In the past few weeks it’s come to light that almost 60% of an entire nation was vulnerable to ID theft due to a bug affecting Infineon TPM chipsets. The flaw was first acknowledged three weeks ago, but it was said it would be very expensive to exploit.
Since then, the Estonian government has suspended 58% of its citizens’ ID cards after scrambling to notify the 760,000 people affected. It’s left nearly half the population unable to perform tasks such as filing taxes or managing their healthcare – or any other instance where they would need to be authenticated with the card.
The ID cards use Public Key Cryptography in which two keys are used to decrypt the data on it. One key is public which means anyone can have access to it and the other is private. Only owners can access the private key. In this instance, it was found by researchers that the private keys being generated were weak, making it subject to hacking. By being able to determine which private key corresponds with the public key, would make it easier for attacker to clone ID cards or forge identities.
This incident clearly demonstrates how security is only as strong as the encryption in use. If weak keys are being generated, then there’s little to no point in having it in the first place. As computing power becomes stronger and quantum computing takes off, encryption will also have to get stronger. Quantum computers are not science fiction anymore. There is growing evidence that intelligence agencies are working on prototypes that allow them to crack currently safe algorithms. In the near future, the most important of our secure encryption algorithms could become obsolete, a potential nightmare scenario for data protection efforts.
Organizations need to look for solutions that are future-proofed today. Which is why at eperi, we’re providing the strongest encryption on the market to customers.