shutterstock_1094901527 banner.png

Photo: / Taras Vyshnya

Researchers Want Australia's Digital ID System Thrown Out and Redesigned From Scratch

– ZDNet

Researchers who uncovered security flaws in Australia’s digital identity scheme have recommended the project undergoes a full redesign

Professor Vanessa Teague and Ben Frengley found that the country’s myGovID system could leave people at risk of identity fraud, by cybercriminals reusing a victim’s login credentials on any website.

“The Identity Exchange (IdX), the researchers said, acts as a single point of failure for both privacy and authentication, resulting in an ‘extremely brittle architecture that would allow for large-scale identity fraud if that one component came under the control of a malicious party’.”

The researchers say that despite being warned about this danger, the Australian Tax Office have made no steps towards rectifying it.

The researchers were also concerned with a paragraph in the DTA's consultation paper that states the resulting digital ID legislation will include additional mechanisms, including penalties for protecting information used in the system, such as biometric information

View Article