Published 24th August 2010
The sensitive personal information found on the new German identification cards with data chips scheduled for nationwide introduction this November can be easily hacked, according to testing done by a TV news show.
Google boss tries to allay German privacy fears - Science & Technology (9 Sep 10)
Fraunhofer warns Adobe Flash can be used as PC spying tool - Science & Technology (8 Sep 10)
De Maizière suggests 'digital eraser' for online privacy - Science & Technology (7 Sep 10)
Public broadcaster ARD’s show “Plusminus” teamed up with the hacker organisation the Chaos Computer Club to find out how secure the controversial new radio-frequency (RIHD) chips were.
Set to air Tuesday evening, the report shows how they used the basic new home scanning machines that will go along with the cards, and found that scammers would have few problems extracting personal information. This includes two fingerprint scans, which German citizens can opt out of, and a new six-digit PIN number meant to be used as a digital signature for official government business and beyond.
The home scanners will be necessary for use with home computers to process the personal data for official business and possibly even online shopping.
The Interior Ministry has promised to sponsor the distribution of one million scanners with some €24 million set aside by the government’s recent stimulus package. Some banks and computer magazines also plan to provide free promotional starter kits.
In an interview with the show, Interior Minister Thomas de Maizière said he saw no immediate reason to act on the alleged security issue.
Meanwhile on Tuesday the Federal Office for Information Security (BSI) rejected the Plusminus' criticism of the new ID card. The agency’s personal identification expert Jens Bender said the card was secure and called the combination of an integrated chip with a PIN number a “significant security improvement compared to today’s standard process of user name and password.”
But a classic Trojan horse program that logs keystrokes remained a threat, he admitted, because users must use keyboards in addition to the scanners.
DPA/The Local (firstname.lastname@example.org)