1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites
Live TV
Latest audioLatest videos
In focus
German coalition collapseDonald TrumpCOP29

Good news for hackers

September 23, 2010

The highly-touted new national ID cards are easily hackable, computer experts say. But the ministry responsible for the new cards is standing behind its technology.

https://p.dw.com/p/PL9K
The new ID card
The new ID cards will debut in November 2010Image: Bundesministerium des Innern

Beginning in November 2010, German citizens who apply to renew their national ID cards will receive feature-rich cards capable of storing data-banking information and biometric statistics. About the size of a standard credit card, the new cards will also enable card-holders to make financial transactions with state authorities over the Internet.

The high-tech cards are supposed to provide enhanced security for online purchases. But this week, the Chaos Computer Club, a German-based group of computer hackers, demonstrated for a WDR television program that they could easily crack the personal identification number (PIN) of a test model of the new ID cards.

Risky business

Once a hacker has got hold of the PIN, he or she could impersonate the cardholder on the Internet and make purchases. And, he or she could easily change the PIN of the card.

"For the card owner, that means he won't even be able to access the data on his own card - he won't have the PIN anymore," Chaos Computer Club member Constanze Kurz told the broadcaster WDR.

A Chaos Computer Club congress
A group of computer hackers easily deciphered the PINImage: AP

In order to make purchases from a home computer, the cardholder inserts his ID into a special card reader to verify his identity. The Federal Office for Information Security (BSI) has acknowledged that it is possible to use so-called Trojan malware to crack PINs when the user is using a simple version of the card reader. The effect is similar to the 'keystroke' logging software that records every character typed on a keyboard.

An expensive mistake

The government has already spent about 24 million euros ($30.5 million) for about a million of the basic version of the readers. Experts recommend the use of high-quality readers, which have their own keyboard for entering the PIN, in order to foil potential hackers.

A card with a hologram
The old ID cards used holograms to help prevent fraudImage: dpa

But the Federal Office for Information Security, which developed the cards, has stressed that even with the known weaknesses of the simple card reader, the authentication process is still much safer than a username and password combination.

The ID card is still to be introduced according to plan, ministry spokesman Tim Griese told Deutsche Welle.

"There are no additional security measures planned in light of the current discussions," said Tim Griese of the Federal Office for Information Security.

Author: Sarah Harman
Editor: Susan Houlton

Skip next section Explore more

Explore more

A fingerprint

Germany planning digital ID card for foreigners

Germany planning digital ID card for foreigners

Germany is planning to introduce a digital identification card for foreigners in a move to combat illegal immigration. The ID card is only for non-EU citizens living in Germany, according to a newspaper report. (18.09.2010)
September 18, 2010
The new ID cards

Concerns raised over security of new German ID cards

Concerns raised over security of new German ID cards

From November 2010 anyone needing a new ID card in Germany will be able to get a feature-rich enhanced card, which stores a host of data. But experts are not impressed by the security features on the new ID cards. (26.08.2010)
August 26, 2010
Secure email system

Critics point to cracks in proposed German encrypted e-mail system

Critics point to cracks in proposed German encrypted e-mail system

DE-Mail aims to replace much of the official, legally-binding e-mail exchanged between companies, the government and citizens. But IT experts warn that it may have some crucial security flaws. (22.07.2010)
July 22, 2010