Digitization: Fake driver’s license in the cell phone: The system is so easy to trick
Having your identity card and driving license always at hand on your cell phone can be more than practical in everyday life. The Verimi ID-Wallet app wants to make this possible, but is currently struggling with massive security problems.
We usually carry our driver’s license and identity card around with us in our wallets. Anyone who gets caught in an inspection must also show the paper documents. But the direction is clear: ID cards should be securely stored in mobile phones.
The Verimi app is at the forefront here and is already digitizing ID cards, vaccination certificates and driver’s licenses, for example. However, the app currently does not meet the highest data security standards promised by the provider.
A security expert managed to trick the verification process in just 30 minutes and get a fake driver’s license in the app.
Very little effort: It’s that easy to create a false identity
3, 2, 1 and the fake digital driving license is ready. After there were already massive security problems in the official app for the digital driver’s license, Verimi has now also been hit. Behind it are, among other things, as shareholders companies such as
This app also tries its hand at the digital wallet. The idea: You should be able to identify yourself with just one click or fingertip. Mobile should provide easy and secure management of your identity. But security fails because of the so-called photo identification process.
The security expert Martin Tschirsich overturned this and acquired several fake digital identities. In order to outwit photo identification, he photographed the front and back of the driver’s license, digitally changed the name and printed out the manipulated images larger than life at a photo kiosk.
He then photographed the manipulated images with the app and took a selfie. The “AI-supported process” then confirms the authenticity of the images in a matter of seconds. Tschirsich states that the total duration of the attack was only 30 minutes.
Photo identification process does not recognize counterfeiting
Tschirsich has gone through the procedure several times and, according to his own statements, is “in the meantime the proud owner of several digital driving licenses and Swiss citizenship (can never hurt)
“.
The security expert notes: “The insecurity of the photo ID is well known. Foto-Ident is therefore only used in Germany in sectors that are not subject to any special regulations. It remains unclear why Verimi considered the procedure to be suitable for the second attempt at a digital driver’s license
“.
Definitely improve
Ouch, that hurts. ID and driver’s license on the cell phone, there is great interest among users. But of course the whole thing has to be built safely. Verimi has to improve significantly if the identification process can be tricked so easily. FOCUS Online has asked the provider for a statement. The answer came promptly:
“We only found out about this case from the media. We take the process very seriously and immediately initiated a review of the processes with Veriff. In the course of the fraud process, the affected account was identified and blocked, and Verimi and Veriff took measures to prevent similar constellations in the future. Please understand that we cannot comment on further details of these measures for security reasons”.
Driving license at 16? That’s how divided the Germans are
CHIP