Status of MitID app

Nowediff

I had the same issue with MitID on GrapheneOS. It said my device is rooted, but it's not. I updated GrapheneOS recently, so maybe that's the prob. Can someone with an older GrapheneOS version check if MitID works for them It seems like there might be a hiccup with the MitID app on GrapheneOS. The message about the device being rooted popped up, but the phone isn't rooted. Could be an update thing. Maybe someone with an older GrapheneOS version can check if the app works without showing that message? If it's just happening after the recent update, might be a bug. Could really mess things up for folks in Denmark if it's not sorted out.

lbschenkel

Nowediff Which version of MitID and GrapheneOS? This should not be happening in recent versions of MitID:
https://gist.github.com/lbschenkel/4199be415f2a139b64688ae74c92a7fc

Grkrz

I am no longer able to login to the site with MitID. I can enter the code of MitID but nothing happen afterwards.

Grkrz

Grkrz mitID works but it is not possible to login to any sites on Vanadium.
Something is not allowing to continue to enter the site after conformation from MitID.
I have tried with Firefoks and works.

lbschenkel

I can confirm that MitID login flow is currently broken in Vanadium: the MitID app itself works but when control is back to Vanadium, it does not redirect to the post-login page.

I could reproduce this when trying to login in mitid.dk and when trying to login in my bank app. Switching default browser to either Firefox or Chrome fixed the issue.

I tried to relax every possible setting in Vanadium but I could still not make it work.

Note that I am 100% certain that Vanadium used to work months ago. In fact, to login to my bank app I was forced to change default browser from Firefox to Vanadium because with Firefox it always got stuck in the post-login phase, in a similar way that it is happening now. Now the situation has reversed.

I am not quite sure if this is due to something changing in Vanadium, or due to the changes that happened with the MitID login flow when the barcodes were introduced. It used to be that you could login by entering your name and manually switching to the MitID app to authenticate; now you are forced to push the button to open the app from the login form. This change might have been the one that stopped working in Vanadium for whatever reason. I'm inclined to say that either way, this is a Vanadium bug.

[deleted]

lbschenkel This may be because of some Vanadium patch for privacy

Grkrz

I can only confirm that last week everything was working with Vanadium.

GrapheneOS

@lbschenkel Every issue reported with this app has been a bug in the app. The same thing applies to the compatibility issues with Vanadium. They're doing completely broken security theater as they've always been doing. The solution is reporting the problems to them persistently and getting them to fix it as they've done for past issues. They expect the browser to leak information about the OS including the device model or they'll ban it as fraud. It doesn't make any sense and is broken. Security checks should always be server side, not client side, and these kinds of checks are not security. The developers of these apps take security theater nonsense to whole new levels. They may be violating competition laws in the EU by unnecessarily breaking the app with alternate operating systems and browsers. Please raise these issues with them.

@[deleted] Vanadium stopped telling websites the device model, etc. via high entropy client hint headers. This doesn't break anything that's not inherently broken. Only Chromium-based browsers have the client hints. The app is buggy and is hard-wiring checks to see if the browser resembles one they allow.

Vanadium isn't going to provide a toggle to enabling giving sites the device model, etc. via headers that are not even implemented by non-Chromium-based browsers. This app is extremely buggy and poorly written. They need to cut out the security theater of hard-wiring checks for the browser providing metadata matching a browser/OS they allow. It's nonsense and doesn't improve security in any way. They almost certainly do this as part of broken bot / fraud detection. They simply need to fix it to permit Vanadium. Ask them to fix their buggy software again. They seem to be willing to do that since they fixed all the other issues in the past eventually.

GrapheneOS

@lbschenkel This app is consistently broken on different browsers, operating systems, etc. due to their security theater and buggy code. There has never been a case where it was broken due to a bug in GrapheneOS. It's incredibly strange to start blaming something you say happened in Firefox with it before on Vanadium now. It's their app which is consistently the problem. Removing the high entropy client hints was a publicly announced change in Vanadium which doesn't break compatibility with anything that's not already broken and non-portable. They need to fix their site, and you need to report their bugs to them rather than to us. Blaming Vanadium for this is wrong, just as blaming GrapheneOS for the earlier issues was wrong. Every issue has proven to be a bug they ended up fixing later. There has yet to be a single issue reported here which was anything else but a bug on their end. Report them problem to them and emphasize that supporting only specific browsers is anti-competitive. Whitelisting browsers based on their advertised OS/version/hardware metadata is wrong.

