New German national ID card hacked by Chaos Computer Club

Infosecurity magazine reports:

The German government’s new national ID card – which will start being issued this November – has been publicly hacked on TV by members of the infamous Chaos Computer Club.

The feature-rich cards, which the government has spent €24 million on so far and is hoping will be used by a variety of third-party organisations, are capable of storing useful authenticators such as biometric data and allied information.

Or rather, was hoping, as German newswires have reported that members of the Chaos Computer Club demonstrated how easy the cards were to crack live on the WDR TV channel, reportedly resulting in considerable consternation in government circles.

The article quotes Richard Kirk, European director of Fortify Software:

The ID card industry was hit badly this year, he explained, when the UK government scrapped its plans for an ambitious UK national ID card system, so this very public cracking of the German card scheme – weeks before it is due to go live – is not positive on several levels.

On one level there is the public confidence in the security, whilst on another there are the commercial implications for the German ID card system, since third-party organisations will not have been filled with enthusiasm over the TV cracking of the system, he said.

Kirk said that the ID card project is a breathtaking example of what can go wrong on the development front when developers don’t ‘get’ the need for security as a fundamental aspect of an IT project.