Ethical hackers are looking for information security gaps in Suomi.fi services - the digital identity application also under testing
The Digital and Population Data Services Agency has invited ethical hackers to look for shortcomings in the information security of the Suomi.fi Web Service and the digital identity app. The Bug Bounty program for the Suomi.fi Web Service will last for six months. The security of the digital identity service is tested by hackers for one day.
– We are well aware that digital services are constantly targeted by criminals. It is very useful to collaborate with ethical hackers who carry out security tests, says Pekka Ristimäki Head of Information Security at the Digital and Population Data Services Agency.
Hacking during the program and hack day does not compromise the security of the system. On the contrary, a large group of testers enables more extensive testing and efficient identification of potential vulnerabilities.
Suomi.fi information security tested with hackers for six months
On 31 October 2022, the Digital and Population Data Services Agency launched the bug bounty program, which looks for possible information security vulnerabilities in the Suomi.fi Web Service. The program tests the Suomi.fi Web Service, including the Suomi.fi e-Identification and the Suomi.fi e-Authorizations interface.
Suomi.fi is an online service that collects public services and guidelines for people at different stages of their lives. You can also use Suomi.fi to check your own data in the registers of different authorities, receive official mail electronically and grant and request rights to act on behalf of another person or company. Suomi.fi is developed by the Digital and Population Data Services Agency.
Hackers test digital ID security on November 12
The Digital and Population Data Services Agency will organise a hack day on 12 November 2022. During the hack day, hackers target electronic identification services that use the digital identity card.
The Digital and Population Data Services Agency is developing a mobile application for digital identity (Suomi.fi wallet). The application allows you to use a digital ID. The introduction of a digital identity card requires amendments to the legislation, and the bill is now being discussed by Parliament. The Act and the use a digital identity card are intended to enter into force on 1 September 2023.
How does hacker collaboration work?
Hacker cooperation takes the form of bug bounty programs. Professional and amateur hackers are invited to participate in carrying out information security research on the services targeted by the program. The programs are communal vulnerability security tests in which external testers, i.e. hackers, are given the opportunity to test organisations’ digital services within the agreed principles and limitations.
– We have engaged in similar cooperation with hackers in the past, and the experiences have been good. The bug bounty program complements our standard application testing. At the same time, talented hackers are given the opportunity to test their skills with permission and make some money on the side, says Pekka Ristimäki.
Hackers register for testing and commit to following the established rules. If vulnerabilities are found, the person who finds them will be paid a fee in proportion to the significance of the finding. The fees range between €100 and €30,000.
The bug bounty program and digital identity hack day are produced by Hackrfi Oy, a company specialising in the management of communal vulnerability coordination and information security testing. The Digital and Population Data Services Agency's bug bounty program takes place from 31 October 2022 to 30 April 2023. The digital identity hack day will be held on 12 November 2022, and Gofore will also participate in its organisation. Participants for both will be invited on the basis of an application.
Ask more about the digital identity hack day and apply by sending a message to hackday[at]hackr.fi.
Digital and Population Data Services Agency, Head of Information Security Pekka Ristimäki, tel. +358 295 535 048, [email protected]