Service NSW allows device data to be included in device back-ups. This means that a user could change any details other than the licence name or under-18 status, including but not limited to the photograph and address, while keeping the app’s verification features like its pull-to-refresh, hologram, and QR code scanning. Much like the loophole in the security digital vaccine certificate system, the security issues depend on design flaws that allow modification of client-side information - a fancy way of saying the data that’s kept on your phone, not on Service NSW’s servers. “Upon the launch of Service NSW’s Digital Driver Licence there were multiple security researchers who publicly reported a number of security issues including but not limited to the ability to manipulate digital licence data and create fraudulent digital identities,” he wrote.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |