Vulnerability in electronic passports of Estonian residents forced the authorities to temporarily cancel their action for 760 thousand. a person, that is, for half of the country's population. For all affected documents, you will have to change the security certificates. It can be done online, but in the weekend the service created for this was constantly falling under the influx of visitors.

Lock, not to steal.

Inhabitants of Estonia tested last weekend serious problems with electronic passports. The authorities decided to cancel passports at once 760 thousand people, that is, half of the country's population. This is due to the vulnerability found in early autumn in chips used in electronic passports. The exploitation of this vulnerability allows attackers to commit "identity theft".

To avoid this, the authorities decided to "freeze" all electronic passports issued between October 16, 2014. and on October 25, 2017. Until users update their certificates for them.

Electronic identification documents are used to communicate with all sorts of online services, including banks and government agencies. Over the past weekend, the use of electronic passports was difficult or even impossible.

Service for updating certificates for them regularly fell under the onslaught of visitors, and as a result, for the general public, it was also closed: the service remained accessible only to physicians and "most active users".

As a consequence, at the end of last week there were many people in police stations and other state institutions.

The problem of a single producer.

The problem with the chip affected not only Estonian passports: vulnerability was the result of a mistake made by the manufacturer - the Swiss company Gemalto; affected and many other information systems that use the same chip.

In turn, the authorities of Estonia assure that no incidents related to the exploitation of this vulnerability have been observed, although it is known that the vulnerability affected all electronic documents released into circulation at the end of 2014. and later.

"The functioning of e-government is based on trust, and the state can not tolerate identity theft of owners of electronic passports. As far as we know at the moment, there have been no examples of this, however, after assessing the threat, the police, the Border Management Department and the Information Systems Management consider the risk to be significant. Blocking certificates of electronic passports, the state ensures their safety, "- said in a statement of the country's Prime Minister Juri Ratas (Juri Ratas).

Those who managed to previously authorize their electronic passports with the help of the mobile Smart-ID application, the possibility to use bank and state online services has remained, however, they will have to change their certificates - until March 2018.

"Digitalization of document circulation and nationwide e-government programs inevitably entail numerous security risks," notes Roman Ginatullin, an expert in information security at SEC Consult Services. "But in general, the transfer of personal documents - rights, passports and so on - into digital format improves their protection against attempts to forge".