Aadhaar - NEWS POLITE

Samsung Wallet Updated With Support for Digital IDs, Flight Boarding Passes, FASTag and More for Indian Users

Samsung Wallet has been updated with support for several new features in India. Owners of the company’s Samsung Galaxy smartphones will now be able to store official documents securely using the Samsung Wallet app. They will also be able to recharge and manage their FASTag funds from within the Wallet app. The update will make it more convenient for Samsung customers in India, where most users with smartphones and Internet connectivity are accustomed to using digital services for day-to-day transactions.

According to a press release issued on Monday, the Samsung Wallet app can now securely store and display digital versions of PAN cards, Aadhaar cards, driver’s licences, vehicle registration details, as well as Co-WIN vaccination certificates. Gadgets 360 was able to confirm that the Samsung Wallet app on eligible Galaxy smartphones was able to save and display a vaccination certificate.

The company says that the updated Wallet app for users in India will combine the Samsung Pay and Samsung Pass functions and allow users to store their boarding passes for flights, as well as book and store train tickets. They will also be able to recharge and manage FASTag balance using the app.

None of the documents stored by the user will be collected by Samsung and the data is stored only on the device, the company claims. The app also uses the Samsung Knox platform to secure user data along with support for biometric authentication.

The Samsung Wallet app is available for compatible Galaxy smartphone users as an update to their existing Samsung Pay service. However, not all Samsung phones will offer support for the software. The easiest way to check if your phone supports the app is to searh for Samsung Pay on the Galaxy Store — only eligible phones will be able to download the app.

Samsung Wallet was launched in June last year, in seven countries: China, France, Germany, Italy, Spain, the UK, and the US. it was later expanded to Australia, Brazil, Canada, Hong Kong, Malaysia, Singapore, and Taiwan.

Will the Nothing Phone 2 serve as the successor to the Phone 1, or will the two co-exist? We discuss the company’s recently launched handset and more on the latest episode of Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

UIDAI Introduces AI-Based Fingerprint Authentication Feature for Aadhaar

The Unique Identification Authority of India (UIDAI) has rolled out a new security mechanism for Aadhaar-based fingerprint authentication and faster detection of spoofing attempts, an official release said on Monday.

The artificial intelligence and machine learning (AI/ML) based security mechanism which has been developed in-house is now using a “combination of both finger minutia and finger image” to check the liveness of the fingerprint captured.

UIDAI in a statement announced the new security mechanism for robust fingerprint-based Aadhaar authentication, and said “this is making Aadhaar authentication transactions even more robust and secure”.

“The new two-factor/layer authentication is adding add-on checks to validate the genuineness (liveness) of the fingerprint so as to further cut down the chances of spoofing attempts,” the release added.

The development is expected to be of immense use in segments such as banking and financials, telecom and government sectors. It will strengthen the Aadhaar-enabled payment system and curb malicious attempts by unscrupulous elements, thus benefiting the ‘bottom of the pyramid’.

“The new security mechanism for Aadhaar-based fingerprint authentication has now become fully functional. The rollout and migration happened after months of discussion and hand-holding by UIDAI of its partners and user agencies,” the release added.

A constant engagement and due diligence of UIDAI with authentication user agencies (AUAs) were carried out to inform them (AUAs/ Sub AUAs) about the benefit of the new system.

AUA is an entity engaged in providing Aadhaar-enabled services to 12-digit ID holders using authentication as facilitated by the authentication service agency. Sub-AUAs are agencies that use Aadhaar authentication to enable their services through an existing requesting entity.

The UIDAI head office and its regional offices are in touch with all entities for facilitating any user agency (that may not have migrated yet) to switch over to the new secured authentication mode, at the earliest.

The adoption of Aadhaar-based authentication transactions has been on an upward trend as it has proved to be a facilitator in availing several welfare benefits and services.

“By the end of December 2022, a cumulative number of Aadhaar authentication transactions had crossed 88.29 billion and clocking an average per day transactions of 70 million. A majority of them are fingerprint-based authentications, indicative of its usage and utility in daily lives,” the release added.

