18 hours ago
11
Anti-fraud technology employed with multiple states' digital drivers licenses is “invalid” and easy to make, cybersecurity experts say.
A major flaw in the anti-fraud technology of some Australian digital identification cards has been found, which could lead to false verification and the rise of fake digital drivers licenses.
The trend to digitise identification in Australia started in 2017 in South Australia – other states followed suit, with New South Wales in 2019, Queensland in 2023, and Victoria in 2024 (separate from the federal government’s myGovID/myID).
The trouble is that some state governments have been promoting the use of holograms online as a high-tech anti-fraud measure that only surmounts to a few easy lines of code.
Victoria and NSW specifically have been advocating for this “on-app hologram”, but the security measure is anything but.
Cybersecurity experts deem the feature to be not accurately representational and are petitioning for its removal from the app, and instead urging governments to follow International standards (ISO 18013-5).
Thinking Cybersecurity CEO and Australian National University Professor Vanessa Teague told the ABC the security measure is worthless.
“It’s a scam. There’s no polite way of putting it,” Teague said.
"It's not a security feature. Someone has conned someone who has purchasing power with public money and not enough technical understanding to see that it's completely invalid."
Both the NSW and Victoria service websites list checking the hologram on their list of steps to verify digital drivers licenses.
They both also encourage further checking of the physical card if one is “still not sure” or having an “issue verifying the authenticity” of the app’s ID.
While some locations are no longer accepting digital driver's licenses as a form of entry, the fear with the misuse of these fake digital IDs is vast.
Fake IDs could potentially be used by underage people to buy alcohol or cigarettes, enter venues with an minimum-age requirements, be used to share fraudulent details in instances like car accidents, signed agreements, or even stealing people’s mail.
Different states have different methods of ensuring technological validity despite these fraudulent attempts.
The Service NSW website states that licence checkers should be equipped with features that help reduce the risk of identity fraud.
Service Victoria states that "the most secure way to check a digital driver licence is to scan the QR code".
Cybersecurity experts, including Teague, agree that international standards are the way to go.
"There's really no excuse for Australia not to be adopting one of those transparent standards," Teague told the ABC.
"We did this with the COVID app. There was a perfectly good international standard that was reasonably secure; instead, we just made up our own rubbish that didn't work."
Ilana is a Melbourne-based journalist who was previously a copywriter in the Big Apple. Having moved to Melbourne for her Master of Journalism, she has written articles about food, farm machinery, fashion, and now the fast and furious. Her dream car has been a Mini Cooper since the fifth grade, eyeing its style and petite size.
