Archive: September, 2018

Obscurity in the Swedish BankID

The Swedish BankID is a digital authentication and signature framework. As mentioned in a previous post it has been a huge success.

So why complain? I do complain because, as BankID has become ubiquitous in all kinds of Swedish internet services, it has set a dubious standard. BankID contains elements of security by obscurity that abuses the rights of the general public. The obscurity is not limited to technicalities. It also involves legally questionable practices that have become de facto standard.
Continue »

Update: BankID Security Hole Patched

A previous post described a security hole used for big-time fraud abusing the Swedish BankID.

The company behind BankID, Finansiell ID-Teknik AB, announces a remedy, available immediately.
Continue »

The Gaping Security Hole in Swedish BankID

The Swedish BankID, a digital authentication and signature framework, is a huge success. Even with the small (10 M) population of Sweden, the number of authentications runs into billions annually.

However, unfavourable publicity recently hit BankID. A number of very public big time fraud convictions broke the hush-up wall that banks traditionally build around their security. All of a sudden customers of banks and financial institutions were flooded with information on how to handle their BankID in order to protect themselves.

Can BankID really be broken? A “yes” seems obvious, but, well, not exactly.
Continue »