The Police have deactivated the digital certificate function of electronic DNIs issued since April 2015. How to know if you are among those affected and what to do?
The Police have deactivated the digital certificate function of electronic DNIs issued since April 2015 to strengthen its security, after a study by a Czech university warned of its possible vulnerability. The deactivation is temporary, but it is the first time such a measure has been taken. How to know if it affects you and what you should do if it does?
The possible flaw is being analyzed by the Spanish Certification Authority, according to the General Directorate of Police, which has begun to modify the functionalities of those documents to ensure “the highest security and confidentiality in the use of electronic authentication and signature in Spain”.
The documents that may be affected are those with a support number after ASG160.000 that were issued from April onward 2015. How to know if your DNI is among those affected? In addition to the issue date, you only need to look at the number that appears below the Date of Birth, the 'IDESP'. If a number higher than the indicated one appears in that section, 'ASG160.000', then it is confirmed: the digital signature of your document has just been suspended.
What does it mean that the digital signature has been suspended?? Basically, you won't be able to carry out the digital procedures you used to perform to authorize or sign documents electronically.. That ID card is still valid as a method of identification and as a travel document for traveling to EU countries.: Nothing changes on that front.. But if you are one of those who, for work or any other activity, frequently used the digital certificate functions,, it would be best to renew it right now.. The new ID cards issued will not have the security flaw present in those issued since April. 2015.
According to the Police,, until in “the near future,” the necessary technical solutions are not implemented, The functionality of digital certificates in the current DNIe will be deactivated. When they are available, it will be the holders who will have to go directly to update them at the Documentation Offices.
The security issue was recently detected and lies in a code used for encryption keys utilized in many digital certification systems, such as national identification documents of multiple countries. Estonia warned of the risk last September when it stated that 750.000 its electronic ID cards could be vulnerable to attacks. The country closed the public key database of the document to prevent problems. Now it is Spain that has had to take measures.
The flaw could, For example, permitir a ‘hackers’ robar la identidad de cualquier ciudadano con un DNI afectado, espiar los documentos que ha firmado con él o infectar con ‘malware’ software de idenficación y certificación digital. Now, de momento, y de forma temporal, el fallo está atajado en nuestro país. Está por ver si la medida se ha tomado demasiado tarde.
Fountain: El Confidencial