Select Page

Incident: NSW digital driver’s licences ‘easily forgeable’ | iTnews

Incident: NSW digital driver’s licences ‘easily forgeable’ | iTnews

Australian Cyber Security Failure,
18 May 2022

NSW digital driver’s licences ‘easily forgeable’

Underage people allegedly go drinking with fake IDs.

Source: NSW digital driver’s licences ‘easily forgeable’ | iTnews

Related Service NSW and State Government reports.

Update, 19/5 6.30pm: Service NSW told iTnews that the issue is known and does not pose a risk to customers.

Security researchers have analysed the NSW digital driver’s licence (DDL), and found that it’s “trivial” to get past the security measures implemented to protect the identity credential, and forge the data presented by the application.

Dvuln researcher Noah Farmer went through the Apple iOS version of the NSW DDL, inspired by the prior testing by another researcher in 2019, that showed it was possible to modify the data on the credential to display false information.

Farmer observed that social media users reported that a number of underage people were using fake DDLs that are easy to make, to visit drinking establishments in the state.

YouTube player

“The blogger has manipulated their own Digital Driver Licence (DDL) information on their local device. No other customer data or data source has been compromised,” a Service NSW spokesperson said.

“It also does not pose any risk in regard to unauthorised access or changes to backend systems such as DRIVES.

“Importantly, if the tampered licence was scanned by police, the real time check used by NSW Police (scanning mobipol) would show the correct personal information as it calls on DRIVES,” the spokesperson added.

The earlier researcher, Yaakov_H, reported his findings to Service NSW, but it’s unclear if the agency took any steps to remediate the bug discovered.

 


About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More Australian News

Weekly Australian News and Monthly Incident Review Emails

No advertisements, marketing, sales, or unsolicited emails. Your email address is ONLY used to send the publications listed above.

* indicates required


Shares
Share This