Government rubbishes ID card hack report The Home Office has dismissed an apparently successful attempt to clone and edit the data on a British identity card's microchip. Adam Laurie, who has previously found similar weaknesses in the microchips on passports, rewrote data taken from a UK Border Agency identity card issued to a foreign student, according to a report …
I have said for years now there is no security in the card. If clones or forged cards are useful they will be made.
The only place there can be security (not actually saying there will be) is in the database and verification of biometrics against the database. The card has no more real use than a key to the database and a number scribbled on a bit of paper would serve just as well.
Carrying a card provides no secure identity verification but will allow a vast number of insecure and pointless identity checks to be made making day to day life a pain in the arse for the vast majority with no real impact on the minority you do want to detect or prevent.
Well the easy to copy electronic version means that the fake card on the front is easier to make (clone the data, including the digital picture, and recreate the rest of the physical card from that data).
It wouldn't surprise me if someone opens an online store, where you can send the chip contents and get a fake card made up.
It's very nice of them (the Home Office) to package the data in a nice electronic form, as it was, to clone the physical card would have required a very special scanner and lots of work.
No doubt they'll make it even easier, perhaps they'll start mailing the data to you at your hotmail address!!!
********
As soon as the Home Office started believing their own bullshit and stopped listening to professionals, they went off the tracks. They can make all the phoney 'research' papers they like, but winning the argument with deception in Parliament, doesn't mean squat out in the real world.
So, original language:
"The Home Office has dismissed the report. "This story is rubbish. We are satisfied the personal data on the chip cannot be changed or modified and there is no evidence this has happened," said a spokesperson."
Translated so the rest of us can understand it:
"We do not believe that this can happen, and are therefore not going to test or even explore the possibility of this report being correct. It therefore has no merit, and the card will be as insecure now as it was then. Yah Boo sucks!"
If Gov't won't admit there's a problem then shove the evidence under their dense, impotent noses; what's worse, showing up the epic fails of a system that'll only aid ID theft and not combat it, or letting them inflict said system on an unwilling and defenceless populace?
These tw@dangles shouldn't be trusted with shopping list with their track record for 'data leakage'
the easiest way around this is to ensure that the readers have access to the database these cards are generated from. Then it's as simple as comparing a checksum of the card data with that held on the database. Hardly rocket science, is it ??
If the reader displays the digital picture on a display that they can view alongside the photo on the card, and the checksum works out, then th card is valid. Any difference, the card is void.
Simples, as they say at comparethemeerkat :-)
AC: "So how do we stop this charade? Do we vote for Conservatives? They said they will scrap this scheme. I hope they are not lying, as politicians usually do!!!"
Of course they're lying. A quick examination of their recent track record will easily prove it (for example, just try getting a straight answer out of them about them giving us a referendum on Lisbon). They say one thing, but even BEFORE they're in power theu're already hedging their bets in preparation for their back-tracking U-turn.
The only party that I have seen that is adamant and unequivocal about scrapping ID cards is UKIP.
Not only have UKIP clearly stated their intentions in their manifesto (which in and of itself is not that big of a deal, as manifestos are not legally binding) but far more importantly UKIP have teamed up with NO2ID (and NO2ID have serious credibility in this particular area and wouldn't form an alliance with UKIP if UKIP were being half-hearted about the matter).
One example: http://www.ukip-bradford.org.uk/no2idinthemedia.html
After coming in 2nd place in the last Euro elections, UKIP are now going to field candidates in ALL wards nationwide in the coming UK general election. Sure, they won't win an outright majority, but then again they don't need to in order to scupper plans for the ID card scheme. They just need a decent number of seats in the House of Commons to constantly put a spanner in the works.
Talking about ID cards reminds me of the picture of Alan Johnson holding up his ID card recently when it was announced that ID cards would be going ahead in Manchester. If you looked real closely at the ID card would see the words SAMPLE on it. So if Alan Johnson doesn't want a real ID card, then I don't think anyone else will either.
AC@1405
"The Government ID cards shouldn't have this problem - valid ones will only be signed with the Government key, and so any ID card readers *will* be able to verify that the data on the card is the official, unmodified version. Unless the Government or their contractors are even more spectacular idiots than usual, this hack won't be accepted by official ID card readers."
Nice to be hearing from the Ministry.
Only trouble is no one seems to have included the reader costs in the budget. Or is the last report about "Flicking" the card for its distinctive sound still about right? Can those Borders Agency passport readers be upgraded in software?
Now what about the cost of fitting them everywhere else this administration wishes to put them. Bneefit offices?Passport offices? Tescos (or whereever they plan to do the actual inputting now they have dumped the 70 new offices they were planning to get) Hospitals?
I think the NHS will have something to say about a *very* large chunk of their cash being used in this way.
The alien machine-tards from Xenu that run the politician-tards cant just come out and tattoo us at birth with RFID chips, until they get people-tards completely used to being stopped and searched every hour, every where you go etc...
Ubiquitoius Security by insecurity.
Efficiency, govt style.
Sack them all... EMP anyone?
But It won't match what's on the NIR.
Until someone accesses the actual NIR itself
No doubt the HO will tell you that cannot happen either.
Does anyone else think that a system that should (by design) be secure for someones lifetime be compromised within less than a year after its introduction.
"But the reported Home Office statement is still factually correct, just not what it appears at first reading."
That is so often true (and almost invariably so with the IPS) that anyone reading any Home Office statement ought to consider it first: Assume it is designed to mislead, and ask yourself what is the most perverse, countercontextual, meaning that can be placed on the words. Practice this for a few months and you will be able to read Home Office fluentl. (But it is quite another matter to learn to write it. You'll have to be able to see dialogue as an instrument of policy, rather than an exchange of information.)
Even if this isn't entirely true, IT WILL HAPPEN.
The dark side of me was hoping the Manchester Congestion Charge would come into operation just so that the system could be broken within a few weeks by some teenager.
Lo! We voted against the Manchester Congestion Charge and we're getting the money for the increased services and Metro extension anyway! Quelle surprise!
There is one political party which is realistically in a good position to have enough MPs (60+ already) to be able to kill ID cards - AND which has been unequivocally opposed to them since the idea first surfaced - AND which is unequivocally opposed to the rest of the nanny society/surveillance state into which we are rapidly sliding. It is the Liberal Democrats. What's more, it has a good enough slate of policies plus enough experience across the board (running big councils requires a great deal more responsibility than that exercised by the average MP) to make a decent fist of running the country, unlike UKIP, the Greens and a variety of other extreme minorities.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
