German "secure" ID cards compromised on national TV, gov't buries head in sand

Discuss

9 Responses to “German "secure" ID cards compromised on national TV, gov't buries head in sand”

  1. Anonymous says:

    This security issue concerns card readers without integrated keypads, which obviously makes the system open to abuse by keyloggers. However, the PIN is no use without the card itself.
    In addition, the card’s functions are limited unless you use the enhanced card readers with integrated keypads.

    Since this is bound to become a general ID card discussion: I have grown up in Germany and do not consider an ID card a threat to my privacy or freedom at all. Threats to freedom come with a central database which logs ID checks etc, which doesn’t happen here (but was planned, IIRC, in the UK – hence the bad publicity). Having a secure photo-ID makes fraud and identity theft much more difficult. I also lived in the UK for a while where you had to take your phone, gas, water and tax bills to the video store to rent a DVD – now where is the privacy in that???

    I for one can’t wait for the new card, if only because of the smaller format…

  2. relgin says:

    So, if I understand this, the German Government is claiming that their chip and PIN system is safe!?
    It is my understanding that current chip and PIN systems are cracked and not safe:

    http://www.lightbluetouchpaper.org/2010/02/11/chip-and-pin-is-broken/

    I am really surprised that they can not do any better. It is as if they *want* to allow this information to be cracked by criminals and other countries.

  3. MadRat says:

    The CCC is still around after all these years?

  4. Osprey101 says:

    Yes, biometrics. Please, let’s use more security measures that involve components that once they are “cracked” cannot be un-done. Pure genius.

  5. cwoehrl says:

    As I understood it, the TV show used some pretty improbable scenario to “prove” the system’s insecurity, requiring physical access to the ID card, while neglecting the obvious long-term problem:

    This ID card is meant to be valid for 10 years, all the while employing security mechanisms that may be up-to-date today. And I think it’s safe to assume there’ll be handier exploits around before the end of its “life”.

    Good thing there’s still a few weeks time for Germans to order an old-fashioned, no-chip ID card. I for one have just renewed mine ahead of schedule to make sure I have the old one for another decade.

  6. ukcannonfodder says:

    “But a classic Trojan horse program that logs keystrokes remained a threat, he admitted, because users must use keyboards in addition to the scanners.”

    so the next move will be to scare us all to have embedded chips so the keyboard can be avoided, all this will be sold to us as “for our security and benefit”!

    resist the police state ppl..

  7. MrJM says:

    As long as it makes one person feel a little safer for a little while, it’s all worth it.

  8. tbo says:

    The hack didn’t went for the ID card itself but for the so-called basic card reader, which is an simple RFID reader with an USB connection.

    So the PIN is typed with the computer’s keyboard and is of course effected by key loggers and other malware on PCs.

Leave a Reply