142nd Day Of Lockdown

Maharashtra54831338184318650 Tamil Nadu3145202563135278 Andhra Pradesh2641421709242378 Karnataka1964941126333511 Delhi1494601343184167 Uttar Pradesh140775887862280 West Bengal98459671202059 Telangana8647563074665 Bihar8274154139450 Gujarat71064542382652 Assam5883842326145 Rajasthan5249738235789 Odisha4592731785321 Haryana4163534781483 Madhya Pradesh3902529020996 Kerala3811424922127 Jammu and Kashmir2489717003472 Punjab2390315319586 Jharkhand185168998177 Chhatisgarh12148880996 Uttarakhand96326134125 Goa871259575 Tripura6161417641 Puducherry5382320187 Manipur3752204411 Himachal Pradesh3371218114 Nagaland30119738 Arunachal Pradesh223115923 Chandigarh1595100425 Meghalaya11154986 Sikkim9105101 Mizoram6203230
Nation Crime 25 Nov 2017 Cyber thieves use bi ...

Cyber thieves use biometric skimmers to steal Aadhaar info

Published Nov 25, 2017, 3:04 am IST
Updated Dec 5, 2017, 3:24 pm IST
Cybercrime experts have alerted public to possibility of data theft through biometric skimmers.
 Biometric skimmers are much more advanced than card skimmers; they are equipped with Wi-Fi and Bluetooth facilities,” he says.
  Biometric skimmers are much more advanced than card skimmers; they are equipped with Wi-Fi and Bluetooth facilities,” he says.

Hyderabad: Cybercrime gangs that use skimmer devices to steal credit and debit card information have started applying the same modus-operandi to obtain biometric authentication and steal Aadhaar information. 

While the government has made Aadhaar verification mandatory for the authentication of various welfare schemes, cybercrime experts have alerted the public to the possibility of data theft through the use of biometric skimmers.


On the other hand oblivious of this development, banks are also considering upgrading automated-tellers machines (ATM) with biometric authentication facilities which they believe to be more secure than PIN numbers and OTPs.

Sandeep Mudalkar, a private cybercrime investigator, says the Delhi Police have identified some criminal gangs that have been able to obtain SIM cards through the use of fake Aadhaar cards containing the personal details of unsuspecting individuals. “Initially, the police suspected that the Aadhaar centre organisers had a role to play in this. But they found that biometric skimmers had been used to produce the cloned cards in at least some of the cases. An investigation into this is underway,” he says.


He says that criminal gangs have been known to use skimmers at ATMs and point of sale (POS) machines to steal information from the cards being swiped there. “Later, the gangs clone the cards and misuse them. This has caused banks to suffer losses amounting to hundreds of crores of rupees. Biometric skimmers are much more advanced than card skimmers; they are equipped with Wi-Fi and Bluetooth facilities,” he says.

Mr Mudalkar says that after stealing information through the use of biometric skimmers, the gangs use thermostat technology to make masks of the fingerprints. “During a recent conference on Cyber Security held in Delhi, cyber crime investigators from various countries said that there were about 12 firms across the globe that manufactured such devices. Of the 12 firms, nine manufacture fingerprint and palm-print stealing devices, and the three others manufacture iris pattern stealing devices,” he says.


Card skimmers were used to perpetrate frauds in developed countries between 2003 and 2014. Such frauds began being committed in India in 2008 when the first case of credit card cloning was registered in Kolkata. Similarly, while biometric skimmers have been used by criminals abroad since 2015, cybercrime experts expect it to take some time for their use to become widespread in Telangana and the other south Indian states. However, they advise the public to remain alert while providing biometric authentication.

How it’s done 


  • 12 firms across the globe manufacture biometric skimmers capable of stealing fingerprint, palm veins, and the iris recognition data.
  • Criminals use these skimmers to steal data and then transfer it to a remote location through the use of thermostat devices.
  • With governments making biometric authentication mandatory, cyber gangs have the opportunity to use stolen biometric data to commit frauds. 
  • At present, there are five ways in which biometric authentication is used at ATMs. In one approach, fingerprints are used as a replacement for PINs. 
  •  Cybercrime investigator Sandeep Mudalkar says that biometric skimmers broadcast information via Bluetooth. These Bluetooth devices are generally listed as HC-05 and have the password 1234. If customers find HC-05 listed among the Bluetooth devices in their vicinity, they should avoid conducting any biometric transactions.

The Bluetooth module used in such skimmers is extremely common and may also be used in legitimate products end educational kits.


Location: India, Telangana, Hyderabad