|
|
|
|
|
|
by nirv
3214 days ago
|
|
|
Roughly quoting from the FAQ featured today in local press[1]: Q: Is the white paper published? Can anyone use it for hacking the ID card? A: The scientific research will be published later this autumn at an international scientific conference. Within the academic community it is not accepted to publish specific exploitations. [1] http://www.err.ee/616783/id-kaardi-turvarisk-politsei-vastus... |
|
|
"Theoretically, an ID-card can be used for person identification and digital signing - without having a card and not knowing PIN-codes. It is not enough to know public keys to crack the ID-card, an attacker would also need a lot of processing power to compute the private key and special software to put a digital signature."
"In October 2014 ID-cards began to use a brand new faster chips, which are based on new technology and therefore more secure. That new chip has received French and German safety certificates, which confirm the compliance of the chip with safety requirements. The same chip is currently used in several other countries, as well as on payment cards and business certificates. The vulnerability risk arose due to the combination of chip operation and software."
"We took a number of steps to minimize risks: closed the ID-card public key database, our experts analyze the situation and are looking for a solution to restore the highest security level."