Profile picture
Elliot Alderson @fs0c131y
, 3 tweets, 3 min read Read on Twitter
The official #Aadhaar #android app is sending an SMS to authenticate the user. In general, to avoid abuses, you add a sending rate limit. The user has to wait 2 minutes before resend the SMS. @UIDAI did not implement this kind of limit in the app. What are the consequences?
An attacker can extract the authentication HTTPS request made by the official #Aadhaar #android app. After that he just has to write a small script which will try all the possible #Aadhaar numbers.
The attacker will be able to flood the all #India population and @UIDAI will lose a lot of money.

.@UDAI don't be stupid, remove the official #Aadhaar #android app from the PlayStore, this is the best move you have.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Elliot Alderson
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#Aadhaar #android #India

More from @fs0c131y see all

Profile picture
In 1981, the Primrose fails on a beach of the North Sentinel Island, pushed by a typhoon. You can still see the wreckage on Google Map, in a creek, in the northwest. The crew was saved only by a helicopter operated by the Indian Navy.
Exact coordinates on Google Maps. Open the link, this Island is wonderful! google.com/maps/place/Nor…
Awesome article in French about the North Sentinel Island from @lemondefr lemonde.fr/international/…
Read 3 tweets
Profile picture
I have a @Frida question: How to deal with a HashMap? I'm intercepting a Java method, "this" has a Hashmap in his attributes. I want to print the content of this HashMap cc @oleavr @enovella_
cc @NowSecureMobile 👋
cc @fridadotre
Read 3 tweets
Profile picture
.@Paytm, the most used banking app in #India, just sent a dummy notification to his users in the middle of the night. Imagine the reaction of the guy (hacker?) when he realised that he just sent a notification to millions of people
Paytm published a tweet regarding this notification
Read 3 tweets

Related threads

Profile picture
Here's a breakdown of our latest story on #Aadhaar. It makes the following key point: The most immediate sec/privacy is not a data breach, but Aadhaar-seeding
Aadhaar-seeding is resulting in searchable databases of the sort that we describe in this story. This is not about biometrics, this is about geo-tagging everyone's homes and putting them in a giant searchable database
"Creating public, searchable, digital profiles of minorities makes them potential targets of attack," said Kavita Srivastava, who has investigated scores of communal riots as National Secretary of the People's Union for Civil Liberties.
Read 6 tweets
Profile picture
#Aadhaar hearing continues.

CEO UIDAI has been granted permission to make a presentation at 2.30 pm. Petitioners allowed to put their questions in writing on Tuesday.
A-G wants to limit audience to counsels appearing in the matter considerig paucity of space. CJI smiles.

A-G continues reading from ID4D world bank report.

pubdocs.worldbank.org/en/20564144345…
Still reading from it. Lots of jargon. Too many occurrences of pretentious terms like "stakeholders" etc. Therefore not tweeting.
Read 47 tweets
Profile picture
#Aadhaar hearing continues. Sr. Advocate Meenakshi Arora continues her submissions. Reminder, petitioners expected to complete their submissions in 90 minutes today.

Ms. Arora is appearing for @vvcrishna and others.
MA: Reading Tele2 German Constitutional court decision. (Her WS here: drive.google.com/a/advocatepras…)
MA elaborating on the chilling effect that is caused by a general and indiscriminate retention of personal and personal transactional data.
Read 58 tweets
Profile picture
#Aadhaar hearing. Bench about to reassemble. Kapil Sibal to continue arguments for some of the Petitioners.
KS clarifies his point on 8 (3)(c) and says it is 'completely wrongly drafted' with respect to "alternatives"...because for authentication, according to defintion, there is no scope for alternatives.
Sikri J and Khanwilkar J are not so sure. Insist there are alternatives available. (Me thinks: Totally unnecessary and irrelevant discussion).
Read 38 tweets
Profile picture
#Aadhaar hearing. To resume shortly. Shyam Divan to continue for the Petitioners. He is expected to complete his submissions in the first half today. However more petitioner arguments by other counsel to follow. Thread.
SD continues to read the affidavit of Mr. Siraj Dutta who did an investigation into two Aadhaar related starvation deaths in Jharkhand. (Premani and Etwarya Devi).
Discloses the following problems.

1. Premani pension transferred to someone else. Noone was aware until his investigation happened. Because the other person's aadhaar was linked to Premani's Aadhaar. (The NPCI mapping problem, which is now quite famous.) ...
Read 76 tweets
Profile picture
#Aadhaar final hearing-Day 3:
Hearing to resume at 11:30 AM in #SC.
To refresh your memory, read the updates from Day 1 and Day 2 of the hearing here.
sflc.in/updates-aadhaa…
Day 3 hearing commences.
Read 72 tweets

Trending hashtags

#Aadhaar #SupremeCourt #scobserver #Aadhar #AadhaarJudgment #aadhaar #DestroyTheAadhaarData #SC #AadhaarVerdict

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!