> Very vague on details. No links to exact researchers or their findings.
That's the whole point. When you are dealing with a major security incident (anything impacting a countries ID cards would count), one of the first things you should do is tell the world that something is happening and the steps you took to stop the bleeding.
Roughly quoting from the FAQ featured today in local press[1]:
Q: Is the white paper published? Can anyone use it for hacking the ID card?
A: The scientific research will be published later this autumn at an international scientific conference. Within the academic community it is not accepted to publish specific exploitations.
"Theoretically, an ID-card can be used for person identification and digital signing - without having a card and not knowing PIN-codes. It is not enough to know public keys to crack the ID-card, an attacker would also need a lot of processing power to compute the private key and special software to put a digital signature."
"In October 2014 ID-cards began to use a brand new faster chips, which are based on new technology and therefore more secure. That new chip has received French and German safety certificates, which confirm the compliance of the chip with safety requirements. The same chip is currently used in several other countries, as well as on payment cards and business certificates. The vulnerability risk arose due to the combination of chip operation and software."
"We took a number of steps to minimize risks: closed the ID-card public key database, our experts analyze the situation and are looking for a solution to restore the highest security level."
That's the whole point. When you are dealing with a major security incident (anything impacting a countries ID cards would count), one of the first things you should do is tell the world that something is happening and the steps you took to stop the bleeding.
The information will come =]