A cyber security expert has found a new problem with Estonia's ID cards, this time connected to the way the four and five-digit PIN codes reach the card's user. This time the issue is very much low tech: when holding a common torch against the code envelope, the numbers become visible.
The problem is so simple and obvious, it is bound to be overlooked by authorities concentrating on all sorts of technological issues. As it turns out, the paper used for the code envelopes isn't thick enough.
As cyber security expert Martin Paljak demonstrated on his website, all that is needed is a common torch to shine through the envelope, and the codes are easily readable. Even some smartphones do the trick, daily Postimees wrote on Thursday.
There are two PIN codes in each envelope. One is used to access online services of the state, banks and so on, the other, a longer five-digit code, is used to digitally sign contracts and other documents.
Paljak made his experiment with the code envelope of the most recent issue of Estonia's ID card, produced no longer by Gemalto, but by French company Idemia, which means that the problem affects anyone receiving the new ID card introduced just weeks ago.
Editor: Dario Cavegn