• Home
  • Internet
  • Internet News
  • UIDAI Bug Bounty Programme: 20 Ethical Hackers to Reportedly Detect, Fix Aadhaar Data Security Issues

UIDAI Bug Bounty Programme: 20 Ethical Hackers to Reportedly Detect, Fix Aadhaar Data Security Issues

These 20 hackers will be given access to the Central Identities Data Repository.

UIDAI Bug Bounty Programme: 20 Ethical Hackers to Reportedly Detect, Fix Aadhaar Data Security Issues

CIDR stores Aadhaar data of 1.32 billion Indians

Highlights
  • Applicants should be listed in top 100 of bug bounty leaders
  • The hackers must sign a non-disclosure agreement
  • No information on remuneration for the exercise

The Unique Identification Authority of India (UIDAI) has reportedly called out for 20 hackers who will be tasked to detect and fix vulnerabilities in the security system that guards the Aadhaar data of Indian citizens as a part of “bug bounty programme”. A report says that these “ethical” hackers will be given access to the UIDAI's Central Identities Data Repository (CIDR) that stores the Aadhaar data of 1.32 billion Indians. There have been instances in the past where Aadhaar details of people were leaked on the internet.

As per a report by News 18, an order was issued by the UIDAI on July 13 and it mentions that the authority has decided to run the bug bounty programme on its systems. Under this programme, these 20 hackers will be given access to the UIDAI's Central Identities Data Repository (CIDR) that stores the Aadhaar data of 1.32 billion Indians. They will find loopholes in the Aadhaar data security system and help the authority fix them.

In order to be selected by UIDAI, the applicants “should be listed in top 100 of the bug bounty leaders board such as HackerOne, Bugcrowd, or listed in the Bounty Programs conducted by reputable companies such as Microsoft, Google, Facebook, or Apple etc.” As per the order, “...the candidate should be active in the bug bounty community or programs and should have submitted valid bugs or received bounty in the last one year.”

Furthermore, the applicant is required to be an Indian resident and must have a valid Aadhaar number. The selected lot will also sign a non-disclosure agreement with UIDAI. If you are a current or former employee of UIDAI or one of its contracted technology support and audit organisations during the past seven years, you are not eligible for the work.

“In case more than 20 applications are received, then UIDAI reserves the right to evaluate and select top 20 suitable candidates…an independent committee shall be formulated to assess and verify the candidates' credentials, past bug hunting records or references and citations,” as per the order. There is no information available on whether or not these ethical hackers are paid remuneration for the exercise.

The development comes a month after it was reported that Aadhaar data of a large number of farmers was leaked by PM Kisan website, which is designed for the welfare of the agriculture sector in India. “The website provides an endpoint, which returns information about the beneficiary. This endpoint was also sending Aadhaar numbers,” Security researcher Atul Nair told Gadgets 360.

In 2019, the Jharkhand government reportedly exposed the unique identification numbers of its thousands of workers. State-owned liquid petroleum gas (LPG) manufacturer Indane was also reported to have exposed Aadhaar details of millions of its consumers.


Is the Nothing Phone 1 worth it beyond its design choices? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Sourabh Kulesh
Sourabh Kulesh is a Chief Sub Editor at Gadgets 360. He has worked in a national daily newspaper, a news agency, a magazine and now writing technology news online. He has knowledge on a wide gamut of topics related to cybersecurity, enterprise and consumer technology. Write to sourabhk@ndtv.com or get in touch on Twitter through his handle @KuleshSourabh. More
Netflix to Acquire Independent Animation Studio Animal Logic to Boost Animation Production Capabilities
Share on Facebook Tweet Snapchat Share Reddit Comment
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2022. All rights reserved.