Kurat võtku! Estonia identifies security risk in almost 750,000 ID cards

The Estonian government has discovered a security risk in its ID card system, potentially affecting almost 750,000 residents.

“When notified, Estonian authorities immediately took precautionary measures, including closing the public key database, in order to minimise the risk while the situation can be fully assessed and a solution developed,” according to an email by Kaspar Korjus, managing director of e-Residency, to users.

The government said the security risk is still theoretical and is not aware that anyone’s digital identity has been misused. The use of an ID card is still safe for online authentication and digital signing.

ID cards issued before October 16, 2014, use an alternate chip and are not affected, nor are mobile-IDs.

In a statement Taimar Peterkop, director general of the Estonian Information System Authority, said: “According to the current assessment of Estonian experts, there is a security risk and we will continue to verify the scientists’ claims.”

Gareth Niblett, a security consultant holding Estonian residency, said this is not the first time there have been issues with the e-ID card.

“Last year a number of cards and certificates had to be reissued due to how Google Chrome did certificate validation checks and also a migration to SHA-2. This makes me confident that they will manage to deal with this issue too.”

Estonia has often been positioned as a poster boy for digital government, with all residents interacting with the state online via the country’s ID card system.

Read more…

Source: The Register