An actual bot would simply send the headers that Chrome does without doing anything special by simply doing automation via scripted Chrome, invalidating their broken checks.

lbschenkel

GrapheneOS I'm a developer myself, so I completely agree with you on technical matters. That said, let me clarify.

What I wrote before:

I'm inclined to say that either way, this is a Vanadium bug.

Mea culpa. Re-reading this now, what I should have written to express what I had in mind was either way, this is a regression likely triggered by a Vanadium change. I did not really meant to lay the blame on Vanadium, I just wanted to express that:

I'm completely sure that Vanadium used to work
Then at some point it stopped working (not sure when, I re-tested when I saw the reports here)
Other Chromium-based browsers still work
I checked the commit log in Vanadium and I seemed possible that some of the changes from when it used to work may have upset MitID

I'm happy that you finally clarified that additional hardening in Vanadium regarding the headers is what triggered the change in behaviour from the MitID side. This proves that my hunch was right.

It's incredibly strange to start blaming something you say happened in Firefox with it before on Vanadium now.

No, it's not "incredibly strange". It's exactly what was happening:

In the past, it was not possible to log in with MitID inside any app if Firefox was the default browser in the phone (as it becomes the default in-app browser as well). After authentication, when the control was sent back to the app, the app couldn't detect that the log-in succeeded. Note that this was only for apps; authentication in Firefox itself (for websites) was working.
Changing the default browser to Vanadium (which became also the default in-app browser) fixed the authentication issue for apps. Authentication for websites also worked.
At some point, Firefox started working, both in websites and as the in-app browser inside other apps.
Now Vanadium no longer works, neither in websites, nor inside other apps.

This is not laying blame. I was just stating the facts: for authenticating with MitID, Firefox used to be broken and Vanadium used to work, and now the situation has reversed and Firefox works but Vanadium doesn't.

I have enough experience with MitID that 99% of the time the problem is with MitID. But more often than not, it's also true that changes elsewhere trigger some overzealous security theater MitID checks. When that's the case, even though the blame almost always lies with MitID, it's often important to understand what changed and how it upset MitID (to report it to them and to see what's the best workaround).

Ask them to fix their buggy software again. They seem to be willing to do that since they fixed all the other issues in the past eventually.

Report them problem to them and emphasize that supporting only specific browsers is anti-competitive.

I have done this multiple times and I am still doing it. But to get the message across, each time MitID stops working we need to understand (1) what broke this time and (2) why it broke now so we can formulate in some way that hopefully they can understand. Hence the discussions here.

To conclude, @GrapheneOS, I would like to express a few extra points:

We all love GrapheneOS, that's why we use it and that's why we're here.
This thread is for the community to find solutions, not a support request towards GOS developers, so please assume good intentions by default. Nobody is trying to blame GOS (even if poorly worded, see above) — and we do understand that almost every change made to GOS is to improve privacy for users — but at the same time I am trying to understand any GOS changes that may start tripping MitID: (1) because I'm a curious technical person and (2) to document this for other users.
No matter how brain-dead MitID is (and I do completely agree with you regarding all technical points), it's very difficult for someone not living in Denmark to grasp how essential MitID is to daily life. It's not an app that you use simply for convenience. This is basically a digital version of your ID and you need it to authenticate with virtually every important local service, even offline ones (for example, if you try to call your bank they will not do anything before they validate your identity with MitID). The Nordic countries have almost completely moved towards a society that is cashless and almost every service is digital only, and you must be authenticated via a government-mandated authentication solution that is tied to your real identity (MitID in the case of Denmark).
So it's not a question of stopping to use apps, or changing banks, or changing services, because all of them use MitID. That is why we're so eager to discuss any breakages here, because it impacts us strongly and at the same time we love GOS and want to keep using it if we can without having to carry an alternative device for the sake of MitID only.
P.S.: Don't shoot the messenger, I'm just stating how things are, not that the should be this way. Unfortunately, I'm powerless to change this status quo and I have to live within these parameters.

GrapheneOS

The app developers explicitly say that they only support Chrome and Safari. They deliberately break it in other browsers. They likely added hard-wired checks for Firefox's headers at some point so that temporarily works, until it changes slightly and stops working again for months. Entirely useless security theater and is going to keep breaking with each new OS release, browser changes, etc. It doesn't mean anything is broken about those OS releases, browser changes, etc. This app is broken, and will keep breaking over and over even on the stock OS until they stop doing this broken bot detection nonsense.

de0u

lbschenkel The Nordic countries have almost completely moved towards a society that is cashless and almost every service is digital only, and you must be authenticated via a government-mandated authentication solution that is tied to your real identity (MitID in the case of Denmark).

