

UK's new ID card hacked within minutes - vijayr
http://www.dailymail.co.uk/news/article-1204641/New-ID-cards-supposed-unforgeable--took-expert-12-minutes-clone-programme-false-data.html

======
mdasen
Maybe I just don't get it, but why would it be good to have information
encoded on a card or passport? Wouldn't it be better to have an ID number on
the card that could then be linked up to a record on the computer?

Like, let's say that an officer needs my ID. What is he going to trust more:
the information stored on my card that could be tampered with or the
information in their database that I don't have as easy access to? If it just
looked me up by ID number, they'd get my picture, name, address on their
screen, but it would be harder for me to get in and fake that - since, even if
I changed the ID number, I might be able to fake that I'm a different person
until they compare the picture on file. And heck, if each card had a unique
ID, you could then determine if a card was a stolen card. If the data is just
on the card, it remains valid after being reported stolen. Heck,
cryptographically sign the ID number so people can't fake it easily.

Not that I'm defending or promoting whatever their aim is, but even if you
agree with their aim, why put the data on the card? Keep it secure and only
have it available when the card is scanned by a legitimate person. The card
carries whether state benefits are given to a person? How soon until someone
can just switch that boolean on the card?

~~~
stevecooperorg
The information on the card should be digitally signed; the information on the
card should be verifiably untampered. I'm convinced the article itself fails
to take account of how digital signing works.

The benefit of keeping signed data on the card is to avoid network lookups; a
reader should be able to, for example, decode a jpeg photo of you held on the
card and allow a policeman with a hand-held reader to tell that you are who
you say you are.

------
furyg3
Why the _hell_ would you put that kind of information on a card?!

The card should have a serial number on it. That's it. _Maybe_ a name so that
people don't get their cards mixed up.

Surely the people working on the national security of the UK are smarter than
little old me.

~~~
vijayr
its like having my complete account balance and transactions in my debit card,
instead of just the card number. sounds silly, can't understand why they are
doing it.

~~~
Retric
So they can scan the card with a device that is not connected to any network.
At best they could cryptographically sign the card to insure the information
is at worst a copy of valid information. But, I don't see them doing this any
time soon.

PS: As to why you would want a device that can work without a network think
terrorists taking down the network, classic government incompetence, or just
lower costs.

~~~
boblol123
If terrorists have already taken down the network, what's the point of an ID
card or any of the billions spent on increasing our "safety"....?

On that subject, has anyone done the numbers on the number of people that
would be saved by putting the same money spent on anti-terror bullshit into
the NHS vs the number of people saved from terrorism?

~~~
stevecooperorg
The intent isn't (purely) anti-terrorism. It's an effort towards reducing
things like benefit fraud, too. So any success from the card reduces these
kind of budget 'leaks.'

~~~
boblol123
And an ID card prevents this...how? ID cards will be optional for UK
citizens...

------
stevecooperorg
Here's what I think they really did. From this;

"Each one of these files is supposed to be protected with a special digital
key, so that if anyone attempts to change it, the card would be identifiable
as a fake to any official with a digital chip reader."

The information (name, address, etc) is stored as plaintext, then signed with
a private key (<http://en.wikipedia.org/wiki/Digital_signature>) to prove it's
a real government card.

What the reporter and his friend did was read the plaintext (which is exactly
what is intended), then choose some new data and sign it with their own
private key, claiming they had 're-locked' the card. But of course they
haven't -- the digital signatures will be different. When the cards are used
(validated against the corresponding public key) you'd find that the signature
was invalid.

I think what they've proved is that plaintext is readable, and that if they
had a government private key, they could add a digital signature. And that
it's easy to produce cards with new data, so long as no-one verifies the
digital signature.

------
jgrahamc
From the article it appears that the ID card is using the ICAO eMRTD standard:
<http://www.hasbrouck.org/documents/ICAO9303-pt3.pdf>

Field 15 of the card is reserved for PKI. Specifically, this field can be used
to sign the rest of the data on the card. There's really no reason why the
state can't sign the data on the card using a private key and make a public
key available for verification.

~~~
stevecooperorg
I think that's what they're doing. From the OP: "Each one of these files is
supposed to be protected with a special digital key"

------
dazzawazza
The point of the ID Card is to make people _feel_ safe. The point of the Daily
Mail is to make people _feel_ scared. So this article is not surprising.

Note I'm not saying the card makes you safe or that the Daily Mail actually
puts you at risk. It's all about how you feel.

~~~
dtf
The sound of a million Daily Mail readers spilling their cornflakes: _With a
few more keystrokes on his computer, Laurie changes the cloned card so that
whereas the original card holder was not entitled to benefits, the cloned chip
now reads 'Entitled to benefits'._

~~~
anigbrowl
While fraud and false entitlement are the obvious problems and motivation for
criminality, what really bothered me was the potential for 'swatting', as
exemplified by the 'I'm a terrorist, shoot on sight' gag; I'm surprised the DM
editors left this in. (Swatting is a term for extremely anti-social phone
phreakers to call down heavily armed law enforcement on an entirely innocent
party for lulz).

Consider that it's not so unusual for a contractual applicant (eg a new hire)
to hand over their ID to a trusted person so they can make a photocopy for
their records. It would be easy to arrange a deliberate switcheroo or other
unauthorized modification. But good luck, as the holder of a card, trying to
explain to the anti-terrorist squad why your ID card is screaming a warning to
them after a police officer scans your ID after falling for some pretext (a
'noise complaint from a neighbor', for example).

Obviously, this is more likely to be the stuff of professional espionage
rather than casual trollery - but my point is that it would be relatively easy
to implement, while positively Kakfaesque for the victim, thanks to bureau-
and securocratic faith in technology. The first time I applied for a driving
license in the US (as a recent arrival from Europe) I was astonished to learn
that there was an arrest warrant out for me - or more accurately, someone with
my name and birthdate - in Georgia, and it took me several minutes to convince
the DMV person that I had only arrived in the USA 72 hours previously.

~~~
uhygtyugb
That's why there will have to be corroborating evidence that you are a
terrorist - like brown skin.

There used to be a similar problem in the old days, the police test for
explosive also showed positive if you had handled playing cards. So there had
to be corroborating evidence - being Irish.

------
axod

      * The ID scheme will likely be scrapped
      * It was planned to be voluntary anyway
      * This is hacker news, not the Daily Mail. Lets keep it that way.

