Estonia has rendered more than 760,000 national electronic ID cards useless after a cryptographic flaw was uncovered in the smartcard technology.
Estonian authorities found that cyber criminals have been able to tap into a flaw that allows them to clone the cards and commit identity fraud.
The vulnerability, known widely as ROCA, was discovered on 16 October 2017. Affecting chipsets made by Infineon, the flaw allows crooks to steal private RSA keys.
It's affected a range of devices that use these chipsets, including widely used laptops, routers, Internet of Things devices and smart cards.
These cards are used throughout the country, and in August 2017, security specialists identified a threat affecting more than 750,000 of them issued between October 2014 and 2017.
Estonian organisations have attempted to issue a patch through a certificate update, but the government has since issued a ban on the cards.
Researchers in the country contacted Infineon and companies using chipsets for cryptographic data, and one of them was technology company Gemalto
The Swiss company owns Trub AG, which was the original firm to manufacture and distribute the national ID card system.
Over the past few months, the authorities have been working to find a remedy and inform members of the public about the problem. From today, the public must update their cards.
Over the next few weeks, Estonians should visit local authorities to replace the cards. And more than 35,000 public servants and government officials will be given priority when updating their cards.
The cards are used for filing taxes, managing healthcare information and other government-related purposes. Estonian Police issued the block on Friday, 3 November.
The country's prime minister, Jüri Ratas, said: "As far as we currently know, there has been no instances of e-identity theft. "By blocking the certificates of the ID cards at risk, the state is ensuring the safety of the ID card."
Claims to have "the most competitive logic density" in the industry
Dell's high-end mobile workstations upgraded with Intel Coffee Lake CPUs
Webstresser admins were also arrested in the UK, Croatia, Canada and Serbia
Security firm claims that 117,638 sites out of 135,035 analysed contain serious security flaws