EIDAS is a pretty complicated one system for secure management of electronic transactions and digital signatures between EU Member States, citizens and operational.
The eIDAS system was created in 2014. It is very useful because it allows EU governments, citizens, and businesses. conduct valid cross-border electronic transactions, regardless of country of origin.
The eIDAS-Node is the software that Europeans run users to servers for them to be able to do the transactions.
Therefore, any error in the software could cause many problems, since attackers could take advantage of it and violate digital transactions (eg tax payments, bank transfers, shipping of goods).
SEC Consult security researchers recently said they discovered two such errors that allowed hackers present themselves as European citizens or businesses.
According to the researchers, the software could not validate the certificates used in eIDAS transactions. So criminals could to falsify the certificate of any other citizen or business of eIDAS.
The attackers could access a Member State's eIDAS-Node server and use fake certificates during the initial authentication process.
Investigators conducted tests and found that the attack was feasible.
The European authorities have been informed of the vulnerabilities and a new update of the eIDAS-Node software has been released today. All Member States are urged to update their systems to avoid possible attacks.
How useful was this post?
No votes so far! Be the first to rate this post.
The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by
Adwind trojan malware returns more dangerous than ever!
Greek
Arabic
Chinese (Simplified)
English
French
German
Italian
Russian
Comment Policy:
SecNews.gr does not immediately post comments. Malicious comments, comments that include ads, or comments with insults are deleted without any warning. We do not endorse the views expressed by our readers.