Aadhaar security: Hackers probed

UIDAI launches bug bounty for Aadhaar security
Elite hackers to find flaws for rewards
Initial phase targets key Aadhaar portals

Summarized by AI ⓘ

Today In India

SEE ALL

News18

5 Indian Cities With The Most Instagrammable Pink Blossoms Right Now

Feedpost Specials

Mawlynnong's Sunday Ban: Asia's Cleanest Village Prioritizes Local Life

Feedpost Specials

RBI Explores AI Facial Recognition at ATMs and Branches to Combat Banking Fraud

What is the story about?

Uncover the innovative strategy by UIDAI to fortify Aadhaar's digital defenses. Learn how a new bug bounty program engages elite hackers to uncover security gaps before they can be exploited.

A New Defense Layer

The Unique Identification Authority of India (UIDAI) has launched an innovative Aadhaar Bug Bounty Programme, a proactive measure designed to significantly

enhance the security of its digital infrastructure. This initiative actively enlists the expertise of ethical hackers and cybersecurity professionals to scrutinize systems connected with Aadhaar services. The core objective is to unearth potential security weaknesses within platforms managed by UIDAI, thereby strengthening the overall integrity and safety of the digital identity system. By inviting these security researchers to conduct thorough testing, UIDAI aims to identify and address vulnerabilities before they can be exploited, ensuring greater protection for the vast amounts of personal data handled by Aadhaar.

Rewards for Vigilance

As part of this groundbreaking programme, cybersecurity experts who successfully identify and responsibly report genuine vulnerabilities within designated UIDAI digital platforms are eligible for rewards. The bounty structure is meticulously designed to incentivize diligent security research, with payouts directly correlating to the severity of the discovered flaw. Vulnerabilities are classified into four distinct categories: critical, high, medium, and low, based on their potential impact on system security. Consequently, more significant security risks, which could pose a greater threat, will command higher reward amounts. This tiered reward system is strategically implemented to encourage researchers to report issues through the official disclosure channels, rather than publicizing them, thereby maintaining system integrity.

Targeted Digital Platforms

The initial phase of the Aadhaar Bug Bounty Programme focuses on a carefully selected set of UIDAI's key digital platforms. These include the official UIDAI website, the user-friendly myAadhaar portal, and the Secure QR Code application. Participating security researchers are tasked with meticulously examining these systems to pinpoint any potential security loopholes or exploitable weaknesses. Upon discovery of a vulnerability, it is imperative for the researcher to follow the established official disclosure protocol. The UIDAI will then conduct a thorough review of the submitted report, assess the severity of the identified issue, and subsequently determine the appropriate reward before any payment is issued, ensuring a systematic and secure process.

Exclusive Inaugural Phase

Currently, the Aadhaar Bug Bounty Programme is not accessible to the general public. UIDAI has initiated the first phase with a curated group of 20 experienced cybersecurity professionals and ethical hackers. These individuals were chosen based on their proven track record and extensive experience in identifying vulnerabilities and contributing to the cybersecurity landscape. While UIDAI has indicated the possibility of expanding the programme in the future, participation at this introductory stage remains exclusively limited to this pre-selected panel. This controlled rollout ensures effective management and evaluation of the programme's initial impact and operational efficiency.

Responsible Disclosure Mandate

A fundamental requirement for all participants in the Aadhaar Bug Bounty Programme is strict adherence to responsible disclosure guidelines. Researchers are obligated to report any discovered vulnerabilities directly to UIDAI through the designated official channels, without delay. It is explicitly forbidden for them to exploit or misuse the vulnerability, nor to disclose it publicly before informing UIDAI. Furthermore, their security testing activities must be confined solely to the platforms explicitly approved under the scope of the programme. This commitment to ethical conduct and secure reporting ensures that the initiative genuinely contributes to strengthening Aadhaar's security infrastructure.

Comprehensive Security Measures

The Aadhaar bug bounty initiative is being implemented in collaboration with ComOlho IT Private Limited, a partner organization that will provide crucial support in managing the programme's operations. UIDAI emphasizes that the security of its systems is a paramount concern, given the critical nature of identity-related information managed for a vast population. Beyond this new programme, UIDAI already employs a multi-layered security strategy that includes regular audits, vulnerability assessments, penetration testing, and continuous monitoring of its systems. The bug bounty programme acts as an additive layer, leveraging the insights of independent external experts to identify potential risks that might otherwise be overlooked.