The Register® — Biting the hand that feeds IT

Feeds

German gov pooh-poohs biometric ID card hack

Nicht ein biggie

By John Leyden, 3rd September 2010
  • print
  • alert

What you need to know about cloud backup

German hackers successfully used off-the-shelf kit to extract personal data from the federal government's supposedly secure ID cards, but the government has downplayed the significance of the attack.

The biometric ID cards store a scan of a user's fingerprints along with a six-digit PIN that can be used to digitally sign official forms. Hackers from the Chaos Computer Club, however, were able to use home scanners that work with the cards to extract personal information including a fingerprint scan and the six-digit PIN from RFID the chip embedded in the cards.

The hack was demonstrated on the Plusminus show on German TV channel ARD. Interior Minister Thomas de Maizière, interviewed on the show, said there was no reason to alter the technology or postpone a roll-out of the cards, which are due to be introduced nationally from November.

Security experts from the the Federal Office for Information Security (BSI) were similarly sanguine about the hack. Jens Bender, a personal identification expert at the BSI, said the card and integrated PIN number offered "significant security improvement compared to today's standard process of user name and password", English language German news site The Local reports. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (10)
Highly Rated
JB

Ahem

Kein Biggie, surely?

1
0
Remy Redert

Re: Is it so bad

I point to the Mythbusters episode where they cracked the fingerprint scanner security measure in several different ways. The same things have been used against just about every other fingerprint based authentication system. An unattended fingerprint based authentication is as good as owned already.

So yeah, if you can get the fingerprint + PIN + card ID from one of these cards, you can do remote everything even if you do need fingerprints to authenticate over the internet, which does seem unlikely. Fingerprint scanners aren't that cheap and the readers are meant to be very cheap.

1
0
Zane
Reply Icon

Yes, it is...

CCC has proved before that fingerprints are quite insecure, and that a glass of wine, touched by the victim, and some tape is all you need to fool certain fingerprint reading devices. The also published the fingerprints of former German Interior Minister Wolfgang Schäuble: http://www.h-online.com/newsticker/news/item/CCC-publishes-fingerprints-of-German-Home-Secretary-734713.html

Zane

1
0

More from The Register

SCO vs. IBM battle resumes over ownership of Unix
Zombie lawsuit back and wants to suck the brains out of Linux
116
breaking news
Jailed LulzSec hacker Cleary coughs to child porn images, will be freed soon
Some images of infants as young as six months
68
NSA whistleblower to tech firms, Obama: 'Grow a pair!'
Ed Snowden: Email tracking grabs 'IPs, raw data, content, headers, attachments, everything'
66
breaking news
Ecuador: All right, Julian, you CAN stay on our sofa - it's your human right
Minister and Wikileaker share cosy chat in tiny London flat
65
Google flings another £1m at online child sex abuse vid CRACKDOWN
See, see, we're trying, ad giant tells Daily Mail UK.gov
41
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Not just telcos, THOUSANDS of companies share data with US spies
It's all perfectly legal, trust us
68
NSA: We COULD track you by your phone ... if we WANTED to
Honestly, too much work, can't be bothered
53