As an outsider, I'm curious... what happens if the system goes down for a few hours? Do people just freeze wherever they are and meditate?

What happens if a well-resourced criminal gang comprises the system?

lbschenkel

To clarify how this app works, for whoever is not an user:

First you need to activate it, which binds that particular installation to your real life identity. To activate it you need to authenticate with MitID in a different device, or scan the chip your passport, or go in person to a government office and bring ID documents for them to validate who you are.

Then to authenticate, there may be requests that come out of band (from outside the phone) or in band (inside the phone).

Out of band requests can be two ways:

You trigger it by trying to login on a website in a different device, such as your computer. The login flow will show a QR code (which changes every few seconds) that you scan with the MitID app, then you authenticate, and the login flow detects it and continues.
Some entity like your bank can trigger an authentication request directly against MitID. For example you call them, they want to know that you are you, and then you open the app and the app shows an incoming request from your bank.

In-band requests involve MitID being launched by the requesting app via a specific intent. In practice the app will always be a browser (standalone or in-app view), because the MitID login flow always involves opening a browser pointing to their server-side login form. The difference is that this form will have a button to trigger the intent, instead of showing a QR code (that you obviously can't scan within the same device).

The reason for the ever-changing QR code and the intent is to decrease the chance of the user being tricked into authenticating on behalf of someone else: a specific action must be done by the user in the phone; requests won't be coming out of the blue (barring a few scenarios such as when you're in the middle of a phone call with your bank).

What has been discussed recently is that the in-band flow broke with Vanadium, since the MitID server-side form doesn't like it due to differences on the headers Vanadium sends. The app itself works, and you can authenticate normally if the request reaches it. So it's an inconvenience of not being able to use Vanadium when browsing to some websites that require MitID (minor concern, you can use a different browser for only those), nor using Vanadium as the default web browser because it is then used by all apps (bigger concern, if you want to use Vanadium for daily browsing).

Therefore, the current workarounds for using MitID app with GOS:

login to the websites using a different device (computer, another phone), scan QR code using app
when browsing in the phone, and need to authenticate, use a different browser for that website
when using an app in the phone, and need to authenticate
- do not set Vanadium as the default browser
- change the browser temporarily to another one, authenticate, and then change back

Croak3114

de0u

I'm curious... what happens if the system goes down for a few hours? Do people just freeze wherever they are and meditate?

Ever service uses their own relay server to validate requests, so its not possible to have a full wide-spread downtime by compromising some centralized service.

But this app or system is pretty much used in some own version across each Nordic country. In my case its used for approving invoices, login to the bank, transfer funds, sign electronic agreements, login to payment portals, order new SIM-cards, authenticate towards the government instance handling car registrations, Tax office, police online services, online healthcare services. And these are just the things off the top of my head.

Stores still accept cash, but its getting more and more rare.

Compromising the system is not really that big of a concern, it uses asymmetrical encryption. Your private key is encrypted by your local pin-code and generates a temporary secret to prove identity. This is then validated by the relay server from the service you are trying to authenticate to.

Its also worth noting that our implementation most likely isnt the same as the MitID one.

lbschenkel

Croak3114 Ever service uses their own relay server to validate requests, so its not possible to have a full wide-spread downtime by compromising some centralized service.

Is there more documentation somewhere about how this works? I'm confused about this statement, because although you do have the private part of the secret on your device, the relay server needs to verify the data coming from the client against the public part, and unless each relay has a copy/cache of everybody's public keys, then it must necessarily contact a central server, at the very least to fetch keys that it doesn't know about. What am I missing here?

de0u As an outsider, I'm curious... what happens if the system goes down for a few hours? Do people just freeze wherever they are and meditate?

Pretty much. But to be fair, in 10+ years I've never experienced an outage of the previous system (NemID) and the new one (MitID). If there was one, I was lucky enough not to need it while it was offline. Those are small countries with small populations, it's way easier to design and maintain systems that can cope compared to countries with much greater needs such as China, India, US, Brazil with 100+ million people and multiple timezones.

lbschenkel

Croak3114

Well, you're right that an attacker can't really steal your keys from the central server since the keys are local to each installation, but the central server is the canonical mapping between the public part of your keys and your real identity. If an attacker can somehow compromise their system and find a way to add a new public key for your account in there (whose private part they are in control of), then they can authenticate/sign stuff pretending they are you.

