Discussion on Aadhaar Based Bank Frauds!

www.newindianexpress.com

People lose money after conmen steal Aadhaar biometric data in Mangaluru

Lokesh and his wife from Shaktinagar in the city, who lost Rs 10,000 each, filed a complaint that money was siphoned off their Aadhaar-linked bank accounts.
www.newindianexpress.com www.newindianexpress.com

Days after a couple applied to register their new property, they lost Rs 10,000 each from their Aadhaar-linked bank accounts. Many others have lost money after their biometrics and Aadhaar Enabled Payment System (AePS) details were taken for property registration at the sub-registrar office here.
 

Indian state government fixes website bug that revealed Aadhaar numbers and fingerprints [LINK]

A security researcher says a bug on an Indian state government website inadvertently revealed documents containing residents’ Aadhaar numbers, identity cards and copies of their fingerprints.
Click to expand...
it was possible to obtain land deeds, which contain records about the owners of a piece of land, from the e-District website by guessing sequential deed application numbers.
Click to expand...
Using publicly available tools like Burp Suite
Click to expand...

Probably one of the oldest bugs in the book, a basic pen-testing would've immediately revealed, which essentially is what the security researcher did. In fact, these are the kind of bugs you wouldn't expect to even reach the testing stage. Only way this hasn't gotten exploited is if malicious actors outsmarted themselves and they're also going "No way!" as they read this with the rest of us.
 
TEUser2K1 said:
www.deccanherald.com

Rise in Aadhaar biometric fraud keeps cops on their toes

In late October, Bengaluru's North-East Cyber Economic and Narcotics Crime (CEN) police arrested two men from Bihar who downloaded publicly available registration papers with Aadhaar numbers and thumb impressions from the state government’s Kaveri portal for property registration and used them...
www.deccanherald.com www.deccanherald.com
Click to expand...

I am glad that at least we're getting some more details about the actual operations:
“They place the thumb impression on the registration sheets on the butter paper, place a silicone sheet on it and heat it for around five minutes using ultraviolet lamps,” the officer said. “This transfers the biometric to the silicone sheets.”
Another officer said that the thumb impressions would be transferred to photopolymer sheets through thermal print. “They also use scanners with high-resolution and then take a printout on photographic films. When they try 100 such scans and prints around 10 work.”
The scamsters then use apps like Spice Money, Ezeepay and others, which provide Aadhaar Enabled Payment System (AEPS) services and also withdraw money through micro ATMs.
Click to expand...
 
Fellas, just had somebody try to authenticate my aadhaar using fingerprint 4 times today.
Good thing I blocked my biometric.

Screenshot .jpg


Whatever the govt. is doing/did, its not working very well.
 
The cybercrime wing of the Hyderabad police on Wednesday arrested six persons for allegedly cloning fingerprints of bank account holders and using them to carry out unauthorised transactions. They were members of a gang of eight, which cheated several account holders of ₹10 lakh, the police said.
Click to expand...

According to the police, the gang members used Aadhaar-enabled payment system to carry out about 2, 500 transactions.

A investigation was launched after an official of Mumbai-based Fino Payment Bank Limited (FPBL) approached the police and reported that the National Payment Corporation of India in September flagged suspicious transactions linked to one of its merchant terminal ID.

The said terminal was identified as allotted to one K. Srinu, a business correspondent in Hyderabad. The police investigation showed that the accused conspired to make easy money through Aadhaar-enabled payment system.
Click to expand...
The gang cloned about 1,000 fingerprints from the soft copies of about 2,500 land registration documents supplied by accused Ch. Narendra. The other arrested are N. Asadharan alias Rupesh, S. Uday Kiran, Md. Iyaz, R. Shiva Krishna and K. Srinu.
Click to expand...
www.thehindu.com

Fingerprint cloning racket busted in Hyderabad

Six persons arrested in Hyderabad for cloning fingerprints of bank account holders and using them to carry out unauthorised transactions. Gang cheated several account holders of ₹10 lakh. Used Aadhaar-enabled payment system for 2,500 transactions.
www.thehindu.com www.thehindu.com
 
I just went over this thread and realised how vulnerable an unlocked Aadhar is. Btw, have you tried masked aadhar? Govt. was promoting it but I don't think they are accepting it anywhere ( Airports, trains, Airtel /Jio) . I think masked aadhar should become a norm and aadhar biometrics should be locked by default.
 
@ibose

> Well, at least that proves that locking the biometric works.

Problem is that you have to start unlocking it days ahead, in case you need any work done when required.
Lot of complaints about unlocking.
 
TEUser2K1 said:
@ibose

> Well, at least that proves that locking the biometric works.

Problem is that you have to start unlocking it days ahead, in case you need any work done when required.
Lot of complaints about unlocking.
Click to expand...

I disagree.
My relative goes to Ratio-Shop. I personally unlock just before 1hr and then re-lock it when done.
 
TEUser2K1 said:
@ibose

> Well, at least that proves that locking the biometric works.

Problem is that you have to start unlocking it days ahead, in case you need any work done when required.
Lot of complaints about unlocking.
Click to expand...
Does unlocking does not happens instantly? Like locking instantly.

Any idea, how many days or hours it takes approximately to wait for unlock?
 
TEUser2K1 said:
@ibose

> Well, at least that proves that locking the biometric works.

Problem is that you have to start unlocking it days ahead, in case you need any work done when required.
Lot of complaints about unlocking.
Click to expand...
Locking and Unlocking biometric is pain because of their faulty OTP system. BTW for any government employees who have attendance based on the biometrics, aren't they also vulnerable as they can't lock their biometric?
 
Futureized said:
Does unlocking does not happens instantly? Like locking instantly.

Any idea, how many days or hours it takes approximately to wait for unlock?
Click to expand...
In my experience, Lock-Unlock is almost instant.
(Still give 10 mins of wait time)

The website itself slows down at random times....
 
TEUser2K1 said:
@ibose

> Well, at least that proves that locking the biometric works.

Problem is that you have to start unlocking it days ahead, in case you need any work done when required.
Lot of complaints about unlocking.
Click to expand...
You need biometric to be unlocked only if there is an biometric authentication requirement as part of the "convenient" eKYC. Otherwise where do you require it ? How frequently is that needed to be done ? I try to avoid giving out my Aadhar as far as possible anyways. Note that the biometric lock is separate from a Aadhar lock.
uidai.gov.in

Biometric Lock/Unlock - Unique Identification Authority of India | Government of India

UIDAI is mandated to issue an easily verifiable 12 digit random number as Unique Identity - Aadhaar to all Residents of India.
uidai.gov.in uidai.gov.in
uidai.gov.in

Aadhaar Lock/Unlock - Unique Identification Authority of India | Government of India

UIDAI is mandated to issue an easily verifiable 12 digit random number as Unique Identity - Aadhaar to all Residents of India.
uidai.gov.in uidai.gov.in
 
Last edited:
Back
Top