Comment by crote
9 months ago
> Those bits of information are worthless when you need to create a cryptographic signature with your ID card to do almost anything important.
That depends on the type of attack you're protecting against. It might prevent an attacker from filing your taxes for you, but many companies are still going to use this kind of information as primary key. But it's not going to stop an attacker from pretending to be a bank employee, calling a genuine bank employee via a secret internal-only number, and claiming they've got Mr. Doe in their branch trying to do a critical transaction but their phone broke so they can't use the bank app. Yeah, the Mr. Doe living at 987 Main Street, that one. See, you even verified their ID, and it has a SSN of 123456 printed on it - just compare that to our customer database to make sure it's legit!
It also opens up a whole new type of attack. The problem with those smart cards is that there isn't really a way for the user to know what operation is actually happening. You're using a regular PC or smartphone to interface between the smart card and whatever entity you're trying to communicate with. But that could just as well be a phishing website pretending to be that entity, or malware doing a MitM. Or even just a random website pretending to need a signature for "age verification" when it's actually applying for a loan behind the scenes.
There's no "Do you really want to sign over your house to XYZ?" message on the card itself. And suddenly the government/bank/whatever is getting a request with a cryptographic signature which can obviously only be made by you - why would they have to double-check it if it cannot possible be fraudulent?
I agree that we should be moving to more secure systems, but those ID smart cards aren't a one-size-fits-all solution.
> There's no "Do you really want to sign over your house to XYZ?" message on the card itself. And suddenly the government/bank/whatever is getting a request with a cryptographic signature which can obviously only be made by you - why would they have to double-check it if it cannot possible be fraudulent?
My country's version uses separate mechanisms with separate passwords for "identify me, revealing my name/DoB/number" and "sign something". Obviously not impossible to pretend that you're signing an innocuous document and have you sign something else, but it at least removes some of the low-hanging fruit.
As a potential Mr. Doe, I'd love to have an ability to opt in to a stricter mode of banking. I would voluntarily ask my bank to refuse certain types of transactions in my name unless my identity can be confirmed by secure machine-readable means at my presence; internal phone calls should not qualify. It could be a bank card, or a passport — yes, both can be physically stolen, but it's much harder to pull off, and I would immediately warn my bank when I notice.
That seems entirely like an implementation detail that doesn't have anything to do with the smart card interface itself.
It's not like it's rocket science to have the reader application detail what the request is used for, and encoding it in the request/response, verified when used, so that it can't be used for anything but the approved purpose.
> It's not like it's rocket science to have the reader application detail what the request is used for, and encoding it in the request/response
The reader application can, sure, but what ensures that that "reader application" is genuine and can't be subverted? The card's own processor is supposedly tamperproof, but all the display etc. is in the reader which is probably owned and controlled by whatever third-party you're identifying yourself to, or at best it's a random application running on your PC/phone with whatever malware you have.
This is already a more restricted type of attack than the common identify theft that's rampant right now in the US.
What you're describing requires the actual terminal you're interacting with to be malicious, and it can only be used to authorize individual transactions.
As things stand in the US, a much broader class of attacks are not only possible but common, in which the attacker takes over the identify of the victim and can authorize any number of transactions in their name.
Why do you trust the reader though? It could display one thing and send another. Although I guess this also happens with payment card terminals. Who's to say the €3 displayed is not charged as €300...
This is a solved problem.
If the ID is on your phone, you can make it so that the transaction details have to be digitally signed by the person authorizing them in order to be valid. Then, if 3€ shows up on your phone, that's what you're authorizing, not 300€.
3 replies →