New German Government ID Hacked By CCC

wiedzmin writes "Public broadcaster ARD's show 'Plusminus' teamed up with the known hacker organization 'Chaos Computer Club' (CCC) to find out how secure the controversial new radio-frequency (RFID) chips were. The report shows how they used the basic new home scanners that will go along with the cards (for use with home computers to process the personal data for official government business) to demonstrate that scammers would have few problems extracting personal information. This includes two fingerprint scans and a new six-digit PIN meant to be used as a digital signature for official government business and beyond." That was quick. Earlier this year, CCC hackers demonstrated vulnerabilities in German airport IDs, too.

OpenPGP

[axx]

Sometimes I wonder why it isn't possible to declare/register a PGP public key as official, and use that to authentify oneself. I mean, with that even email can be secure. Oh well, too complicated for the "general public" I guess, I mean keeping a spare of your (digital) key? That's far too complicated!

three courses of action...

[gandhi_2]

1: fix the problems.
2: abandon the plan.
3: arrest the people who embarrassed you, suppress any mention of the incidents.

Hmmm... let's see...

Re:OpenPGP

[Chris Mattern]

Oh well, too complicated for the "general public" I guess, I mean keeping a spare of your (digital) key? That's far too complicated!

Keeping a copy of your private key *securely*. Yes, it's been amply demonstrated that nothing left under the control of the average user can be counted on to stay secure. And once someone else gets access to your private key, you're royally screwed.

PGP not a panacea

[perpenso]

Sometimes I wonder why it isn't possible to declare/register a PGP public key as official, and use that to authentify oneself. I mean, with that even email can be secure.

An imperfect systems can still be useful. If card/scanner misuse is on the order of handwritten signature misuse then replacing dead trees with some bits might be a good idea in many situations.

The pgp digital sig proves it was sent by your computer perhaps, but not necessarily sent by you. There is a genuine need for biometrics to be involved. Note that a handwritten signature is a form of biometric ID and like the card/scanner system it can be faked. This is why for more important situations a signature must be witnessed and possible notarized. The card/scanner system can similarly escalate the process for more important situation. For example when someone uses a bank's ATM a swipe and a pin are sufficient. When they walk up to a teller for larger transactions then a swipe and a pin could be augmented with a photo being displayed on the teller's screen. Banks often have such photos for embedding into ATM and credit cards.

Re:OpenPGP

[Anonymous Coward]

That's not an insurmountable problem, however. Indeed, it's more or less the same problem that any of these sorts of devices/designs (secure IDs) will face. Using asymmetric encryption just provides a better base. Also, the solution is already halfway complete:
http://en.wikipedia.org/wiki/Smart_Card#Cryptographic_smart_cards

Ugh: Identification vs authentication

[jwiegley]

When the hell are security "professionals" going to wake up and realize that secure access to something requires three items: identification, authentication and authorization. You CANNOT store the authentication credential with the identification. It is 100% stupid to store the pin on the identification device. Authentication credentials and authorization decisions must be kept by, and made by, the service provider. The only item that should be left with the consumer is an identification badge.

For instance, a national "ID Card" is actually a good thing IF the only thing it has stored on it or about it is the owners identification, i.e. name and unique ID number. The ONLY thing the card should provide is a way to contact a national database/server which requires two things, the unique, public ID number from the card and a fingerprint (which is NOT stored or printed on the card in any way). The ONLY information the server should return is "Yes" or "No". But see... the fingerprint cannot be stored on the card in way for the same reason that the pin in the post should never be stored on the card. If somebody other than the legitimate owner comes into possession of the card then he possesses both the identification AND the authentication pieces of the puzzle and can do whatever the legitimate owner was authorized to do.

Security: it's simple. f*cking learn it.

Re:OpenPGP

[mea37]

Right, for the government to expect you to keep a number secure, knowing that if that number were exposed then someone could steal your identity, and to then rely on that number to identify and authenticate someone wishing to do business with them; that would be unthinkable.

Re:OpenPGP

[electricprof]

Aren't girlfriends creatures of myth like Santa Claus, the Easter Bunny and Honest Lawyers?

Re:OpenPGP

[fluffy99]

Even smartcards, which never expose the private key are at risk. If you have a compromised computer, someone can remotely use your smartcard whenever its inserted into the machine. Even hardware tokens with changing values are at risk to a keylogger and a script that fires off before the toekn pin changes.

It all boils down to the fact that if the computer isn't trustworthy, then anything you put in the computer is at risk.

Re:Well duh.

[lennier1]

You're talking about the same government whose politicians during the national election thought a mere DNS-based filter could stop the problem of child pornography on the net.

Re:Ugh: Identification vs authentication

[wiedzmin]

Now if only security professionals were involved in making top-level (government) decisions, we'd be set. Unfortunately these are made by sales and marketing people - the solution that gets implemented is the one that 'wins the contract', not the one that works the best... unfortunately security professionals and technical people do not make best salesmen. All too often a contract is won because of a good game of golf, or a sexy slide deck.