Main section
RSA vulnerability with Infineon smart cards - situation SwissSign
Recent press releases (e.g. https://crocs.fi.muni.cz/public/papers/rsa_ccs17, https://www.heise.de/security/meldung/Hunderttausende-Infineon-Sicherheits-Chips-weisen-RSA-Schwachstelle-auf-3864691.html) outline that various smart cards currently have a security vulnerability with Infineon technology. The SuisseID and the organization certificate on SmartCard also rely on Infineon chip technology.
Our card manufacturer informed us that the ATOS CardOS 4.x cards and card reading systems used by SwissSign are not affected. The vulnerability mainly affects cards of the CardOS 5.x generation which still under evaluation at SwissSign.
In addition, there is the possibility for everyone to find out via the link https://keychest.net/roca whether the vulnerability affects the card. If you have any further questions, please do not hesitate to contact us also for a certificate of safety from our card manufacturer.