For the past two and a half months, Estonia has been facing the biggest security crisis since a wave of cyberattacks hit its banks and critical national infrastructure in 2007. At the heart of the current debacle is the latest version of its national ID card, which has been a mandatory identification document for citizens of Estonia since 2002 and serves as a cornerstone of Estonia’s e-state. The hardware behind the ID cards was found to be vulnerable to attacks, which could theoretically have led to identity thefts of Estonian citizens and also e-residents, something which its government has denied occurring.
… In October 2014, a new chip was introduced to the Estonian ID cards, provided by Netherlands chipmaker Gemalto. According to the Estonia’s Information System Authority (ISA), this new-generation chip was faster, based on the latest technology and, therefore, considered even more secure.
“The French and German security certificates for the chips confirm their compliance with all security requirements. The same chip is used in the identity card of several other countries, as well as bankcards and access documents,” explained the ISA.
In August this year a group of Czech researchers informed ISA of a security risk they had discovered, related to the Gemalto chips. Estonian experts started immediately assessing the risks.