Language switcher

You are here

Possible Security Vulnerability Detected in the Estonian ID-card Chip

On 30 August, an international team of researchers informed the Estonian Information System Authority (RIA) of a vulnerability potentially affecting digital use of Estonian ID cards issued since October 2014.

“Estonian experts assess there to be a possible security vulnerability and we will continue to verify the claims of the researchers,” said Taimar Peterkop, Director-General of RIA. “We have developed the primary solutions to mitigate the risk, and will do our utmost to ensure that the security of the ID-card.”

“Current data shows this risk to be theoretical and there is no evidence of anyone’s digital identity being misused,” said Peterkop. “All ID-card operations are still valid and we will take appropriate actions to secure the functioning of our national digital-ID infrastructure. For example, we have restricted the access to Estonian ID-card public key database to prevent illegal use.”

 The possible vulnerability affects a total of almost 750,000 ID cards issued starting from October 2014 (including cards issued to e-residents). ID cards issued before October 16, 2014, use a different chip and are not influenced. Mobile-ID-s also not impacted.

“The Estonian digital society relies on innovative technologies. Those new technologies provide good value and services to the public, but may also impose risks. We focus on detecting and mitigating those. This particular case is a good example of how scientific research can pinpoint issues to be solved,” said Taimar Peterkop, head of RIA.

Additional information »

More news on the same subject

27.05.2020

Due to scheduled maintenance, the use of ID-cards, Mobile-ID, and Smart-ID in e-services will be briefly unavailable

26.05.2020 – SK ID Solutions, the partner of the Estonian state in certification and time-stamping services, will be carrying out scheduled maintenance in its information system from 11 p.m. on 28 May to 5 a.m. on 29 May. Due to the maintenance works, the use of Mobile-ID and Smart-ID as well as time-stamping and validity confirmation services and giving digital signatures will be unavailable from 2 a.m. on 29 May.

12.05.2020

Cyber Security in Estonia 2020: A Comprehensive Look At The Estonian Cyber Landscape

11.05.2020 - The Estonian Information System Authority (RIA) has compiled a comprehensive overview of cyber security in Estonia. “Cyber Security in Estonia 2020”, available at ria.ee, explains the landscape, the responsibilities and activities of different public sector organizations in Estonia who all contribute to keep Estonians safe online. From setting up a cyber security standard to combating cyber crime to training military cyber defence operators, every agency has a vital role to play.