Estonia said it intends to block the security certificates for 800,000 electronic ID cards because a flaw renders them vulnerable to malware.

On 31 October 2017, the Baltic state announced it would move against the security certificates of 800,000 ID cards at midnight the following day. The decision comes at least in part from the Information Systems Authority (RIA), which learned from researchers back on 30 August that all state-issued ID cards issued since October 2014 suffer from a vulnerability. Cards issued prior to October 2014 use a different chip and are therefore not affected.

Estonian Prime Minister Juri Ratas feels the move is necessary if the state is to protect more than half of its population against identity theft. As quoted by Yahoo! News:

“The functioning of an e-state is based on trust and the state cannot afford identity theft happening to the owner of an Estonian ID card. By blocking the certificates of the ID cards at risk, the state is ensuring the safety of the ID card. As far as we currently know, there has been no instances of e-identity theft, but the threat assessment of the Police and Border Guard Board and the Information System Authority indicates that this threat has become real.”

At this time, no details are available on the security flaw. Analysts at the RIA have discovered malware that’s capable of exploiting the weakness, reports Eesti Rahvusringhääling (ERR). Even so, government officials had not received any reports of identity theft connected to the ID cards by the evening of 2 November.

An example of a 2017-updated Estonia electronic ID card. (Source: Gemalto)

Estonian officials are asking that those with vulnerable ID cards update their security certificates remotely or by visiting a police and border guard service point. Approximately 35,000 (Read more...)