Affiliate links may be automatically generated – see our ethics statement for details.

For details of the latest launches and news from Samsung, Xiaomi, Realme, OnePlus, Oppo and other companies at the Mobile World Congress in Barcelona, visit our MWC 2023 hub.

Check out our Latest News and Follow us at Facebook

Original Source

Indian Banks Said to Soon Use Face Recognition, Iris Scan for Some Transactions

The Indian government is allowing banks to verify individual transactions that exceed a certain annual limit using facial recognition and an iris scan in some cases, in a bid to reduce fraud and tax evasion, three sources told Reuters.

A few large private and public banks have begun using the option, said one of the sources, a banker, who declined to name the banks. The advisory allowing the verification is not public and has not previously been reported.

The verification is not mandatory and is intended for cases where another government identification card used for tax purposes, the Permanent Account Number (PAN) card, is not shared with banks.

The prospect of banks using facial recognition has concerned some privacy experts.

“This raises substantial privacy concerns especially when India lacks a dedicated law on privacy, cybersecurity and facial recognition,” said Pavan Duggal, an advocate and cyber law expert.

The government has said it is targeting parliamentary approval of a new privacy law by early 2023.

The new measures can be used to verify identities of individuals making deposits and withdrawals exceeding Rs. 2 million in a financial year, where the Aadhaar identity card is shared as proof of identify, said two government officials, who asked not to be named because the information is not public.

The Aadhaar card has a unique number tied to an individual’s fingerprints, face and eye scan.

India’s finance ministry in December asked banks to take “necessary action” on a letter by the Unique Identification Authority of India (UIDAI), which suggested verification should be done through facial recognition and iris scanning, especially where fingerprint authentication of an individual fails.

The letter from the UIDAI, which is responsible for Aadhaar card issuance, makes no mention of a consent framework for the verification. Nor does it say that banks can take any action if a customer refuses.

Responding to Reuters’ queries, a UIDAI spokesperson said Aadhaar verification and authentication happens only with the explicit consent of the user. Use of Aadhaar-based biometric authentication helps in guarding against possible misuse, he said.

“UIDAI regularly advises all authentication and verification entities to use face or iris authentications to cater to residents whose fingerprint authentication fails.” He added that authentication and verification does not mean storing of data.

The latest advisory follows a government order last year that mandated the quoting of an Aadhaar card or PAN number for making deposits or withdrawals exceeding 2 million rupees in a financial year.

The federal finance ministry did not respond to requests for comment.

© Thomson Reuters 2023

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Provident Fund Data of 28 Crore Indians Leaked By Hackers, Claims Ukraine Based Researcher

Provident Fund (PF) data of about 28 crore Indians was found to have been leaked by hackers earlier this month. A cybersecurity researcher from Ukraine, Bob Diachenko, made the discovery on August 1 and found that details such as Universal Account Number (UANs), names, marital status, Aadhaar details, gender, and bank account details were exposed online. According to Diachenko, he found two different internet protocol (IP) addresses hosting two clusters of leaked data. Both of these IPs were hosted on Microsoft’s Azure cloud storage service.

Cybersecurity researcher Bob Diachenko detailed the leak in a post on LinkedIn. On August 2, Diachenko discovered two separate IP clusters of data that contained indices called UAN. Upon reviewing the clusters, he found that the first cluster contained 280,472,941 records, whereas the second IP contained 8,390,524 records.

“After quick review of the samples (using a simple browser), I was sure that I am looking at something big and important”, Diachenko said in his post. However, he was not able to find who owned the data. Both the IP addresses were hosted on Microsoft’s Azure platform and were India-based. He wasn’t able to obtain other information via a reverse DNS analysis.

The Shodan and Censys search engines from Diachenko’s SecurityDiscovery firm found these clusters on August 1. However, it is not clear how long the information was available online. The data could’ve been misused by hackers to gain access to the PF account. Data such as name, gender, Aadhaar details, could also be used to create fake identities and documents.

