09-11, 17:05–17:35 (Europe/Stockholm), Main hall
Electronic Identification solutions are everywhere, more and more are popping up after the EUs eIDAS regulation that attempts to achieve a secure way to digitally authenticate individuals. Often these systems are implicitly trusted, however time after time vulnerabilities have been discovered in them, making them very valuable targets for threat actors. The Swedish BankID is a popular eID solution, in this talk I will go over a technical and security overview as well as presenting vulnerabilities found in the most common implementations.
Hi! I'm a Security Researcher and Bug Hunter from Italy, living in Sweden. I spent some years as a backend engineer and love building and especially breaking web applications. My main focus is finding new ways to exploit authentication and access control solutions, possibly with a beer in my hand.