CCC reveals security problems with German electronic IDs

The Chaos Computer Club (CCC) has repeated its criticism of Germany's new electronic IDs (eIDs). They claim that the system used with the basic scanner, 1 million of which are to be handed out for free, is inherently unsafe.

The electronic identity cards with their integrated RFID chips are being introduced in Germany to allow the authorities to quickly and reliably identify citizens. Card holders can, by using the basic reader, also use the card to identify themselves online and lock accounts on government web sites to the eID on the identity card. The mandatory electronic identity cards are being issued from the start of November.

But, back in August, CCC members demonstrated on German TV news show "Plusminus" how attackers can use malicious software on a PC to sniff the input of the eID's PIN. The basic scanner does not have a keyboard that would allow the PIN to be entered manually and prevent sniffing.

Tonight, another German news show, "Bericht aus Brüssel"(German language link), will be broadcasting a similar demonstration by the CCC starting at 8:55 PM GMT. The show will demonstrate that software freely available to everyone on the Internet can be used to remotely control the electronic ID using the stolen PIN. The CCC said in a press release(German language link) that once an attacker has the PIN, they can use the eID for anything, as long as the identity card is inserted in a scanner. Attackers could hide in the background and act as the holder of the ID without even having to access the transmitted data. It's even possible, say the CCC, for attackers to change the ID's ‘secret’ PIN”.

Tricks like virtual keyboards operated via a mouse apparently do not provide additional security, and even scanners with their own PIN keyboards only offer limited protection. Man-in-the-browser attacks can be conducted to modify the content of transactions without the knowledge of users. Users can only see what transactions they are conducting if the scanner displays the most important transaction data, such as the recipient account and the amount for online banking, before the PIN is input.

The CCC also criticises the new electronic identity card's optional signature function, which provides a legally binding signature for digital documents. Attackers have reportedly already managed to use Switzerland's SuisseID card to put a legally binding signature on a foreign identity. The CCC says the German ID card has similar vulnerabilities.

In particular, the CCC complains that there are no guidelines for how documents to be signed must be set up. They argue that it is generally a bad idea to put digital signatures into complex document formats because users cannot be certain that the document will always be displayed the same way in different applications.

For example, the "SwissSigner" program can sign a PDF file containing active JavaScript even though the application cannot correctly display the document and the document has a different appearance in the widely used Acrobat Reader. Nonetheless, under certain conditions, it has been shown that the qualified signature can remain intact.

An expert from the BSI, Jens Bender noted the criticism of the CCC and acknowledged that users would be making "a big mistake" if the identity card was left in a reader for longer than necessary. But apart from services such as age verification, it would be impossible for online criminals to carry out fraudulent financial transactions on the Internet because a separate signature feature would need to be activated. This signature, he says, is protected by a second PIN which can only be entered into a reader with an integrated keypad.

Under no circumstances, Bender says, would an attacker gain access to the personal data of the eID card holder as this would be transmitted in an encrypted form. He did concede that it was possible to change the PIN number but regarded that as an improbable scenario as the owner would immediately realise that something was wrong. The BSI stresses that even with the known weaknesses of the basic readers, the authentication procedure is significantly safer than the combination of user name and password that is in use now.

(djwm)