onmanorama-logo-new.png

Thiruvananthapuram

31°C

Partly cloudy
Select
Last Updated Monday November 23 2020 04:11 PM IST
Home
News
Districts
Sports
Business
In Depth
Lifestyle
Entertainment
Travel
Food
Podcasts
Videos
Infographics
Visual Stories
Topics
Search Result
Authors
Enconfig
RSS
Videos
Contact Us
Privacy
Wellness
My News
Terms of Use
Code of ethics for digital news websites
Switch To
English
  • Home
  • News
  • Kerala
  • Security flaw in Kerala govt's e-housing website, data of home loan applicants exposed

Security flaw in Kerala govt's e-housing website, data of home loan applicants exposed

Saturday 17 March 2018 02:17 PM IST
Text Size

Recipient's Mail:*

( For more than one recipient, type addresses seperated by comma )

Your Name:*

Your E-mail ID:*

Your Comment:

Security flaw in govt's e-housing website, data of home loan applicants exposed

Thiruvananthapuram: What will happen when you lock the front door of your house and leave its back door open? The condition of the state government's e-Housing website can be best described as such for its weak online security features.

About 90,000 documents, which include possession certificates, caste certificates and no-objection certificates of 45,000 families, can be easily accessed now due to a security flaw in the government website that is used by applicants belonging to the Scheduled Castes and Schedule Tribes to avail housing loans.

Though one needs a user name and password to enter the website, the web folders that store the data are kept open. In other words, there is no need to login to access data, which include Aadhaar card details and copies of passport-size photographs of applicants. Even the signatures of SC officers concerned of all the districts are available in scanned format.

The e-Housing project enables Scheduled Caste beneficiaries to avail funds for house construction by applying online through post offices. The details of applicants, including personal and plot details, who had applied for the funds from 2011 have been compromised due to the weak internet security features.

The security flaw was detected by technical expert Nikhil Narayanan. Experts point out that it is a serious security flaw that will allow anyone to use the file number available on the website to gain access to personal details of applicants.

Google search for Aadhaar info

It has been found that a single Google search yielded access to copies of lakhs of Aadhaar cards! This revelation comes as reports on the leaking of Aadhaar details are common of late.

The PDF files of e-Aadhaar saved in several web servers, including government websites, can be downloaded if one does a Google search by keying in a few key words found on the Aadhaar card.

The e-Aadhaar cards bear details like the unique number, name, address, date of birth and photo of the individual.

The Google technology that helps find some words in e-Aadhaar is posing the threat. Publicising Aadhaar details is a crime under the Aadhaar Act, 2016.

One Elliot Alderson, who claims to be a French security researcher, had recently tweeted that images of 20,000 Aadhaar card were available on the Internet.

Read more Kerala news

Email ID:

User Name:

User Name:

News Letter News Alert
News Letter News Alert