Professor Vanessa Teague and Ben Frengley found that the country’s myGovID system could leave people at risk of identity fraud, by cybercriminals reusing a victim’s login credentials on any website.
“The Identity Exchange (IdX), the researchers said, acts as a single point of failure for both privacy and authentication, resulting in an ‘extremely brittle architecture that would allow for large-scale identity fraud if that one component came under the control of a malicious party’.”
The researchers say that despite being warned about this danger, the Australian Tax Office have made no steps towards rectifying it.
The researchers were also concerned with a paragraph in the DTA's consultation paper that states the resulting digital ID legislation will include additional mechanisms, including penalties for protecting information used in the system, such as biometric information