The European authorities have today released one patch for the eIDAS system, which is the abbreviation for electronic IDentification, Authentication and trust Services. The new patch fixes two major errors security. Hackers could use errors to represent themselves as European citizens or business representatives and make them illegal transactions.
The eIDAS system was created in 2014. It is very useful because it allows EU governments, citizens, and businesses. conduct valid cross-border electronic transactions, regardless of country of origin.
Therefore, any error in the software could cause many problems, since attackers could take advantage of it and violate digital transactions (eg tax payments, bank transfers, shipping of goods).
SEC Consult security researchers recently said they discovered two such errors that allowed hackers present themselves as European citizens or businesses.
According to the researchers, the software could not validate the certificates used in eIDAS transactions. So criminals could to falsify the certificate of any other citizen or business of eIDAS.
The attackers could access a Member State's eIDAS-Node server and use fake certificates during the initial authentication process.
Investigators conducted tests and found that the attack was feasible.
The European authorities have been informed of the vulnerabilities and a new update of the eIDAS-Node software has been released today. All Member States are urged to update their systems to avoid possible attacks.