If this really did happen then it shows that the ID cards system is flawed. By being registered you are putting yourself at more risk from identity theft. We simply cannot trust this system.
ID card has been hacked and edited
http://www.publicservice.co.uk/news_story.asp?id=10348A foreign national's ID card has been cracked and then reprogrammed by a security expert in an investigation by The Daily Mail.
The newspaper borrowed the ID card of a foreign national and subjected it to tests to see how secure it is. The security expert, Adam Laurie, managed to clone the card using a Nokia mobile phone and a laptop.
ID cards have been cloned in the past, but the Home Office was always able to insist that the data held on the card's micrchip was secure and could not be modified. But with the help of a second security expert, Jeroen van Beek, the encryption placed on the microchip inside the card was cracked using clues from the codes printed on the card.
From this point, they were able to edit details on the ID card including the name, date of birth, that the card holder was entitled to benefits and fingerprints. They were also able to add a note to the ID card that would appear in front of any police or security officer using a card scanner that said: "I am a terrorist - shoot on sight."
When told of the investigation, a Home Office spokesman told the newspaper: "We are satisfied the personal data on the chip cannot be changed or modified and there is no evidence this has happened. The identity card includes a number of design and security features that are extremely difficult to replicate.
"We remain confident that the identity card is one of the most secure of its kind, fully meeting rigorous international standards."
Chris Huhne, the Liberal Democrat shadow home secretary, said: "The Daily Mail's investigation has blown such a huge hole in the government's ill-fated ID card scheme that it is now sinking beneath the waves.
"Surely it can only be a matter of time before Home Secretary Alan Johnson recognises the folly of continuing with this expensive and misguided intrusion into our privacy."
NO2ID condemned the Home Office for knowingly making ID theft easier and ignoring dangerous vulnerabilities in the ID card. Its national coordinator, Phil Booth, said: "This shows up the big con. The Home Office doesn't really care about ID theft, or it wouldn't be pushing technology that any competent crook can subvert."
Turn on thread page Beta
ID card has been hacked and edited watch
- Thread Starter
- 07-08-2009 12:29
- 07-08-2009 16:33
Am I surprised? Not in the least.
Offline21ReputationRep:Wiki Support Team
- Wiki Support Team
- 08-08-2009 02:18
Its not really a shock. ID cards dont really make you less likely to suffer from indentity theft, it just makes the results much worse when your identity is stolen.
- 08-08-2009 02:21
Not suprised but to tell police to shoot on sight is quite frightening. I wouldn't sign up for this if it's voluntary.
- 08-08-2009 02:22
The whole scheme is totally misguided. It's based on the principal that the technology cannot be beaten. In reality, every new security advance is superseded by hackers. They're always a step ahead. A rough comparison would be the Titanic being completely impossible to sink. I would, however, take any 'investigation' by the Daily Fail with a very large pinch of salt.
- 08-08-2009 02:27
Lol @ the government thinking the ID cards can't be hacked eventually. I think they are on the same juice as the Blu Ray corps who think hackers won't eventually tear HDCP apart.
- 08-08-2009 02:34
The problem with technology is that there is ALWAYS A LOOPHOLE , the possibilities for hacking anything technological are so large they might as well be considered infinite . I mean there are extremely talented hackers out there that will find loopholes just for the fun of it .
- 09-08-2009 19:35
Being able to alter the data stored on the card isn't that big a deal because important identity checks will be authenticated against the data stored on the government's population database, not the data stored on the card. I'd be very surprised if the integrity of the identity system is dependent on it being impossible to alter the contents of the card. I suspect that it will possible to establish someone's identity by checking their biometrics against the population database without needing to read any data from their card.
It's also not correct to claim that it's inevitable that technology will be always be broken (or at least broken before it can be successfully used for many years). The VideoGuard encryption Sky use for their subscription TV has yet to be seriously comprised in 13 years of use and the minor exploits found have been fixed by issuing new cards and firmware updates. The RSA encryption algorithm that underpins the security of much of the internet was first published in 1978, but the mathematical properties that make it secure still remain true.