Language switcher

Estonian Information System Authority


In 2011, researchers identified a security vulnerability of the ID-card used in Estonia

The security vulnerability, which affected almost 120,000 ID-cards, meant that as a result of a certain attack vector, the card could be used to give the digital signature without knowing the PIN2. In order to conduct an attack, the attacker had to be in possession of the user’s ID-card and the ID-card had to be valid (losing a card is usually reported and the respective certificates are suspended or cancelled). There were no reports of abuse of such ID-cards and there still are none.