Founder/CEO Hackrew | Security Researcher | Indian | Alumnus, IIT Guwahati

The story behind how I was able to view, edit & delete classified personal information of lakhs of patients all over India

Image for post
Image for post
Image Source

What is DICOM?


The shocking truth revealed by the analysis of several data breaches online

Image for post
Image for post
https://www.thequint.com/news/india/ministry-of-external-affairs-isro-barc-breached-thousands-government-mails-cybersecurity

Introduction


Image for post
Image for post


Image for post
Image for post
Nullcon CTF 2019


Image for post
Image for post



Image for post
Image for post
Business Today News link


Image for post
Image for post
InfoSec Witeup Publiation


TLDR: Using this loophole anybody can use Aadhaar demographic authentication API by piggybacking my requests through NSDL servers and bypass the checks at place by UIDAI. Read till the end to find out how.

Image for post
Image for post
Aadhaar Logo

What is Aadhaar?

What is Aadhaar API?


Image for post
Image for post

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store