Hacker exposed weakness in German electronic ID, magazine reports | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


A hacker has reportedly uncovered security gaps in the online functions of Germany’s new national ID cards, according to the news magazine Der Spiegel.

Using his own software instead of the official government AusweisApp, the hacker managed to access login data for the so-called eID function of Germany’s identity card, which is intended to allow German citizens to securely identify themselves online.

According to the report, this is activated for more than 50 million ID card holders and serves as the basis for digital administrative procedures. It is also used for identification at banks, among other things.

The hacker, who goes by the pseudonym “CtrlAlt,” used the trick to open an account at a major German bank under someone else’s name.

A spokesman for the Chaos Computer Club (CCC), a well-known German hacker and computer security group, confirmed to Der Spiegel that the hacker had exposed a critical point in the eID procedure on mobile devices.

“This is a realistic attack scenario,” the spokesman told the news magazine. “It must be prevented that an ID app other than the officially approved one can register and log into the cell phone for eID authentication.”

The hacker had already informed Germany’s Federal Office for Information Security (BSI) of his findings on December 31.

The agency told Der Spiegel that it saw no reason to “change the risk assessment for the use of the eID,” since the vulnerability appeared to be not in the eID system itself but in devices used by consumers.

However, the agency said it would still examine a possible adjustment to the system.

——————————————————–


Click Here For The Original Story From This Source.

.........................

National Cyber Security

FREE
VIEW