Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
We have been told our data is completely secure and âhack-proofâ. But, let me tell you, there is nothing in this world which is âhack-proofâ.
During the Second World War, the Germans used Enigma machine to protect their messages.They could punch in a message (eg.âFood supplies coming from the westâ). The machine would produce gibberish, (eg.âA1B2# C3D4$#ED JD@#KK #$%%#â). This is broadcasted over the radio. On the receiving end, when you type the same gibberish, you get back the original message. It was only a matter of time. Alan Turning cracked the Enigma code which played a key role in the defeat of the Nazis.
The inventor of the Enigma machine made some mathematical assumptions. Alan Turing broke those assumptions which enabled him to crack the code. Security is built around such technical assumptions. We have a lot of Alan Turings(hackers) who challenge those assumptions and break them. Such incidents occurred numerous times during in the past. It will continue to happen, that is how we advance. Considering past events how can one call their system âhack-proofâ?
When you visit Aadharâs portal, you see buttons, images, information etc. But, a security expert sees things which are invisible to naked eyes. They have seen security flaws and pointed it out several times. They gave solid proof that UIDAIâs security is weak. Their intention is only to strengthen Aadhar security.
When your child does something wrong, you correct them for their own benefit. Sometimes he/she accepts and rectifies their mistake. Sometimes they donât accept their mistake and cry âI donât like youâ.
We have such a child here, who fail to accept the security flaws and label those who try to help as âCampaigners against Aadharâ.
Bringing Sticks to a Gun Fight
Have a look at the mAadhaar app.
It stores your profile information (Name, Date of Birth, etc). It allows certain functionality such as biometric locking/unlocking and time-based OTP generation.
When you open the app for the first time, it asks you to set a password. Later, you can use the same password to unlock its functionalities. Hence, even if someone steals your phone, they canât access the app.
A French security researcher downloaded the app. He found something strange.
The password you set while registering is stored in a safe box. Every time, you open the app, it asks you to enter your password, the app then unlocks the safe box and check if they match. If it does, you get access to the app.
There exists a key to the safe box where your password is stored. The key is simply a set of characters like âA233ASDâ. If this key is compromised then anyone can access your password and access the appâs functionalities.
The key to the safe box must be unique. Your key and my key shouldnât be the same. If it is same, I can unlock your phoneâs safe box with my key and get access to its functionalities. The French security researcher found out that all mAadhar customers have the same key.
Itâs like the Indian government giving its citizens a lock and key to secure their houses. The problem is every citizen has the same exact lock. Anyone can open anyone elseâs house with their own key.
I have seen such stupidity in Suppandi stories. Your mAadhar app is presently vulnerable. One can choose to believe it or delude oneself to authorities who say âYour data is completely secure and âhack-proofââ.
Aadhar Security, Bringing Sticks to a Gun Fight was originally published in Hacker Noon on Medium, where people are continuing the conversation by highlighting and responding to this story.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.