Background information on the ID card security vulnerability and update process

On 30 August, an international team of researchers informed the Information System Authority (RIA) that they had discovered a security vulnerability in the chips of one of the world’s largest chip manufacturers. The same chips are used by Gemalto, a Swiss company producing the Estonian national ID card. The security vulnerability affects cards issued in Estonia as of autumn 2014.

The Information System Authority in cooperation with the Police and Border Guard Board and other partners has prepared a solution to address the security vulnerability. The relevant software can be used to update the digital components of the cards affected by the security vulnerability.

The need for certificate update concerns the following documents:

  • ID cards issued as of 16 October 2014
  • Residence permits issued as of 17 December 2014
  • Digi-ID cards issued as of 1 December 2014
  • E-residency cards issued as of 1 December 2014

Certificates of cards that are not used digitally do not have to be renewed.

The certificates can be updated until 31 March 2018.

ID cards issued as of 26 October already have the updated software and card owners do not have to update the certificates of these cards.

Certificates affected by the security vulnerability will be revoked as of 1 April 2018. If you have not updated your certificates by then but need to use your ID card digitally, you will have to apply for a new ID card.

Press releases


ASK FOR HELP

If you didn't find an answer to your question, send it to our team.



  • See instructions
  • Please estimate your ability to use the computer, so that we can provide you with the best guidance

         

  • Verification failed

How can we improve the article and be more helpful?
Send Close