Infineon E-ID kaarten nu ook insecure, België geïmpacteerd?

ub4b
Elite Poster
Elite Poster
Berichten: 3134
Lid geworden op: 12 Jan 2006
Bedankt: 293 keer
Uitgedeelde bedankjes: 51 keer

Infineon E-ID kaarten nu ook insecure, België geïmpacteerd?

Berichtdoor ub4b » 17 Okt 2017, 00:10

https://it.slashdot.org/story/17/10/16/ ... vered-flaw

The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. The five-year-old flaw is also troubling because it's located in code that complies with two internationally recognized security certification standards that are binding on many governments, contractors, and companies around the world. The code library was developed by German chipmaker Infineon and has been generating weak keys since 2012 at the latest. The flaw is the one Estonia's government obliquely referred to last month when it warned that 750,000 digital IDs issued since 2014 were vulnerable to attack. Estonian officials said they were closing the ID card public key database to prevent abuse. On Monday, officials posted this update. Last week, Microsoft, Google, and Infineon all warned how the weakness can impair the protections built into TPM products that ironically enough are designed to give an additional measure of security to high-targeted individuals and organizations.


En dan deze:

https://www.esat.kuleuven.be/cosic/publ ... le-769.pdf

België gebruikt ook infineon als merk van chipkaart.

It is the smart card initializer that starts the key pair generations during the initialisation phase of the eID card. The smart cards are produced by Infineon (chip type SLE66CX322P) and are equipped with the JavaCard operating system of Axalto.


Zijn er crypto experten hier die meer weten?

lembregtse
Starter Plus
Starter Plus
Berichten: 28
Lid geworden op: 21 Jan 2010
Bedankt: 6 keer
Uitgedeelde bedankjes: 1 keer

Re: Infineon E-ID kaarten nu ook insecure, België geïmpacteerd?

Berichtdoor lembregtse » 17 Okt 2017, 07:43

Je kan je authenticatie en teken certificaat testen op https://keychest.net/roca.

Ik heb de mijne getest en die werden niet als kwetsbaar aanzien, waarschijnlijk zijn ze ondertussen dan van leverancier veranderd, aangezien je link spreekt over:

Currently, Belgium is introducing an electronic version of its identity card.


Dit lijkt me al redelijk oud.


Terug naar “Ander nieuws”

Wie is er online

Gebruikers op dit forum: Geen geregistreerde gebruikers en 2 gasten