Spectator on facebook

Spectator on facebook

E-ID cards have serious problem

Some signature codes could potentially be abused, but the Interior Ministry stresses the risk is still only theoretical.

Illustrative stock photo(Source: SME)

Slovakia’s electronic ID cards have been issued with a serious security error, thanks to which the qualified electronic signature may be stolen, according to publicly available data.

This signature can subsequently be easily abused as it is equivalent to an ordinary signature and is often used to sign documents submitted to courts, or for the business register, distrainment proceedings and the transfer of properties, the Sme daily reported.

The first to point to the errors was a team of Czech and Slovak cyber-security researchers from Masaryk University in Brno in the Czech Republic, who later published the details on the internet. Meanwhile, the Slovensko.Digital association has also started a discussion about the topic.

Slovakia has issued about 2.5 million ID cards containing electronic chips, but only about 300,000, containing the certificates for e-signatures, are in danger, Sme wrote.

Codes can be calculated

Two types of encrypted codes are used in an e-signature: a private and a public one. The former is saved directly to the e-ID and is used to sign the documents. The latter is part of any document the person has signed and is used to verify the signature.

The researchers found out that the cryptographic algorithm used in the ID cards is weak and it is possible to learn about the private code from a public one. This concerns mostly the cryptographic algorithm RSA that is used together with a specific security chip made by German company Infineon, that generates the signature codes. The researchers informed Infineon of their findings in February.

The error impacts chip cards across the world. An attack on Slovak e-ID cards is more difficult as there is no public register of the public signature codes of citizens. This means that the attackers would have to obtain the codes in a different way, for example, from signed documents that can be found on the internet, Sme wrote.

Ministry responds

Slovakia’s Interior Ministry meanwhile said that people observing security rules do not have to panic. The risk of the security problem is still only theoretical and would require the long-term use of 640 servers during one year. The ministry also stressed that all certificates issued by respective authorities are still valid.

“But we are working on solutions to eliminate the potential abuse,” the ministry wrote in a press release.

It also stressed that for now people do not have to change their e-ID cards.

The processing of personal data is subject to our Privacy Policy and the Cookie Policy. Before submitting your e-mail address, please make sure to acquaint yourself with these documents.

Topic: IT


Top stories

Vallo: I will face up to the people no matter what

The new Bratislava mayor has four broad priorities to accomplish.

Matúš Vallo discusses the municipal elections at the SME daily.

Slovakia has many skilful people. Students should meet them

The new project by the Pontis Foundation tries to motivate young people through stories of successful business people.

The presentation of This is 21 project

Fico sticks with his old-style politics

Only the former PM knows whether the inspiration for his latest stunt was the success of the For A Decent Slovakia-supported candidates in the municipal elections.

UPDATED: Denník N: Danko is a plagiarist

The daily analysed the thesis identical to that of Parliament's Speaker Andrej Danko to find it was copied from textbooks. Danko does not plan to resign, he wants to wait for the stance of a special commission.

Speaker of Parliament Andrej Danko