HYDERABAD: Experts from the Indian Institutes of Technology and Indian Institute of Science have cautioned Unique Identification Authority of India (UIDAI) over ‘unhackable’ cybersecurity claims regarding the Central Identities Data Repository (CIDR).

Speaking on the issues of Aadhaar, cyber security and data privacy at the Digital Identity Research Initiative conference at Indian School of Business here on Thursday, experts said the claim of UIDAI that its repository was unhackable is a myth.

“Insider attacks are the most common threat to any database. About 90% of attacks are insider attacks,” said Subhashis Banerjee of the Indian Institute of Technology, Delhi.

According to the experts, Aadhaar has also faced the threat of insider attack.

“The attacker looks for weak points instead of direct attack. The application programme interface while providing authentication of services to third parties is one area to be looked into. Enrollment agencies is another area,” said Subhashis.

Siddartha Chaudhuri of Indian Institute of Technology, Bombay, said, “The very notion that CIDR of UIDAI is unhackable is a recipe for disaster. There is a threat from large state actors like China.”

Sandeep Shukla of IIT Kanpur said, “Aadhaar with a centralised database is built in a manner that indicates mistrust in people and mistrust in local governance.” The central data of UIDAI holds too much of power, he added.

K Gopinath of Indian Insitute of Science, Bangalore, said biometric authentication could induce a bug into the process linked to the system and database.

