Bad RNGs in Estonian ID cards
Did you know, every Estonian ID card had to be reprogrammed when a major security flaw in the way they implemented randomness was discovered in 2017, allowing them to be hackable.
The secret keys that ensure the security of the ID card are vulnerable to being identified, by factorising the 2048 bit number used by the card. Some cards were vulnerable to an attack known as Coppersmith’s attack. Not all cards were easily hackable, but they could be tested. This public key test determined whether or not they were susceptible to such an attack within a fraction of a second. This then allowed hackers to only spend time on cards which could be easily cracked.