[hi-v-rocknroll]

Within the next couple of CCC there will be a talk: copying and cloning everyone's nearby DDL with a long range NFC attack.

On the balance, even Apple's implementation seems like a privacy invasion nightmare for the minor benefit of convenience of not having a wallet+phone case.

[sithadmin]

I haven’t read deeply into Apple’s standard for digital ID, but I would assume that it’s implemented the way contactless payment via Apple Pay/Google Wallet/other mobile wallets is — rolling tokens that are valid for a single transaction. Skimming attacks are also improbable given that you need to authenticate with FaceID or a passcode for every transaction. It’s not like the phone is constantly blasting out ID/payment card details.