Estonia freezes resident ID cards due to security flaw | Critical Infrastructure Protection Review

Estonia freezes resident ID cards due to security flaw

Estonia’s residents use their mandatory national IDs to access pretty much anything, from online banking to online voting. So, it was a huge blow to the program when experts found a security flaw in the chip the ID used that makes it possible for bad players to impersonate and steal the identities of all 760,000 affected individuals. That might not sound like a huge number, but that’s half the small country’s population. Now, the country has blocked most of its residents from accessing all its online services for a weekend, so it can go in and and fix the vulnerability.

All ID cards issued from October 2014 to October 25th, 2017 will be frozen until their owners apply for updated certificates with the fix. They can do that online, but the online service kept crashing over the past week, leading people to flock to police stations and other government offices to get their IDs updated. For now, only medical professionals and the most frequent users will be able to apply for updated certificates online, but Estonia will open up the system to the public again on Monday.

Reports about the IDs’ security flaw started going around in early September, when researchers found the flawed chips. (It was an issue with the manufacturer that affected its other chips and computer systems clients around the globe.) According to the ID program’s managing director, though, there are “still no known incidents of an Estonian digital ID card being misused.” Even so, officials still decided to suspend residents’ cards, since the threat has recently been elevated. Those who were quick enough to authenticate their identities with the Smart-ID app before their certificates were suspended can still use the country’s online services. However, they still have to act fast: the government is only giving people until March 2018 to update their certificates.

Read more…
Source: Engadget

Related story: Flaw crippling millions of crypto keys is worse than first disclosed