Estonian governments have determined to cancel and block over 760,000 national electronic ID cards because of a cryptographic flaw that could enable attackers to clone IDs and make fake identities.
The decision came after the discovery of a security issue in the Infineon-developed RSA library, the flaw could allow attackers decrypt private data or impersonate citizens. The issue is known as ROCA and has been discovered on October 16, 2017. The crypto issue affects TPM chipsets manufactured by Infineon.
People who have not had their IDs updated with new security certificates will no longer be able to use them to access some services.
Jevgeni Ossinovski, Estonian Minister for Health and Labour said:
“Our first priority is the protection of people’s health data, which is why blocking the certificates is the only conceivable option. Over the past two months, a lot of work has been done to ensure the functioning of health and social services even in the case of the closure of the ID certificates. However, some disruptions may occur in hospitals in the coming weeks, which is why we ask for understanding from patients – this step will protect your data,”
IDs with canceled certificates can be updated at the service points of the Police, which will be open on the weekend, also it’s possible to update the cards online.