To be able to sign something under someone else’s identity, hackers would have to break two keys – the one used for signing and the one for authentication.
The Police and Border Guard Board (PPA) closed the public keys database to manage risks yesterday. The database was used for sending encrypted files only the owner of the key could access.
An ordinary Estonian ID-card-holder has relatively little cause for concern. RIA is constantly receiving tips and signals of potential risks. Each one is analyzed, evaluated in terms of severity and feasibility, and primarily how much it would cost hackers to break a single card. “Tampering with ID-cards is extremely complicated and expensive; we do not know of a single case of it having been done,” Erlich said. “Cryptography is a game of probability. Every code can be broken in the future; however, the question is whether anyone is interested in dishing out a million euros to access a pensioner’s bank account or vote for the Reform Party under the assumed identity of the social minister at elections.”
ID-cards with the vulnerability number 750,000, and it is estimated that it would cost €60 billion to hack them all. This means that it would cost €80,000 to hack a single card. It is probable the group of scientists discovered a way to hack the card more cheaply than previously. “We evaluate the level of acceptable risk similarly to how private companies treat credit card security. We ask: what is the theoretical extent of the breach,” said head of the eID department at RIA Margus Arm.
He added that while the price of sheer computational capacity is falling, cryptographic analysis of how to go about the problem remains expensive. “It is so unique that we do not perceive any realistic threat. The danger remains mathematical,” he said.
Analysts told Postimees yesterday that hacking a person’s ID-card just to steal their identity would not pay. Realistic use of the vulnerability would have to be a coordinated attack on Estonia’s reputation.
Solution to be crafted
The fault in the chip’s software cannot be remedied. It can, however, be bypassed. “We are currently working on software that would bypass the problem and in which case the vulnerability does not materialize,” Arm said.
The new application for managing and generating keys should be completed inside the next two months. Cardholders will then have to update their cards with the software and generate new certificates. It will not be necessary to replace ID-cards.
Margus Arm said that Gemalto has not notified the state of intent to manufacture newer chips with better software. That is why Estonia will have to create new ID-card applications to overcome the problem. “Sleep has been scarce since Thursday,” Arm said. “We spent the weekend working, and we’ll continue until we get it done. The estimate by which everything should be fine again is two months.”
Prime Minister Jüri Ratas said all Estonian digital signatures will remain valid everywhere in the EU, and that even officials with access to state secrets have not been instructed to avoid using their ID-cards. Finding the solution will not want in terms of funding; all necessary resources will be provided.