Security App For the New German Personal ID Hacked

prefec2 writes "On Nov. 1st Germany started to issue new personal ID cards which include a security chip. In combination with a reading device and an application on a PC at home, secure transactions can be made. However, the required application can be compromised using DNS spoofing and a wrong SSL certificate (article in German)."

Re:Well now.

[rolfwind]

We no longer live in the days of Babelfish being the only game in town. Google Translate does a passable (but far from perfect) job:

http://translate.google.com/translate?js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&sl=auto&tl=en&u=http%3A%2F%2Fwww.heise.de%2Fnewsticker%2Fmeldung%2FNeuer-Personalausweis-AusweisApp-mit-Luecken-2-Update-1133376.html

Re:Bundestrojaner

[maxwell+demon]

But for that, they would not need to add that security hole. They could just install it from the regular update server of the app. Or redirect DNS, but use the original certificate.