New ID card issue: Codes can be read using torch, without opening envelope

The new ID cards were introduced in early December 2018.
The new ID cards were introduced in early December 2018. Source: Siim Lõvi/ERR

A cyber security expert has found a new problem with Estonia's ID cards, this time connected to the way the four and five-digit PIN codes reach the card's user. This time the issue is very much low tech: when holding a common torch against the code envelope, the numbers become visible.

The problem is so simple and obvious, it is bound to be overlooked by authorities concentrating on all sorts of technological issues. As it turns out, the paper used for the code envelopes isn't thick enough.

As cyber security expert Martin Paljak demonstrated on his website, all that is needed is a common torch to shine through the envelope, and the codes are easily readable. Even some smartphones do the trick, daily Postimees wrote on Thursday.

There are two PIN codes in each envelope. One is used to access online services of the state, banks and so on, the other, a longer five-digit code, is used to digitally sign contracts and other documents.

Paljak made his experiment with the code envelope of the most recent issue of Estonia's ID card, produced no longer by Gemalto, but by French company Idemia, which means that the problem affects anyone receiving the new ID card introduced just weeks ago.

Download the ERR News app for Android and iOS now and never miss an update!

Editor: Dario Cavegn

Hea lugeja, näeme et kasutate vanemat brauseri versiooni või vähelevinud brauserit.

Parema ja terviklikuma kasutajakogemuse tagamiseks soovitame alla laadida uusim versioon mõnest meie toetatud brauserist: