Mauritian Expert Witness Demonstrated How Data Can Be Stolen From The Biometric ID Card
After granted persmission yesterday by the Judge Eddy Balancy, every eyes were on the Mr Sookun today. He had to do a presentation but this was not projected as State lawyers stated that they do not have an expert to refute his sayings. The Judge therefore confirmed his findings which will be considered as evidence.
Mr Sookun showed how data stored on the Biometric ID Card can be copied to a laptop by using a simple RFID Card reader. The card reader can capture the data from a distance of 5 centimeters, as such, the holder of the card reader does not really need to have the card in hand to get the data.
He added that this type of card reader are easily available for sale on the internet and has been buying one himself. The card reader did get through the custom office without any problem.
He also talked about the vulnerabilities on the MNIC website where he was able to retrieve personal information of 67 people. According to him, the way of coding gives the impression that these were written by script kiddies, that is, those having a very low level of coding experience.
Mr Sookun did not miss this opportunity to talk about the vulnerabilities on the Government website (www.gov.mu) caused by the "mis-managing" of the Sharepoint. As such, the website can easily fall prey to hackers. The Linux enthusiast mentioned that the Government domain name was also registered by a private company, Internet Direct Limited.
The next hearing is due for Monday 8th September 2014 and the Judge said that Tuesday could be the last one.
Thanks to Mr Ish Sookun who provided us with the information for this article
Mr Sookun showed how data stored on the Biometric ID Card can be copied to a laptop by using a simple RFID Card reader. The card reader can capture the data from a distance of 5 centimeters, as such, the holder of the card reader does not really need to have the card in hand to get the data.
He added that this type of card reader are easily available for sale on the internet and has been buying one himself. The card reader did get through the custom office without any problem.
He also talked about the vulnerabilities on the MNIC website where he was able to retrieve personal information of 67 people. According to him, the way of coding gives the impression that these were written by script kiddies, that is, those having a very low level of coding experience.
Mr Sookun did not miss this opportunity to talk about the vulnerabilities on the Government website (www.gov.mu) caused by the "mis-managing" of the Sharepoint. As such, the website can easily fall prey to hackers. The Linux enthusiast mentioned that the Government domain name was also registered by a private company, Internet Direct Limited.
The next hearing is due for Monday 8th September 2014 and the Judge said that Tuesday could be the last one.
Thanks to Mr Ish Sookun who provided us with the information for this article