GOVERNMENT ZONE
- Central government
- Defence Management
- Devolved government
- Education
- Health and social care
- Home affairs
- Local government
- Transport
AREA OF INTEREST
Email
Print
Digg
reddit
StumbleUpon
Facebook
DeliciousID card has been hacked and edited
Thursday, August 06, 2009A foreign national's ID card has been cracked and then reprogrammed by a security expert in an investigation by The Daily Mail.
The newspaper borrowed the ID card of a foreign national and subjected it to tests to see how secure it is. The security expert, Adam Laurie, managed to clone the card using a Nokia mobile phone and a laptop.
ID cards have been cloned in the past, but the Home Office was always able to insist that the data held on the card's microchip was secure and could not be modified. But with the help of a second security expert, Jeroen van Beek, the encryption placed on the microchip inside the card was cracked using clues from the codes printed on the card.
From this point, they were able to edit details on the ID card including the name, date of birth, that the card holder was entitled to benefits and fingerprints. They were also able to add a note to the ID card that would appear in front of any police or security officer using a card scanner that said: "I am a terrorist - shoot on sight."
When told of the investigation, a Home Office spokesman told the newspaper: "We are satisfied the personal data on the chip cannot be changed or modified and there is no evidence this has happened. The identity card includes a number of design and security features that are extremely difficult to replicate.
"We remain confident that the identity card is one of the most secure of its kind, fully meeting rigorous international standards."
Chris Huhne, the Liberal Democrat shadow home secretary, said: "The Daily Mail's investigation has blown such a huge hole in the government's ill-fated ID card scheme that it is now sinking beneath the waves.
"Surely it can only be a matter of time before Home Secretary Alan Johnson recognises the folly of continuing with this expensive and misguided intrusion into our privacy."
NO2ID condemned the Home Office for knowingly making ID theft easier and ignoring dangerous vulnerabilities in the ID card. Its national coordinator, Phil Booth, said: "This shows up the big con. The Home Office doesn't really care about ID theft, or it wouldn't be pushing technology that any competent crook can subvert."
COMMENTS
The national database for the ID card was edited in an outsourcing deal with a company in Peshawar.
It has to be said that any personal information that we have written down automatically makes us more vulnerable to ID theft.
Additionally what happens when you have your ID card stolen, because nine times out of ten you will show it to an authority who will then agree it is you without checking your fingerprints or other biometric data.
The whole thing is a dangerous waste of time and money dreamed up by the MP squanderbugs and Civil Service nest featherers, in a desparate attempt to be seen to be doing something, without actually doing anything.
James Lepper - Bury St Edmunds