The flaw is based on USSD that was publically shared by UIDAI in December telling if your bank account has been linked with your Aadhaaar number or not.
The government has been very persistent in pushing Aadhaar as the primary government ID and also in assuring that the system is very safe. Even after an exposé appeared in The Tribune of how easily one can get
**Aadhaar details** of anyone for just Rs 500,
**UIDAI** has been very adamant about the security of the Aadhaar system. Now, another flaw has been found in this “secure” system, where anyone can access the name of your Aadhaar-linked bank account via any phone. While this is certainly not as serious as a data breach, the flaw does open up anyone to social engineering attacks. [caption id=“attachment_3419850” align=“alignleft” width=“380”]![Representational image. Image courtesy: CNN-News18]()
Representational image. Image courtesy: CNN-News18[/caption] The flaw, according to a Hindustan Times
report_,_ is based on the USSD (Unstructured Supplementary Service Data) that was publically shared by UIDAI in December and tells the user if their bank account has been linked with their Aadhaaar number or not. Just Dial *99*99*1# from your phone, enter your Aadhaar number, confirm it and if your bank account is linked, the name of the bank is displayed. This sounds like a good system, but the problem is that you can enter anyone’s Aadhaar number and find out the name of the bank linked to that account. No authentication service has been provided for verifying whether the original Aadhaar user is trying to find out if their account is linked or not. Now, just knowing the name of the bank does not seem like a big deal initially, however, telemarketers, spammers and hackers can use this information for various nefarious purposes, including
spear-phishing, as suggested by the HT report. Having your Aadhaar and bank account details just lends the attacker more credibility. On 10 January In a bid to address privacy concerns, the UIDAI introduced a new concept of ‘
**Virtual ID** ’ which Aadhaar-card holders can generate from the UIDAI website and give for various purposes, including SIM verification, instead of sharing the actual 12-digit biometric ID. The Virtual ID will be a temporary and a revocable 16 digit random number mapped to a person’s Aadhaar number and the Aadhaar-issuing body will start accepting it from 1 March, 2018. With inputs from PTI
 "Latest Aadhaar security flaw isn't as serious as a data breach, but leaves the public open to social engineering attacks")
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
