Though Slovakia is among countries with the quickest growth in digital economy, it is still struggling with the functionality of the electronic services its public authorities are offering.
Some 300,000 people will soon see their electronic signatures deactivated and replaced with more secure certificates. The signatures are part of their ID cards with electronic chips that were issued with a serious error.
The Interior Ministry replaces the certificates only after the public criticism of the original reaction that the problem is not as serious as it seems.
“We can only ask why the state did not stop the issuance of certificates immediately after it learned about the error or the first story had been published, without containing mathematical details about vulnerability,” Lukáš Kosno of the Živé.sk website told The Slovak Spectator.
Playing down the problem?
With its decision, the Interior Ministry is responding to reports that the qualified electronic signature may be stolen. The electronic signature is often used to sign documents submitted to courts, or for the business register, distrainment proceedings and the transfer of properties. This is possible due to the error revealed by a team of Czech and Slovak cyber-security researchers from Masaryk University in Brno in the Czech Republic in mid-October.
They found out that the cryptographic algorithm used in the ID cards is weak and it is possible to learn about the private code from a public one. This concerns mostly the cryptographic algorithm RSA used with a specific security chip made by the German company Infineon, which generates the signature codes. This means that not only Slovak eID cards, but also those in other countries using the certificates are in potential danger.
The researchers informed Infineon of their findings in February.
At first, the Interior Ministry responded to the problem on October 17 by saying that if people observe security rules they do not have to panic, and that the risk of a security problem is only theoretical.
Interior Minister Robert Kaliňák (Smer) even called on the public to hack his own e-signature on October 20. Following his statement, the Hacktrophy company published a call to hack his signature, offering a reward at €1,337, as reported by the HNonline.sk website.
2. Nov 2017 at 6:30 | Radka Minarechová