E-ID cards in Slovakia have serious security problem
This signature can subsequently be easily abused as it is equivalent to an ordinary signature and is often used to sign documents submitted to courts, or for the business register, distrainment proceedings and the transfer of properties, the Sme daily reported, Spectator reports.
The first to point to the errors was a team of Czech and Slovak cyber-security researchers from Masaryk University in Brno in the Czech Republic, who later published the details on the internet.
Meanwhile, the Slovensko.Digital association has also started a discussion about the topic.
Slovakia has issued about 2.5 million ID cards containing electronic chips, but only about 300,000, containing the certificates for e-signatures, are in danger, Sme wrote.
Two types of encrypted codes are used in an e-signature: a private and a public one.
The former is saved directly to the e-ID and is used to sign the documents.
The latter is part of any document the person has signed and is used to verify the signature.
The researchers found out that the cryptographic algorithm used in the ID cards is weak and it is possible to learn about the private code from a public one.
This concerns mostly the cryptographic algorithm RSA that is used together with a specific security chip made by German company Infineon, that generates the signature codes.
The researchers informed Infineon of their findings in February. ■