Confusion reigns over crypto vulnerability in Spanish electronic ID smartcards

The impact of a recently discovered cryptographic vulnerability involving smartcards is causing issues in Spain similar to those previously experienced in Estonia.

RSA keys produced by smartcards, security tokens, laptops and other devices using cryptography chips made by Infineon Technologies are weak and crackable – and therefore need to be regenerated with stronger algorithms. The security weakness arises from faulty crypto libraries bundled with Infineon TPMs – AKA trusted platform modules. Vendors were given time to address the issue before security researchers went public last month.

The Estonian government suspended the use of the Baltic country’s identity smartcards earlier this month in response to a recently discovered flaw, as recently reported. Residents of the Baltic country will still be able to use smartphone equivalent of the technology to access government services and online banking. Use of eResidents cards was suspended until holders obtained new certificates.

Read more…
Source: The Register