Identity card has vulnerabilities: Hacker uncovers security gap

0

“Spiegel” report
Hacker uncovers security gap in online ID card

The ID card is intended to open the door to digital administrative services

© Karl-Josef Hildenbrand / DPA

The eID function of the identity card is intended for identification – and apparently has a weak point. A hacker’s findings prompt authorities to investigate.

A hacker has According to a report by “Spiegel”, a security gap in the online use of the German identity card has been discovered. He managed to access login data for the so-called eID function of the identity card using his own app instead of the officially provided “ID App”. According to the report, this is activated for more than 50 million ID card holders and serves as the basis for digital administrative procedures. It is also used, among other things, for identification at banks. Using the trick, the hacker, who goes by the pseudonym “CtrlAlt,” managed to open an account at a large German bank under someone else’s name.

ID card hack is “realistic” scenario

A spokesman for the Chaos Computer Club (CCC) confirmed to “Spiegel” that the hacker had highlighted a critical point in the eID process on mobile devices. “This is a realistic attack scenario,” the spokesman told the news magazine. “It must be prevented that an ID app other than the officially approved one can register and connect to the cell phone for eID authentication.”

For iPhone and iPad

Apple gives insight: These were the Germans’ favorite apps this year

The hacker informed the responsible Federal Office for Information Security (BSI) about his findings on December 31st. However, the Federal Office told “Spiegel” that it saw no reason to “change the risk assessment when using the eID,” according to the report. This is therefore not an attack on the eID system, but on the users’ end devices. However, an adjustment will be examined.

wue
DPA

#Subjects

source site-5