This would be functionally equivalent as stealing one of your private keys, since that by law the authentication/signatures you do with MitID are legally binding and have all the usual legal effects of a regular pen signature.

I'm sure that they have all sorts of secure logs and a digital "chain of custody" for keys (for a new key to get in there, it must be signed by another vouched key — yours or a certified attester's) but all this is assuming that everything is implemented perfectly and there are no bugs. We all know there is not such a thing, so in theory it could be done if somebody gets in and there are implementation/process flaws.

I'm not aware of any legal cases where someone went to court and repudiated some MitID authentication, claiming it was not them who did it. In that scenario it would be very interesting to see which kind of proof MitID would present to a court in terms of logs and chain of custody to prove that the person in question did indeed authenticate with a key that is in fact theirs.

Croak3114

lbschenkel Documentation is pretty sparse, you can find some example code but you have to piece it together mostly yourself.

you are correct, there are central lookup servers that the relay servers fetch public key information from, they have been ddosed in the past resulting in the entire system being inaccessible.

Croak3114

lbschenkel No they cant, that's not how asymmetrical encryption works. I can only speak for how its implemented in my country, but the scenario you described is fully impossible.

Relaks

Living in Norway, I can only comment on the service, that sounds more or less equivalent to MitId, called BankId. Outages for a few hours have occurred in the past. Moreover, I do not consider it inconceivable that some major technical issue, or even a coordinated cyberattack, would cause the BankId service to suffer longer downtime, perhaps for several days.

That would effectively block private individuals from accessing and communicating with public services and banks (organizations have other means of authentication). How likely this is I don't know, although to call it an impossible scenario is in all honesty, bordering on naivety. There is practically no offline backup service.

The Norwegian BankId app luckily has no issues on GrapheneOS, in my testing, except for their (non-phishing-resistant, and therefore useless) FIDO2 passkey implementation, but so far this is not necessary for anything.

I'm going to stop my semi-off-topic rant now, but want to express that this thread has been an interesting read, and I appreciate the efforts that has been made to convince MitId to patch their software, however fundamentally broken its very existence is.

lbschenkel

Croak3114

What? I know how asymmetrical encryption works. I am a professional software developer and I have implemented many systems using cryptography (including authentication schemes) for multiple companies.

You always have a private part and a public part. The public part is, well, public, and in real life the public key is not useful as an identity in itself so there is a mapping between a public key and some sort of identity (account, etc.). In the web that is a X.509 certificate binding the key to a domain name. In MitID the central server must necessarily map your public key to your real life identity (CPR number), otherwise they can't possibly know who is (as in: the person) authenticating.

Either the server fully maintains this mapping from public key to CPR number, or the client stores it but the central server must sign that mapping somehow for the client to store, because when the installation is first activated the client is not yet trusted, and it cannot simply claim it belongs to any particular CPR number. The client must send proof to the server (like the chip you can scan from your passport), or another party (like a bank or the government) has to vouch for it.

In both cases, the actual binding from the key to the identity happens at the server. It either stores the binding itself as a mapping by remembering which keys map to which CPRs, or sends the binding back to the client to store as a signed piece of data, or both.

It follows that if an attacker who manages to get the necessary access to MitID servers (inside job, implementation bugs), they could do the following:

if MitID stores the mappings centrally, manage to insert a new key->CPR mapping to their database where the key is the public key of the attacker-generated key pair and the CPR is the CPR of the victim
if MitID signs the bindings for the client, trick the server into signing a new key->CPR mapping (key=attacker, CPR=victim) for the attacker's client to store, which will be trusted later by the validation servers as it's a genuine binding signed by the official MitID server

Both cases would result in the attacker impersonating a specific person by enrolling a new key into their identity. You don't need to steal anybody's private key to do that.

No they cant, that's not how asymmetrical encryption works. I can only speak for how its implemented in my country, but the scenario you described is fully impossible.

This is mathematics, there's nothing country-specific about it. Fully impossible simply doesn't exist. The hardest part of cryptography is key management.

P.S.: And the simplest attack of all, is just the plain old denial-of-service: bring the servers offline and the whole country stops. Bonus points if the servers maintain the mappings, because if you find a way to delete the database then it's not enough to bring the service up again, the whole country needs to re-create their keys and re-activate.

« Previous Page Next Page »