Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security through obscurity and fear

Published byRiitta-Liisa Laine Modified over 6 years ago

Similar presentations

Presentation on theme: "Security through obscurity and fear"— Presentation transcript:

1 Security through obscurity and fear
Abhinav Srivastava

2 Who am I ? IIT Kharagpur graduate 2009, started career as Security researcher at iViZ Security Founded Qarth Technologies with Govt funding and incubation support at IIT Madras 2011 Developed first version of secure UPI architecture in 2012 Startup acquired by Ola Now works at Ola Innovation labs on connected cars platform Unified payment interface : Infrastructure of BHIM app/wahts app app

3 Why I am here? Victim of media hype

4 What exactly happened ? An android app was discovered on play store providing aadhaar data via an OTP The publisher of the app (my personal ) was not an authorised Aadhaar eKYC agency FUD !!!

5 How was the app working ? App was using a publicly available API developed by NIC which was used in one of their app named eHospital

6 What was the Security Vulnerability ?
No HTTPS, No SSL Pinning in eHospital App No request and response payload encryption Password stored in android app No demographic validation and rate limiting on server Basically an insecure public API over the globe for providing aadhaar details through OTP

7 Why developed such an app?

8 Why developed such an app?
Fake Aadhar is a serious problem Need an easy way to validate the Aadhar number A simple android app can empower the citizens to verify an Aadhaar Card in seconds Never save user’s aadhaar data in any form in the process. Help people to validate their own Aadhar data

9 Why was the hype? Case tagged as a network security issue
Hyped up by media as national security breach Nobody - media/police understood the technology behind the app Overaggressive approach by police and judiciary - State vs Abhinav Srivastava

10 Key Questions? Does Aadhaar database got hacked ? - NO
Was it a National Security Issue ? - NO Is Aadhar ecosystem secure? NO Is there any other security loophole ? MAYBE Govt has created fear in the mind of security researchers, even if they find something they won’t report. Like Google and facebook encourage vulnerability and reward them, our Govt is taking a strikingly opposite position for such a important national issue.

11 Q & A ?

Download ppt "Security through obscurity and fear"

Similar presentations

W alkie Doggie is a web application that allows dog owners to help each other with their dog walks. It’s main feature is the walkies, which are the user’s.

W alkie Doggie is a web application that allows dog owners to help each other with their dog walks. It’s main feature is the walkies, which are the user’s.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Digital India.

Digital India.
CLOUD COMPUTING.  It is a collection of integrated and networked hardware, software and Internet infrastructure (called a platform).  One can use.

CLOUD COMPUTING.  It is a collection of integrated and networked hardware, software and Internet infrastructure (called a platform).  One can use.
Addition to Networking.  There is no unique and standard definition out there  Cloud Computing is a general term used to describe a new class of network.

Addition to Networking.  There is no unique and standard definition out there  Cloud Computing is a general term used to describe a new class of network.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
© 2005-07 NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.

© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.
ESCCO Data Security Training David Dixon September 2014.

ESCCO Data Security Training David Dixon September 2014.
CIS 375—Web App Dev II Microsoft’s.NET. 2 Introduction to.NET Steve Ballmer (January 2000): Steve Ballmer Delivering an Internet-based platform of Next.

CIS 375—Web App Dev II Microsoft’s.NET. 2 Introduction to.NET Steve Ballmer (January 2000): Steve Ballmer "Delivering an Internet-based platform of Next.
SwopUrCard Your digital business card library. Cloud Storage SwopUrCard is a brand new initiative into cloud based data storage. We intend to offer the.

SwopUrCard Your digital business card library. Cloud Storage SwopUrCard is a brand new initiative into cloud based data storage. We intend to offer the.
Architecture Planning and designing a successful system Use tried and tested techniques Easy to maintain Robust and long lasting.

Architecture Planning and designing a successful system Use tried and tested techniques Easy to maintain Robust and long lasting.
● Agenda 2 What is TNet? Why Adopt TNet? How it Works Timeline The Two Goals Steps for Implementation.

● Agenda 2 What is TNet? Why Adopt TNet? How it Works Timeline The Two Goals Steps for Implementation.
Cloud Project. SaaS: Software-as-a-Service Also known as an on-demand software, SaaS is an application that can be accessed from anywhere on the world.

Cloud Project. SaaS: Software-as-a-Service Also known as an on-demand software, SaaS is an application that can be accessed from anywhere on the world.
Case Study.  Client needed to build data collection agents for various mobile platform  This needs to be integrated with the existing J2ee server 

Case Study.  Client needed to build data collection agents for various mobile platform  This needs to be integrated with the existing J2ee server 
OARN Database UPDATE – SEPTEMBER 2015. We’re Live – and Testing  The site is up and running in Google’s data centers:  The site has been secured: 

OARN Database UPDATE – SEPTEMBER We’re Live – and Testing  The site is up and running in Google’s data centers:  The site has been secured: 
Convenience product security Collin Busch. What is a convenience product? A convenience product is a device or application that makes your life easier.

Convenience product security Collin Busch. What is a convenience product? A convenience product is a device or application that makes your life easier.
Using Open Data to Create Value for Citizens. Data.gov Provides instant access to ~400,000 datasets in easy to use formats Contributions from UN, World.

Using Open Data to Create Value for Citizens. Data.gov Provides instant access to ~400,000 datasets in easy to use formats Contributions from UN, World.
Internet Flow By: Terry Hernandez. Getting from the customers computer onto the internet Internet Browser www.Google.com.

Internet Flow By: Terry Hernandez. Getting from the customers computer onto the internet Internet Browser
 There are many android hack tool given on the internet that promises to give you best performance. But unfortunately most of the android hack tool are.

 There are many android hack tool given on the internet that promises to give you best performance. But unfortunately most of the android hack tool are.
Sukha Payana Carpooling gamified! Play with your friends!

Sukha Payana Carpooling gamified! Play with your friends!

Similar presentations

Ads by Google