Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Fortify: Hacking of new German ID card down to failure to build security into system from earliest stages

September 2010 by Fortify

The public hacking of the German national ID card system - which is due to be phased in from this November onwards - is almost certainly down to a failure of security being added as an afterthought, rather than integrated from the earliest stages of the development process, says Fortify Software.

In addition, says Richard Kirk, the application vulnerability specialist’s European director, the fact that it has been cracked so publicly on TV by the Chaos Computer Club, will not help the German government in its cause to extend the card’s usage beyond its national ID beginnings.

"The gameplan with this card - which is capable of carrying a wealth of data on German citizens, including their online banking data, personal biometrics and authentication information for use when interacting with online government Web sites - is quite extensive," he said.

"But given the fact that the notorious Chaos Computer Club has cracked the card system on a WDR TV programme, it will almost certainly discourage German citizens - or third party institutions - to adopt the technology," he added.

Kirk went on to say that it is critical to any new security system that its users have absolute confidence in the platform, if the system is to take off.

The ID card industry was hit badly this year when the UK government scrapped its plans for an ambitious UK national ID card system, so this very public cracking of the German card scheme - weeks before it is due to go live - is not positive on several levels, he explained.

On one level there is the public confidence in the security, whilst on another there are the commercial implications for the German ID card system, since third-party organisations will not have been filled with enthusiasm over the TV cracking of the system, he said.

According to Kirk, the German Federal Office for Information Security has already admitted to weaknesses in the security of the national ID cards, which has reportedly taken around 24 million euros to develop so far.

"With all this government money being poured into the German national ID card system, why wasn’t security built into the system from day one? Why weren’t the developers encouraged to produce a system with the very high levels of security that we know can be achieved?" he said.

"This is a breathtaking example of what can go wrong on the development front when developers don’t `get’ the need for security as a fundamental aspect of an IT project. Yes, the card system is claimed to be more secure than an ID/password combination, but that’s not the issue here. Confidence in the new German ID card programme has been shattered, so the government will have to resolve the situation," he added.

"And that resolution is going to cost far more money than it would have cost the Government and its contractors to integrate high levels of security into the development process."

For more on the German national ID card system crack: http://bit.ly/ao8tnB


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts