Electronic DNIs disabled due to failures in their digital signature
The electronic DNIs issued since April 2015 have been deactivated indefinitely due to a failure in the public key used by the digital certificate functionality.
The possible vulnerability would be caused by an incorrect implementation of the Infineon library, used among others by the DNI issued in Spain. The known vulnerability could be exploited to obtain, through the factorization of the public key of the RSA algorithm, the private key of the smart card. This type of vulnerability is also known as ROCA and can allow an attacker to impersonate the virtual identity of the owner of the affected smart card.
In addition to Spain, other countries of the European Union such as Estonia and Slovakia have been affected. The authorities are already working to provide a solution. At the time it is available, the owners of the affected DNIs must renew them.
Update 01/12/2017]: The National Police informs that the electronic DNIs that had been deactivated due to a security problem related to their digital signature have been activated again. Holders may update the certificate in the Documentation Offices without having to make an appointment.
-
09/11/2017eldiario.es
-
09/11/2017politica.elpais.com
-
10/11/2017pandasecurity.com
-
01/12/2017europapress.es