Ankush Johar writes, in part:
The government claimed that Aadhaar is completely secure, and the data of the consumers was absolutely safe from any malicious party until a severe flaw was detected in the system. The bug allowed a malicious operator to save a user’s biometrics and simply use it to carry out transactions on the victim’s behalf via replaying the saved biometrics.
In February this year, a Youtube video showed a demo of such a replay attack. Later that month, UIDAI filed a case against an employee of Suvidhaa Infoserve, saying that an Axis Bank’s gateway was used to carry out around 400 transactions via replaying Aadhaar information that was saved earlier.
Read more on Economic Times.