The researcher tagged the Indian Computer Emergency Response Team (CERT-In) in a tweet informing them about the leak. The CERT-In replied to his tweet asking him to provide a report of the hack in an email. Both IP addresses were taken down within 12 hours after his tweet. Diachenko says that since August 3, no company or agency has come forward to take responsibility for the hack

Check out our Latest News and Follow us at Facebook

Original Source

Sebi Directs Sub-KYC User Agencies to Provide Aadhaar Authentication to Their Clients

Capital markets regulator Sebi on Wednesday issued directives for sub-KYC user agencies to provide Aadhaar authentication services to their clients for the purpose of know your customer (KYC).

This comes after the government last week notified 155 entities as sub-KUAs (KYC user agencies) to use Aadhaar authentication services of the UIDAI (Unique Identification Authority of India).

In a circular, the Securities and Exchange Board of India (Sebi) said that these entities are required to enter into an agreement with a KUA and get themselves registered with UIDAI as sub-KUAs. The agreement in this regard will be as prescribed by the UIDAI.

Further, the sub-KUAs need to follow the process as may be prescribed by the UIDAI from time to time.

“The KUAs shall facilitate the onboarding of these entities as sub-KUAs to provide the services of Aadhaar authentication with respect to KYC,” the regulator said.

In May 2020, the regulator listed the entities that can undertake e-KYC Aadhaar authentication. Sebi-registered intermediaries and mutual fund distributors, who want to undertake Aadhaar authentication services through KUAs, are required to enter into an agreement with KUA and get themselves registered with UIDAI as sub-KUAs.

Meanwhile, the Unique Identification Authority of India (UIDAI) has reportedly called out for 20 hackers who will be tasked to detect and fix vulnerabilities in the security system that guards the Aadhaar data of Indian citizens as a part of “bug bounty programme”. A report says that these “ethical” hackers will be given access to the UIDAI’s Central Identities Data Repository (CIDR) that stores the Aadhaar data of 1.32 billion Indians. There have been instances in the past where Aadhaar details of people were leaked on the internet.

Check out our Latest News and Follow us at Facebook

Original Source

Aadhaar Data of Farmers Exposed by Government’s PM Kisan Website, Security Researcher Reports

Aadhaar data of a large number of farmers was leaked by a government website designed for the welfare of the agriculture sector in India, a security researcher has reported. The website, called PM Kisan, allows the government to distribute grants to farmers under the Pradhan Mantri Kisan Samman Nidhi programme. However, due to an issue, one of its parts was publicly exposing Aadhaar numbers of enrolled farmers. The website has registered over 110 million farmers since its launch in 2019.

Security researcher Atul Nair said in a post on Medium that a part of the PM Kisan website was leaking the Aadhaar number of its registered farmers.

“The website provides an endpoint, which returns information about the beneficiary. This endpoint was also sending Aadhaar numbers,” Nair told Gadgets 360.

The issue was first spotted by the researcher in late January and was reported by India’s Computer Emergency Response Team (CERT-In). Shortly after receiving the report, the nodal agency forwarded the details to the concerned authorities. They, however, apparently took some months to fix the exposure.

Nair wrote in his post that the issue was fixed in late May. He told Gadgets 360 that he had confirmed that the issue was no longer reproducible.

However, it is not confirmed whether an attacker was able to breach the data until it got fixed.

CERT-In appreciated the researcher for reporting the issue, though it did not explicitly confirm the fix or whether the data was not breached.

Gadgets 360 has reached out to the National Informatics Centre (NIC) — the developer and maintainer of the PM Kisan website. This article will be updated when the department responds.

Aadhaar numbers of individuals in the country are not of confidential nature, per the Unique Identification Authority of India (UIDAI) — the statutory authority that is mandated to issue the 12-digit uniquely identified numbers. Nevertheless, it does restrict users from sharing Aadhaar cards on public platforms.

This is notably not the first time when the Aadhaar data of individuals was exposed by a government website. In 2019, the Jharkhand government reportedly exposed the unique identification numbers of its thousands of workers.

A few days later, state-owned liquid petroleum gas (LPG) manufacturer Indane had also allegedly exposed Aadhaar details of millions of its consumers.

Check out our Latest News and Follow us at Facebook

Original Source

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.