Estonia has canceled its 760,000 of its national ID cards after researchers found a cryptography flaw they contain is “much worse” than they thought.
As Ars Technica reports updating original revelations about the cards’ vulnerabilities last month, hackers could potentially steal holders’ identities at a fraction of the original time and cost.
“There were no known incidents of an Estonian digital ID card being misused, but all previous certificates containing the vulnerability were suspended on Friday,” Kaspar Korjus, head of the country’s e-Residency scheme announced Friday.
Estonia’s cards are used for various state-related activities and are among those identified as compromisable by hackers.
“Large-scale vote fraud is not conceivable due to the considerable cost and computing power necessary for generating a private key,” Estonian authorities had said in an effort to calm the situation.
“We are deeply concerned by the statement… regarding the Estonian ID cards used for e-voting,” independent researchers wrote over the weekend.
“This statement appears to be based on the claim that breaking all 750,000 ID cards would cost 60 bln euros, which in turn is based on the claim that breaking one card would cost 80,000 euros. Actual attack costs are thousands of times lower…”
The problem is embarrassing for Estonia’s progress in digital identity, in which the country has been a leader for several years.