NEW DELHI: Delhi Police is learnt to have detected and flagged numerous vulnerabilities in the Unique Identification Authority of India (UIDAI)’s system. These have allowed unscrupulous elements to exploit the Aadhaar service in various ways. These loopholes were discovered during investigation in some recent cases.A major vulnerability that the cops discovered during a probe into a bank fraud was that the Aadhar system was not carrying out facial biometrics matching while generating an ID for any individual. “We noticed that 12 bank accounts were opened digitally after verification from the Aadhaar database under the name of different persons even when the photographs on all the Aadhaar cards were of the same person. Thus, it became clear that it is possible for multiple Aadhaar cards to be generated by one person where the fingerprints in each are different but the photograph remains the same,” says a note prepared by police for UIDAI.During the probe, the cops found that crooks were using the credential details of authorised agents, who had given them their silicon fingerprints and printouts of the IRIS scan and the laptops configured to them.”As per UIDAI, the authorised agents can log in or work only from a government institution or places and their GPS location is to be captured by the system. To bypass the GPS system, the crooks took the configured laptop once in 2-3 days to the designated government institution/office and synced the machine. Through this process, the machine picked up the GPS of the government office for the next 2-3 days,” the note says.Also, the system is unable to differentiate between the silicon fingerprint and live fingerprint of an individual. The crooks were able to log into the UIDAI system using the silicon fingerprints given to them by the authorised agents.”The UIDAI system is also unable to detect the scan copy of IRIS Scan. IRIS scan is a biometric feature that is enabled to ascertain if a person is alive and sitting in front of the machine to log in into the system. But these persons were using the colour printout of the IRIS scan to log in and the same was not detected by the system,” the note adds.According to police, the crooks were also able to edit/upload photographs of 12 entities into the database of UIDAI. “Prima facie, it is evident the UIDAI system is not matching the facial biometric features in their database and the accused persons were able to upload their photographs,” says the note.The cops also said that after discussion with Aadhaar officials, it was found that the Aadhaar system treated the 10 fingerprints of an individual as a single identity, not as 10 different unique identities. The fraudsters were aware of this and had created several Aadhar cards by placing the fingers alternatively or mixing the fingerprints of one individual with those of another.