A french security researcher has reportedly found a security flaw in the mAadhaar app which makes it easy for someone with physical access to any user’s phone to acquire their personal Aadhaar card details. In a series of Tweets, he explained the flaw and has pointed out the issues that afflict the mAadhaar Android app. He further says that it is super easy to get the password of the local database since the mAadhaar is saving all the biometric settings in a local database which is protected with a password. And, to generate the password, they used a random number with 123456789 as seed and a hardcoded string db_password_123. He also said that debug feature that is enabled in the app by default lets someone to repack the app with the logging activated and distribute it so all your Aadhaar data will be available on the sdcard so the attacker can easily upload the log file to his server. [HTML1] [HTML2] However, UIDAI was quick to respond to the user and in a response Tweet, it mentioned that "mAadhaar uses a local db to store the user preferences on the user’s device. This data is application preferences as created by the user on his/her phone. The app does not capture, store ...
Saturday, 13 January 2018
mAadhaar app security flaw makes it easy to steal Aadhaar data
A french security researcher has reportedly found a security flaw in the mAadhaar app which makes it easy for someone with physical access to any user’s phone to acquire their personal Aadhaar card details. In a series of Tweets, he explained the flaw and has pointed out the issues that afflict the mAadhaar Android app. He further says that it is super easy to get the password of the local database since the mAadhaar is saving all the biometric settings in a local database which is protected with a password. And, to generate the password, they used a random number with 123456789 as seed and a hardcoded string db_password_123. He also said that debug feature that is enabled in the app by default lets someone to repack the app with the logging activated and distribute it so all your Aadhaar data will be available on the sdcard so the attacker can easily upload the log file to his server. [HTML1] [HTML2] However, UIDAI was quick to respond to the user and in a response Tweet, it mentioned that "mAadhaar uses a local db to store the user preferences on the user’s device. This data is application preferences as created by the user on his/her phone. The app does not capture, store ...
-
Here are the social profile links that I have worked on for Backlinks https://docs.google.com/presentation/d/1gAvVQYafqO_jWsSIz3N95Sy3q5KAx...
-
The Optimus L4 II E440 owners may also want to keep their device up-to-date. So we thought of giving you a tutorial of how to upgrade Opt...
-
Vivo launched the vivo V17 smartphone late last year in India with a Super AMOLED display, 32MP in-screen camera, and more. The successor t...
