One Article Review
| Source |  Reversemode |
|---|---|
| Identifiant | 8654598 |
| Date de publication | 2023-10-08 11:35:58 (vue: 2025-03-07 20:12:10) |
| Titre | Inversion \\ 'France Identité \\': le nouvel ID numérique français. Reversing \\'France Identité\\': the new French digital ID. |
| Texte | --------------Update from 06/10/2023 : following my publication, I\'ve been in contact with France Identité CISO and they could provide more information on the measures they have taken in the light of these findings:We would like to thank you for your in-depth technical research work on “France Identite” app that was launched in beta a year ago and for which you were rewarded. As you know, the app is now generally available on iOS and Android through their respective app stores.Your work, alongside French cybersecurity agency (ANSSI) research, made us update and modify deeply the E2EE Secure Channel used between the app and our backend. It is now mostly based on TLS1.3. Those modifications were released only a few weeks after you submitted your work through our private BugBounty program with YesWeHack. That released version also fixes the three other vulnerabilities you submitted.From the beginning of “France Identite” program, it was decided to implicate cybersecurity community, launching first a private BugBounty program. We are now happy to announce the BugBounty program will soon be publicly available, and the source code published in early 2024. You and all security researchers are welcome to participate.--------------More than a year ago I was invited to a private bug bounty with an unusual target: \'France Identité\', the new french digital ID. The bug bounty program itself was disappointing to me so I\'d say that, likely, it wasn\'t necessarily worth my efforts, although I\'ve been rewarded with some bounties for the reports. On the other hand, the scope was very interesting so for me, the technical part eventually made up for the negative aspects.It was a pure black-box approach against the preproduction version. I received a \'specimen\' French ID card (carte d\'identité), which obviously did not correspond to any actual citizen. However, I didn\'t get a PIN, so I couldn\'t fully cover all the functionalities implemented in the \'France Identité\' system. Now let\'s see what I found. IntroductionA relatively common approach to designing cost effective, user-friendly, chip-to-cloud solutions is to leverage the communication capabilities of the user\'s mobile phone. As a result, instead of endowing the smart device (e.g., digital ID Card) with all the required electronics and software that would enable it to autonomously transmit and receive data from the internet, the product is developed to use a short-range communication stack such as Bluetooth/NFC (something any modern mobile phone supports by default) and then, an App in the phone will create a communication channel with the backend, thus acting as a bridge for both worlds. |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | in 2 attestation c french introduction now so the this to vulnerabilities under /attestation /ms 00000000 06/10/2023 2024 3172 3rd 65279 :25218 :26368 :36864 : sca A48A36726FEF AA1 AKQCDAIVAQ APDU ARD Aaamg Access Akqa Akqada Akqcdaibha Alaaamg Alaaap8 CONTAINS Commands D7BCB1D3 D8B4 DIFFErent Read SESSIONID SSC Select a48a36726fef ability able about above accepted access acting actor actual adding addition aea1 aes aes/gcm/nopadding aes256 after against agency ago agreed agreement agrees akqcdaivaq algorithms all allowing almost alongside already also alternative although among an analyze and/or android announce another anssi anticipate any apdu apdulength apdus api apis app appchallenge appid application applicationid approach appusually arbitrary architecture are are arrays: as electronic asc aspects associated assumed atr attack attacker attacks attestation attestation functionality authenticate authenticated authenticating authentication automatic autonomously available backed backend backendc backendchalllenge bagtags base64 based batch because becomes been before beginning behind being benign beta better between bit black bluetooth/nfc body both bouncy bound boundaries bounties bounty box breaks bridge buffer buffers bug bugbounty but bypass byte bytes bytes calculating came can capabilities captured card cards cars carte case castle causes certain certificate certificates certificateschain chain challenge challenge challenge e challengec challenging change channel channel the channels checks chip chosen chunk chunks ciphertext ciphertextthe circumstances ciso citizen citizens clientchallenge clientchallenge cloned close cloud code collected collects coming commands common communication community complete completed completing concatenate concatenated conf considered consistency consistent constant constantwhere consume consumed contact contain containing contains content context contexts control controlling correspond corresponding cost could couldn counter cover create created cryptographic ctr curve custom cybersecurity d7bcb1d3 d8b4 data deal decided decodes decrypt decrypted decrypting decryption deeply default defined defines demonstrate depend depending depth derivation derivationonce derive derived deriving describe described designing despite detects developed developers device devices diagram did didn different diffie digital disappointing discard disclose disclosing distinguish does doing domain don door double due during e2ee each early ecdh ecdhp256 ecdsa effective efforts eid eid3 eid4 either electronic electronics elements elliptic enable encapsulated encoded encrypted endowing endpoint endpoints engineered ensure ephemeral equal error errors essentially establish established establishing eventually everything example exchange exchanged expected expects explicitly facilitate fields find finding findings:we first five fixes flawed flaws flowing flows focus focused following follows:counter force forces form:sharedsecret format found found: 1 france franceidentitee franceidentité fraud french frida friendly from fully functionalities fundamentally further g== gcm gcm/iv generally generate generated get goal gouv groups hand handling handshake handshake 2 handshakeany handshakeduring handshakeif handshakethe happy hardcoded hardware has have having header hellman herein higher highly hmac hmacsha256 hook hopefully how however http identified identifies identite” identity identité ids illustrate impact impersonation implement implementation implemented implemented:1 implementing implements implicate implicitly in mrtd included includes including inconsistence inconsistent increased increases incrementally incremented index inferred information init initenroll initial initialized instance instead intact integrated interacting interesting internally internet introductiona invited ios iot isodep issue issuer its itself ivcpt ivs java jmrtd json just kaa= |
| Tags | Vulnerability Mobile Technical |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.