Digital driver's licenses are often touted as being far more secure than traditional one, new evidence suggests that's not the case.
Digital driver’s licenses are being touted as the more secure identification of the future. Many states in the US have already adopted different forms of these supposedly more secure forms of identification. In Arizona, residents can even choose to add these digital IDs to their Apple Wallets if they have an iPhone. However, Ars Technica recently pointed out some serious security flaws that could potentially make digital driver’s licenses easier to forge than traditional ones. Perhaps the US shouldn’t totally forgo plastic IDs just yet.
The fact that digital driver’s licenses may not be as secure as previously thought became particularly obvious in one region of Australia after a team of researchers identified a multitude of instances where fake digital IDs that passed as real ones had been used. The researchers determined that individuals could quickly and easily create a fake idea without any professional tech training or access to any specialized hardware or software. A researcher clarified that it is “possible for malicious users to generate [a] fraudulent Digital Driver’s Licence with minimal effort on both jailbroken and non-jailbroken devices without the need to modify or repackage the mobile application itself.” This is problematic because it has already led to an uptick in instances where underage individuals can successfully pass themselves off as of age.
Figuring out how to create a fraudulent digital driver’s license is as simple as looking it up on YouTube. The video below takes a viewer through the whole process step by step and can be watched in under one minute. Take a look.
It’s frightening how easily people can usurp others’ digital driver’s license data. What it really comes down to is being able to leverage data loopholes. For instance, acquiring encrypted data off of a phone would theoretically hold all of a person’s digital driver’s license information. This is because that form of ID is inherently stored on an individual’s smartphone.
However, essentially what makes these fake digital driver’s licenses so convincing is the QR component. Every digital ID is equipped with a unique QR code that holds any one individual’s unique information, such as their birthdate. Thus replacing one QR code with another essentially changes the information in the ID. For instance, if an 18-year-old wants to appear as though they are 21+ on their ID they simply would have to swap out their QR code with another person’s who is 21 or older. What’s more, is that simply swapping the QR codes means that a person wouldn’t even have to change their picture, further adding to the believability factor.
Overall, as with any new technology, there are kinks that need to be worked out before it can be widely and safely utilized. The vulnerabilities associated with digital driver’s licenses are certainly a prime example of that. Still, there is a lot of promise for digital driver’s licenses, but in order for that promise to amount to anything, inherent flaws associated with digital IDs need to be addressed. For now, though, it looks like individuals should keep their good old-fashioned plastic IDs in their physical wallets for a little while longer.