3 men gangrape, brutalise woman in Bengal district
10 men, who were nabbed in Uttar Pradesh, cloned fingerprints of enrolment operators to subvert biometric security system
MIDNAPORE: Bengal police have arrested one person in connection with the gang rape case in Sainthia of Birbhum district. A woman from Sainthia town was allegedly gangraped by three men who drove a bottle in her private parts, police said.
The arrest of 10 men for allegedly cloning fingerprints to subvert Aadhaar’s vaunted biometric-based security system has revealed fresh vulnerabilities in India’s controversial identity project.
On Sunday, the Uttar Pradesh police announced they had busted a Lucknow-based gang, which stole the fingerprints of authorised Aadhaar enrolment operators.
These fingerprints were cloned and used to access the Unique Identification Authority of India (UIDAI)’s enrolment service to create “fake” Aadhaar numbers.
“The gang hijacked the fingerprints and login-ids of Aadhaar enrolment operators, and also bypassed UIDAI’s iris-scan based security,” Uttar Pradesh’s additional superintendent of police for cybercrime, Dr Triveni Singh, told HT, describing a modus-operandi that sounded like the plot of a sci-fi movie.
The arrests were made on the basis of a complaint filed by the Unique Identification Authority of India on August 16 this year. In a press note, the UIDAI said “the attempt to generate fake Aadhaar card was foiled by the robust UIDAI system”.
However, experts say the arrests point to the inherent vulnerability of Aadhaar’s architecture.
MODUS OPERANDI
Enrolling a fresh user to the Aadhaar database requires the presence of an authorised enrolment operator, who accesses the UIDAI system using his fingerprints and a scan of his retina.
In the Lucknow case, the police said, the gang acquired images of the fingerprints of Aadhaar enrolment operators, printed these images on butterpaper, and placed these prints on a sheet of a light-sensitive resin which was then exposed to ultraviolet light.
The cloned fingerprint obtained at the end of this process, Dr Singh said, looks like an office rubber-stamp that can be pressed down on a biometric reader.
When the police raided the gang’s premises, they confiscated 46 such fingerprint stamps.
The hackers also devised a way to subvert the retina-scan requirement. “We are on the lookout for the software developer who helped them bypass the retina-scan,” Dr Singh said, add- ing that fingerprint stamps and technical knowhow was widely distributed to allow multiple logins and enrolments using the stolen credentials.
Security experts have repeatedly pointed to the inherent vulnerability of systems like Aadhaar that rely on biometric security.
“Biometrics are public information as they can be captured and replicated using a high resolution camera,” said Subhashis Banerjee, Professor of Computer Science Engineering at IIT Delhi, “Using biometrics alone as a passcode is conceptually flawed.”
However, many new applications
like the Aadhaar-Enabled Payment System (AEPS) use biometrics as the sole authenticator for financial transactions.
Prof. Banerjee said biometric theft was likely to increase as the widespread adoption of aadhaar, particularly for financial transactions, would increase the incentives for criminal activity.