UIDAI has called for the integration of 20 white hat hackers to expose any vulnerabilitie in its Central Identity Data Repository. In its effort to protect Aadhaar data housed in UIDAI CIDR, UIDAI intend to conduct a bug bounty program in conjunction with responsible vulnerability disclosure, according to a circular. The selected candidate will sign confidentiality agreement with the UIDAI to avoid any leakage of sensitive informations acquired during the process.
UIDAI invites 20 hackers
The Unique Identification Authority of India UIDAI has announced a Bug Bounty program to discover vulnerabilities in Aadhaar’s data security system.
Read Also : Snapdeal In Final Stages Of Integration On ONDC
In a circular, the government arm called for the integration of 20 white hat hackers to expose any vulnerabilities in its Central Identity Data Repository CIDR.
In its effort to protect Aadhaar data hosted in the UIDAI CIDR, UIDAI intends to conduct a Bug Bounty program in conjunction with responsible vulnerability disclosure, the circular said.
Such initiatives are common, with large multinational companies offering monetary compensation in lieu of hacker exposing any vulnerabilities in a system. These initiatives allow companies to plug any loopholes before a negative actor exploits the bug to exploit the weakness.
The circular, which was issued on July 13, did not mention any financial remuneration in lieu of services.
Delving into the eligibility criteria, the UIDAI said that candidates listed in the top 100 bug bounty leaders on websites such as Hacker One and Bugcrowd would be able to participate in the event. Additionally, candidates listed in reward programs conducted by companies such as Microsoft, Google, Facebook, and Apple can also participate in the event.
Aside from that, applicants who have submitted valid bugs or received bounties in the last year will also be eligible to participate in the initiative.
The UIDAI has limited the number of participant to 20 to report on the vulnerabilities plaguing the system. The agency will form a panel to screen applicants & verify candidates credentials, and select candidates accordingly.
The selected candidates will sign confidentiality agreements with the UIDAI to avoid any leakage of sensitive information acquired during the process.
However, the UIDAI has prohibited current and former agency employees from participating in the program. Employees who have worked through contracted technology support & auditing organizations contracted by the UIDAI in the last 7 year will also not be eligible to participate in the event.
Candidates have also been told to participate in an individual capacity and must not be aligned with any organization.
Aadhaar is the world largest digital identity program housing personal and biometric data related to over 1.32 billion Indian. Under it, a citizen is assigned a unique 12 digit identity number under which all data related to the person is stored.
As such, Aadhaar is an important resource for hacker looking to leak personal information. Hacker could exploit a vulnerable system to access data and take advantage of vulnerabilities.
Earlier, the government had told the Supreme Court that Aadhaar data is protected by 2048 bit encryption and that it would take more than the age of the universe for the world fastest computer, or any supercomputer, to crack a Aadhaar cipher key.
In something of a misstep, hacker have previously proven many of these claim to be false. In 2018, the then chairman of the Telecommunication Regulatory Authority of India TRAI, RS Sharma, shared his Aadhaar card number online & issued a challenge to hackers to prove that it could be misused.
Hours later, Sharma personal detail, such as the PAN number & alternative phone number, were released into the public domain by hacker with a focus on data security.