Bug Bounty’ programme to figure out vulnerabilities in Aadhaar’s data security system.

In a circular, the government arm called for empanelment of 20 top white hat hackers to expose any vulnerabilities in its Central Identities Data Repository (CIDR). 

“In its endeavour to secure Aadhaar data hosted in UIDAI’s CIDR, UIDAI intends to conduct a ‘Bug Bounty’ program along with responsible disclosure of vulnerabilities,” the circular said.

Such initiatives are common and large multinational companies offer monetary compensation in lieu of hackers exposing any vulnerabilities in a system. These initiatives enable companies to plug any loopholes before a negative actor exploits the bug to exploit the weakness.

The circular, which was issued on July 13, did not mention any financial remuneration in lieu of the services.

Elaborating on the eligibility criteria, the UIDAI said that the candidates listed among the top 100 bug bounty leaders on websites such as HackerOne and Bugcrowd would be allowed to participate in the event. Additionally, candidates listed in the bounty programmes conducted by companies such as Microsoft, Google, Facebook and Apple can also participate in the event. 

Apart from that, applicants who have submitted valid bugs or received bounty in the last one year will also be eligible to participate in the initiative. 

The UIDAI has capped the number of participants at 20 to report on the vulnerabilities plaguing the system. The body will form a panel to evaluate the applicants and verify the candidate credentials, and select the candidates accordingly.

The selected candidates will sign non-disclosure agreements with the UIDAI to avoid any breach of sensitive information acquired during the process. 

The UIDAI has, however, barred current and former employees of the agency from participating in the programme. Employees who have worked via contracted technology support and audit organisations hired by the UIDAI in the last 7 years will also be not eligible to participate in the event.

The candidates have also been told to participate in individual capacity, and they should not be aligned to any organisation.

Aadhaar is the world’s largest digital identity program that is host to personal and biometric data related to more than 1.32 Bn Indians. Under this, a 12-digit unique identity number is assigned to a citizen under which all data related to the person is stored. 

As such, Aadhaar is a major resource for hackers looking to leak personal information. A vulnerable system could be exploited by hackers to access data and exploit vulnerabilities. 

Previously, the government had told the Supreme Court that Aadhaar data is protected by a 2048 bit encryption and it would take ‘more than the age of the universe for the fastest computer on earth, or any supercomputer, to break one key of Aadhaar encryption’.

In a faux pas of sorts, hackers have previously proved many of these claims hollow. In 2018, the then Telecom Regulatory Authority of India (TRAI) chairman RS Sharma had shared his Aadhaar card number online and had issued a challenge to hackers to prove that it could be misused. 

Hours later, Sharma’s personal details such as PAN number and alternative phone number were put out on public domain by hackers putting the spotlight on safety of data.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

UIDAI Invites Top Hackers To Expose Vulnerabilities In Aadhaar’s Security System-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

UIDAI Invites Top Hackers To Expose Vulnerabilities In Aadhaar’s Security System-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

UIDAI Invites Top Hackers To Expose Vulnerabilities In Aadhaar’s Security System-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

UIDAI Invites Top Hackers To Expose Vulnerabilities In Aadhaar’s Security System-Inc42 Media
UIDAI Invites Top Hackers To Expose Vulnerabilities In Aadhaar’s Security System-Inc42 Media
You’re in Good company