Indian government’s UID (aka Aadhar project) is under a constant scrutiny, especially when it comes to security issues (after all, UID is being pitched to be used as KYC for banks and the project even plans to introduce micro-payment platform for Rural India).
Given the wider scope of the project, one would expect them to have a robust security infrastructure. But then, not all seems so secured with the project and here is a demonstration on how biometrics system can be cheated. This is a serious flaw, as UID is dependent on biometrics and iris scan data for verification purposes.
All it needs is a wax, a small dish and a small tube of fevicol to game the system (as demoed in this video).
When he presses his fingers on the panel, the blue LED lights acknowledges his print. He then places his thumb and a red light indicates that it is not being recognized. He then places a thin layer of skin-like substance which has the impression of his wife’s fingerprint on his hand and moistens it with his breath. He places the finger print impression on his thumb and presses it against the glass window of the reader.
Initially, nothing happens. D’souza repeats the moistening process and places his finger with the fingerprint impression of his wife again on the reader. The biometrics reader accepts it and flashes a blue light.
Finger prints from the individuals are stored as images, from which the coordinates of several points on the ridges and valleys of the finger are recorded. “Each attempt to record the fingerprint on the scanner may yield different images owing to the amount of pressure applied and the moisture. Moreover, ridges and valleys on the fingerprint may be altered by years of hard labour. Incidentally, poor labourers have been touted as primary beneficiaries of UID by the government [source]