Estonia plans to block access to the country’s vaunted online services for 760,000 people from midnight on Friday to fix a security flaw in some of the Baltic country’s identity smartcards that was identified earlier this year. Estonia is seen as a leader in providing government services online and has championed the issue within the European Union in recent years, and the security issue leaves it with its much-touted digital IDs in an awkward position. A nation-wide online identity system allows citizens access to most government and private company services via the web, including banking, school reports, health and pension records, medical prescriptions and voting in government elections. But Estonia’s online ID service ran afoul of an encryption vulnerability identified by researchers earlier this year that exposes smartcards, security tokens and other secure hardware chips made by the German company Infineon.
Infineon said last month it had resolved the problem, but the fix still means cards and equipment need to be updated. Both the Estonian government and Infineon have said there are no signs the security flaw had been exploited.
The Estonian online services would be blocked for affected digital IDs until they renewed certificates incorporating the fix, the Estonian government said in a statement.
Full Article: Estonia orders online ID lock-down to fix security flaw.