Text size




Study Summary Reveals No New Information Regarding ID Card

The material published this Monday regarding cryptographic vulnerability on a widely-used smartcard hardware chip does not contain new information regarding Estonian ID cards. The research summary circulated by an international team of researchers specifies the nature and impact of the theoretical vulnerability that the Information System Authority, Police and Border Guard Board and Ministry of Economic Affairs and Communications informed the public of in early September.

The research does not address the Estonian ID-card but focuses on a vulnerability in the firmware of cryptographic smartcards, security tokens and other secure hardware chips of a producer used globally. The researchers highlight that the fault was not discovered despite the products and solutions based on the problematic chip having been officially certified according to international standards. 

“The findings published today do not give the Police and Border Guard Board reason to suspend or revoke current certificates and we are moving forward with the plan to start updating the affected ID-cards in November,” said Margit Ratnik, the head of the Identity and Status Bureau of the Estonian Police and Border Guard Board.

The Estonian Information System Authority has spearheaded the effort to develop software enabling remote update of the electronic components of ID-cards, residence permits and digital-IDs. “At the moment, we are testing the application and have distributed test cards to digital service providers so they could assess, evaluate and test compatibility with their systems,” said Margus Arm, eID Domain Manager of the Estonian Information System Authority (RIA) and head of the respective task force.

ID card certificates can be updated from November 2017 until the end of March 2018. The users will need to download the most recent version of the ID-card software to the computer and follow the on-screen instructions. Certificates can be updated remotely and at the Estonian Police and Border Guard Board service points.

“Estonian ID-card and the corresponding digital solutions continue to be safe. As of today, we have no reports of digital identity theft,” said Margus Arm, the eID Domain Manager.

Research summary can be found at: https://crocs.fi.muni.cz/public/papers/rsa_ccs17. The researchers will present their findings at ACM CSS Conference in Dallas on 30 October 2017.

Topic: PKI

Added 16.10.2017

Back to page "News"