Home Office denies ID card hack claims
A security researcher apparently hacked the ID card in just 12 minutes, but the government isn't buying the claim.
The government's "unforgeable" ID card was hacked in 12 minutes by security researcher Adam Laurie this week, according to a Daily Mail report.
Laurie was able to make a complete clone of the card using a mobile phone with chip reading capabilities and a basic laptop PC in 12 minutes, said the Daily Mail report.
Once the chip had been breached, Laurie was able to alter the person's name, physical data, and finger prints, as well as switch the "not entitled to benefits" section to "entitled to benefits", reported the Mail.
The Mail also reported that Laurie was able to add a security note into the card that said: "I am a terrorist, shoot on sight."
A spokesperson from the Home Office said: "This story is rubbish. We are satisfied the personal data on the chip cannot be changed or modified and there is no evidence this has happened."
The ID cards use a radio frequency identification (RFID) chip for data storage.
The government claimed that this technology could never be cloned or faked, despite widespread reports concerning potential vulnerabilities with the technology.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"If the Government is serious about preventing identity theft, then it really has to do better than this," said Laurie in the Daily Mail report.
"The identity card includes a number of design and security features that are extremely difficult to replicate. Furthermore, the card readers we will deploy will undertake chip authentication checks that the card produced will not pass," said a Home Office statement.
NO2ID today condemned the Home Office for knowingly making 'ID theft' easier, ignoring dangerous vulnerabilities in the ID card system.
"This shows up the big con. The Home Office doesn't really care about 'ID theft', or it wouldn't be pushing technology that any competent crook can subvert," said Phil Booth, national coordinator of NO2ID.