Aadhaar, the unique identification system of India, has got a bad rep all over the world. From personal data being available on Google search to Edward Snowden informing about the dangers of Aadhaar, the “secure” system has gone through a lot of troubles.

Now, a new and exclusive investigation from HuffPost India has revealed a software patch that can compromise the identity of 1 billion people holding the 12 digit Aadhaar Card Number. The software patch is available for merely Rs. 2500, which disables critical security features of the software used to enroll new Aadhaar users.

The patch holds a bunch of computer code compiled from older versions of Aadhar enrolment software which alters the functionality of the Aadhaar software and introduces new information into the system.

Anyone who gets hold of the patch can enroll and generate Aadhaar ID of a new person from anywhere in the world. That is because it disables the GPS security feature which identifies the location of the enrollment center.

According to HuffPost, the patch lets users bypass the biometric authentication of enrollments operators to generate unauthorized Aadhaar numbers. The patch also weakens the iris recognition, making it easier to fool the software simply with a picture of a registered operator.

Security experts who analyzed the patch confirmed that the Aadhaar system has been compromised. They also mentioned that securing the Aadhaar system would mean re-structuring the fundamental system of Aadhaar.

HuffPost reached out to Indian authorities, back in June, with the prevailing security threat to the privacy of Indian users. While UIDAI declined to comment on the hack, NCIIPC, the agency responsible for Aadhaar’s security, who was also given the copy of the patch, reportedly declined to share any findings.

Aadhaar card in India is considered a mandatory identity proof to benefit from government services. Other than that, the card is also used a few more services, like getting a phone number, opening a bank account, etc.

While the number of people or organizations possessing the software is not confirmed, the patch is indeed a national threat to India and its people possessing the Aadhar Card.

Update:

UIDAI releases a press statement; Calls the investigation “baseless”

Following the reported Aadhar breach, UIDAI posts a press release on Twitter :