A few days ago it was published a serious vulnerability in one of the encryption mechanisms that fully affects the NID- and we ‘use’ in Spain. I put the ‘we’ in quotes because… how many of you use it? That’s why we use it. There’s never been enough publicity or push to use the NID- e and there are many places that support it. but if we add to the lack of advertising the complexity of installation and use and the impossibility of using it from a tablet or mobile phone (there are fewer and less computers in the houses, but we will talk about that at another time),
makes only a few people use it and for a few services. With the NID- e can, for example, access your bank’s website without the need to enter username and password, or request a registration certificate, or make the income statement (which is the only thing I used it for), check your driver’s license points and even pay a fine… a lot of paperwork with the administration and all that without moving on your computer, huh? Moreover, when the current version came out, they said that the version of the chip that included, would in future allow for the integration of the driver’s license and the tarj
The health care system within the same DNI- e… that does seem like an advance to me!
What is vulnerability?
I’ve already lost it… if you can get me. The point is, a few days ago, a vulnerability called ROCA (click here if you want to know technically what this vulnerability is about) which affected one of the encryption mechanisms used by the INN-e, which has made that since Government has deactivated the NID- e as a preventive measure to avoid risks to users. The vulnerability in question, p
it is possible to recover the private key (unique to each NID- e) knowing the public key, which is common and available to any that you want to unload it… which seems very serious, right?, and in fact it would be but because in Spain you don’t use or The Tat the NID- e, so even though the government has deactivated it, there has been almost no one affected by this deactivation.
This vulnerability does not affect only the NNN- and because, as we have already commented, it comes from one of the encryption mechanisms, so There are many more devices exposed… for example, all those who use a TPM chip to store passwords and keys at hardware level (servers, laptops, ATMs, ECUs in cars…), so we’ll soon see some kind of attack related to this vulnerability.
And what can we do now to protect our NID- e?
Well on this occasion There’s nothing we can do as users.: there is nothing to install or application to download, router to update, or secure password to generateWe just have to wait… on the one hand for the real impact of this vulnerability on the NND to be assessed and on the other, for some solution to be implemented that allows us to continue using the device.
Once resolved, We are sure to pass through one of the points or Commissioners that have the machines for the management of the certificates in the NND and to update the certificates or generate new ones that will allow us to continue operating normally, I will let you know here by updating the entry when there is a solution.
Update to day 04 / 12 / 2017: The official INND website has published an update of the news saying that The NND problem has already been solved.… yes, that’s good, but just as we thought. We go through the nearest Update Point and generate new certificates. I’ll do it in the next few days, so if any news comes up, I’ll go.
containing:)