Criminals could have theoretically made digital clones

The information security incidents department (CERT) of the State Information System’s Authority (RIA) received a letter Wednesday last that started a few hundred leading Estonian IT experts for a week and robbed more than one ministry executive of rest.

A group of international scientists from a European country described a series of four to five moves that could theoretically allow criminals to clone the identity of an Estonian ID-card-holder.

The scientists were not looking at the Estonian ID-card or even its technology, but rather at one of the chips manufactured by Swiss company Gemalto AG. While the chip in question has several applications, the lion’s share lie at the heart of Estonian ID-cards. The device is used in 750,000 ID-cards issued since October 16, 2014. That is when Estonia switched to a new ID-card chip based on latest technology that was faster and presumably safer. Both France and Germany issued security certificates for the new chip.

Let it be said right away that scientists have not managed to brake ID-card encryption but have only proved it to be possible in theory. The group did not hand CERT the entire equation; however, attached materials were sufficient to motivate local security experts to run simulations and contact the team of scientists.

It turned out that the vulnerability concerns a single element of the chip’s inalterable factory software. The weakness manifests when the chip communicates with software built around it for Estonia – whether for reading certificates, their verification, or digital signing.

To understand the complex problem, one needs to know that the digital identity of cardholders is made up of certificates that are in turn made up of public and private keys. It is probable scientists have now demonstrated that it is possible, using relatively modest computational capacity, to deduce the private key from its public counterpart in the digital certificate, which points to a fault in the way the pair of keys is generated by the chip.

No cause for concern for ordinary citizens

Manufacturer of the chips, Gemalto AG, told RIA that the scientists’ assessment of the base software vulnerability is correct. “If someone could clone a digital ID, they could theoretically use the ID-card for identification and digital signing without being in possession of the physical card or PIN numbers,” said technology adviser at RIA Mark Erlich.

Attempts to do so would mean hacking individual ID-cards that requires a lot of work. This means it is impossible to compromise all Estonian ID-cards at once. “Knowledge of the public key is not enough to hack the card – it would require great computational capacity to generate the private key and custom software with which to give digital signatures,” Erlich explained. Estonian ID-card software is not suitable as it requires the presence of the physical card in the card reader. A hacker without the card would have to overcome that obstacle as well.

To be able to sign something under someone else’s identity, hackers would have to break two keys – the one used for signing and the one for authentication.

The Police and Border Guard Board (PPA) closed the public keys database to manage risks yesterday. The database was used for sending encrypted files only the owner of the key could access.

An ordinary Estonian ID-card-holder has relatively little cause for concern. RIA is constantly receiving tips and signals of potential risks. Each one is analyzed, evaluated in terms of severity and feasibility, and primarily how much it would cost hackers to break a single card. “Tampering with ID-cards is extremely complicated and expensive; we do not know of a single case of it having been done,” Erlich said. “Cryptography is a game of probability. Every code can be broken in the future; however, the question is whether anyone is interested in dishing out a million euros to access a pensioner’s bank account or vote for the Reform Party under the assumed identity of the social minister at elections.”

ID-cards with the vulnerability number 750,000, and it is estimated that it would cost €60 billion to hack them all. This means that it would cost €80,000 to hack a single card. It is probable the group of scientists discovered a way to hack the card more cheaply than previously. “We evaluate the level of acceptable risk similarly to how private companies treat credit card security. We ask: what is the theoretical extent of the breach,” said head of the eID department at RIA Margus Arm.

He added that while the price of sheer computational capacity is falling, cryptographic analysis of how to go about the problem remains expensive. “It is so unique that we do not perceive any realistic threat. The danger remains mathematical,” he said.

Analysts told Postimees yesterday that hacking a person’s ID-card just to steal their identity would not pay. Realistic use of the vulnerability would have to be a coordinated attack on Estonia’s reputation.

Solution to be crafted

The fault in the chip’s software cannot be remedied. It can, however, be bypassed. “We are currently working on software that would bypass the problem and in which case the vulnerability does not materialize,” Arm said.

The new application for managing and generating keys should be completed inside the next two months. Cardholders will then have to update their cards with the software and generate new certificates. It will not be necessary to replace ID-cards.

Margus Arm said that Gemalto has not notified the state of intent to manufacture newer chips with better software. That is why Estonia will have to create new ID-card applications to overcome the problem. “Sleep has been scarce since Thursday,” Arm said. “We spent the weekend working, and we’ll continue until we get it done. The estimate by which everything should be fine again is two months.”

Prime Minister Jüri Ratas said all Estonian digital signatures will remain valid everywhere in the EU, and that even officials with access to state secrets have not been instructed to avoid using their ID-cards. Finding the solution will not want in terms of funding; all necessary resources will be provided.