An issue with Infineon’s secure hardware discovered a month ago has now left Spain with some difficult implications to deal with.
The chips made by the German manufacturer were found to have a flaw that allows the discovery of a target’s private key using their public key. It has been revealed that around 60 million of Spain’s DNIe ID cards use such chips, and Enigma Bridge CEO Dan Cvrcek said that attackers could exploit the chip’s flaw to invalidate contracts.
As reported by El Diario, authorities have already revoked all certificates issued since April 2015 as a response to the Infineon’s disclosure of the flaw. They have also suspended the use of the card for signing at self-service terminals found in police stations.