With the help of the so-called AusweisApp, people should be able to conveniently confirm their identity using their smartphone. But now an anonymous hacker is warning of the service’s security risks.
Anonymous hacker finds security vulnerability
It may be hard to believe, but digitalization is increasingly finding its way into official matters in this country too. This also applies to ID cards. This now makes it possible to identify yourself online. However, the extremely sensitive personal data could easily fall into the wrong hands on the World Wide Web. At least one anonymous hacker is now warning against this. He claims to have found an alarming vulnerability that could make identity theft possible. Cyber criminals could then use the stolen data to open a bank account, for example, or carry out other highly personal transactions under a false identity.
Attackers should not need to have any real IT knowledge to do this. It is probably enough if they can access the affected person’s smartphone. But there are now ways and means of doing this. The easiest way would be to use a manipulated app. If the victim was then sent the PIN required for access, the attacker would simply intercept it. The attacker could then simply log into the ID card app and retrieve the necessary data.
AusweisApp with a permanent problem?
Cyberattacks are simply part and parcel of our digitalized world. After all, cyber criminals are constantly exploiting vulnerabilities in software and hardware to intercept important data. While some vulnerabilities pose only a minimal risk, others are highly risky. According to the anonymous hacker “CtrlAlt”, this is a rather dangerous vulnerability. After all, the criminals would only have to start at the most insecure link in the verification chain in order to obtain the relevant data.
- Also interesting: Security vulnerability: Apparent vulnerabilities in CPUs from AMD
In his blog, the IT expert then gives an example of the gateway that criminals could use in practice. Imagine that a person visits the website of the employment agency. They may be asked to identify themselves there. Here, the website redirects to the AusweisApp page via a link. The risk lies in this redirection. After all, a manipulated version could be redirected here. The user himself is unaware of this. For them, the ID app does not appear to differ from the original.
BSI has been informed
In order to inform the relevant authorities about the risk, “CtrlAlt” contacted the Federal Office for Information Security (BSI) directly. As the BSI did not respond adequately, the anonymous hacker has now taken the warning into his own hands and made the public aware of the risk. According to the BSI, the risk was not high enough. After all, the vulnerability is neither in the ID card app itself nor in the smartphone hardware.
Accordingly, users would have to ensure sufficient protection themselves. The hacker feels that the advice is not very useful. After all, users cannot prevent such attacks. Instead, “CtrlAlt” advises users to refer to secure apps that would not provide a gateway. Unfortunately, the anonymous hacker does not know how to actively combat the security gap. It remains to be said that, if possible, you should perhaps avoid using the online ID card for the time being.
No replies yet
Neue Antworten laden...
Gehört zum Inventar
Beteilige dich an der Diskussion in der Basic Tutorials Community →