Digital Driver’s license
Digital Driver’s license, The Australian state of New South Wales issued digital driver’s licences in late 2019. People might use their iPhone or Android smartphone to prove their identification and age during highway police checks or in pubs, stores, hotels, and other facilities with the new licences.
The government agency, known as ServiceNSW, stated that it would “offer additional degrees of security and protection against identity fraud, compared to the plastic [driver’s licence]” that citizens had been using for decades.
Now, 30 months later, security researchers have demonstrated that forging bogus identities using digital driver’s licences, or DDLs, is simple for just about anyone. The method permits underage drinkers to falsify their birth dates and fraudsters to create false identities.
The method takes less than an hour, requires no special hardware or expensive software, and produces phoney IDs that pass the electronic verification system used by police and participating venues. All of occurred despite claims that the newly established DDL system’s security was a top priority.
“To be clear, we do believe that if the Digital Driver’s Licence were improved by implementing a more secure design, then the above statement made on behalf of ServiceNSW would indeed be true, and we would agree that the Digital Driver’s Licence would provide additional levels of security against fraud compared to the plastic driver’s licence,” Noah Farmer, the researcher who discovered the flaws, wrote in a blog post published last week.
With minimal effort, a superior mousetrap was created
“Everything will check out when an unwary victim scans the fraudster’s QR code, and the victim will have no idea that the fraudster has matched their own identifying photo with someone’s stolen Driver’s Licence details,” he stated. Digital Driver’s license
However, DDLs make it “possible for unscrupulous users to generate [a] fake Digital Driver’s Licence with minimal effort on both jailbroken and non-jailbroken devices without the need to edit or repackage the mobile application itself,” as things have stood for the previous 30 months.
DDLs necessitate the use of an iOS or Android app that displays each individual’s credentials.
Police and venues can use the same app to verify if the credentials are genuine.
The following features are aimed to ensure that the ID is genuine and current:
- Animated NSW Government logo.
- Display of the last refreshed date and time.
- A QR code expires and reloads.
- A hologram that moves when the phone is tilted.
- A watermark that matches the license photo.
- Address details that don’t require scrolling.
Technology behind Digital Driver’s license
The brute force provides a fraudster access to someone’s encrypted DDL licencing data—either with authorization, by obtaining a copy kept in an iPhone backup, or through remote compromise—and allows them to view and edit any of the data recorded on the file. Digital Driver’s license
Then it’s just a matter of extracting the file containing the credential, decrypting it, modifying the text, re-encrypting it, and copying it back to the device using basic brute-force software and regular smartphone and computer operations.