SIM card operator replicates Aadhaar database using fingerprint photos

A SIM card operator was able to successfully forge fingerprints by downloading Aadhaar credentials

There have been a number of stories around Aadhaar data breaches, and we have been hearing the same boilerplate response from UIDAI about how the Aadhaar biometric data is safe.

In the latest twist to the tale, it has been learned that a SIM card operator, named P Santosh Kumar, was able to successfully forge fingerprints by downloading Aadhaar credentials of people from Telangana government's registration and stamps department website. According to a Times of India report, a Peddapally district-based Vodafone SIM distributor activated over 6,000 SIM cards through eKYC system after creating an Aadhaar database.

Woman using an iris scanner for UIDAI Aadhaar registration. Image: Reuters

Woman using an iris scanner for UIDAI Aadhaar registration. Image: Reuters

The report stated that UIDAI lodged a complaint against the accused, for illegal Aadhaar eKYC linking. Kumar confessed that he did the fraudulent eKYC to earn maximum commission from the telecom service provider for activating SIM cards. Kumar downloaded property registration documents from the Telangana government website which in addition to having the name, address, Aadhaar number of the victims, also had their fingerprint photos. Kumar scanned these prints and printed it on a polymer using a special printer that he purchased online. After getting a fingerprint scan on the polymer, the polymer was then placed on the eKYC machine to activate SIM cards on different names.

According to a report in The Wire, the entire cost of stealing your identity (getting fingerprints of Aadhaar holder and printing them) has been brought down to Rs 125. The cost to get the property registration documents (which contain the name, address, fingerprints of buyers, sellers and two witnesses) costs Rs 210-Rs 235 and the cost to create an Aadhaar database per person comes to around Rs 50 to Rs 60. The report breaks down the costs involved in this entire scheme, and how much commission can be earned.

Apparently, this printing of the fingerprint scan on a polymer was a technique that was unearthed in 2017 when another Aadhaar racket was busted. The Uttar Pradesh police had arrested the accused who would make fake fingerprints of authorised Aadhaar operators to issue fake Aadhaar cards. The fingerprints of the genuine Aadhaar operators were printed on a butter paper and the artificial fingerprints were then made using polymer resin. This was then used to log in to the Aadhaar system.

Here is a whole list of Aadhaar security breaches that have been recorded so far.




also see

science