Ethical hackers are looking for information security gaps in Suomi.fi services - the digital identity application also under testing
The Digital and Population Data Services Agency has invited ethical hackers to look for shortcomings in the information security of the Suomi.fi Web Service and the digital identity app. The Bug Bounty program for the Suomi.fi Web Service will last for six months. The security of the digital identity service is tested by hackers for one day.
– We are well aware that digital services are constantly targeted by criminals. It is very useful to collaborate with ethical hackers who carry out security tests, says Pekka Ristimäki Head of Information Security at the Digital and Population Data Services Agency.
Hacking during the program and hack day does not compromise the security of the system. On the contrary, a large group of testers enables more extensive testing and efficient identification of potential vulnerabilities.
Suomi.fi information security tested with hackers for six months
On 31 October 2022, the Digital and Population Data Services Agency launched the bug bounty program, which looks for possible information security vulnerabilities in the Suomi.fi Web Service. The program tests the Suomi.fi Web Service, including the Suomi.fi e-Identification and the Suomi.fi e-Authorizations interface.
Suomi.fi is an online service that collects public services and guidelines for people at different stages of their lives. You can also use Suomi.fi to check your own data in the registers of different authorities, receive official mail electronically and grant and request rights to act on behalf of another person or company. Suomi.fi is developed by the Digital and Population Data Services Agency.
Hackers test digital ID security on November 12
The Digital and Population Data Services Agency will organise a hack day on 12 November 2022. During the hack day, hackers target electronic identification services that use the digital identity card.
The Digital and Population Data Services Agency is developing a mobile application for digital identity (Suomi.fi wallet). The application allows you to use a digital ID. The introduction of a digital identity card requires amendments to the legislation, and the bill is now being discussed by Parliament. The Act and the use a digital identity card are intended to enter into force on 1 September 2023.
How does hacker collaboration work?
Hacker cooperation takes the form of bug bounty programs. Professional and amateur hackers are invited to participate in carrying out information security research on the services targeted by the program. The programs are communal vulnerability security tests in which external testers, i.e. hackers, are given the opportunity to test organisations’ digital services within the agreed principles and limitations.
– We have engaged in similar cooperation with hackers in the past, and the experiences have been good. The bug bounty program complements our standard application testing. At the same time, talented hackers are given the opportunity to test their skills with permission and make some money on the side, says Pekka Ristimäki.
Hackers register for testing and commit to following the established rules. If vulnerabilities are found, the person who finds them will be paid a fee in proportion to the significance of the finding. The fees range between €100 and €30,000.
The bug bounty program and digital identity hack day are produced by Hackrfi Oy, a company specialising in the management of communal vulnerability coordination and information security testing. The Digital and Population Data Services Agency's bug bounty program takes place from 31 October 2022 to 30 April 2023. The digital identity hack day will be held on 12 November 2022, and Gofore will also participate in its organisation. Participants for both will be invited on the basis of an application.
Ask more about the digital identity hack day and apply by sending a message to hackday[at]hackr.fi.
Additional information
Digital and Population Data Services Agency, Head of Information Security Pekka Ristimäki, tel. +358 295 535 048, [email protected]
Read more about the digital identity reform
Not enough time remains in the current session of the Finnish Parliament for legislative initiatives that would enable digital identity reform to be processed. Preparations for a European Digital Identity Wallet continue. Read more.
- Individuals
- Processing times
- Marriage
- Having or adopting a child
- Names
- Moving
- Guardianship
- Life changes while living abroad
- Moving while living abroad
- Registration of a child born abroad
- Marriage concluded abroad
- Partnership registered abroad
- Divorce granted abroad
- Registration of a name change performed abroad
- Gender recognised abroad
- Death abroad
- Registration of citizenship
- Notification of retaining Finnish citizenship
- Legalisation of foreign documents
- Submitting foreign documents
- As a foreigner in Finland
- Registration of a foreigner
- Guide for students
- Municipality of residence
- Family relationships and Marital Status
- Instructions on arriving in Finland from Ukraine
- Guide for employed persons
- Fast track service for specialists and growth entrepreneurs
- Instructions for legalisation
- Submitting foreign documents
- Foreigner’s move to Finland, in Finland and out of Finland
- Check your own personal details
- Elections and Right to vote
- Suomi.fi Web Service
- Citizen Certificate and electronic identity
- Certificates from the Population Information System
- Population information in the Population Information System
- Registration of a gift notification
- Services of notary public
- Certification of purchase
- Citizens’ initiative
- Death and estate inventory
- Public Service Info
- Address service
- Forms
- Digital support for citizens
- Organisations
- Certificates
- For social welfare and healthcare service providers
- For organisations
- Electronic sealing service
- Timestamping Service
- Electronic signature
- Service certificates
- Advisory service, support and revocation service
- Certificate Directory
- Test the use of a certificate
- Card Reader Software
- Information about certificates
- Population information services for organisations
- Public administration sampling and updating service
- Private sector information services
- PIS modified data interface
- Modified data update service
- Population Information System query interface
- Browser-based Population Information System query
- Resident sampling services for property management offices and maintenance companies
- Data extraction for municipalities
- Reform of personal identity code
- Conditions for using population information
- Maintaining the Population Information System
- Extracts from registers
- Suomi.fi services
- Services to promote digitalisation
- Digital support
- Digital security services
- Services of notary public
- Certification of purchase
- Right to officiate weddings
- E-services
- Finnish Authenticator identification service
- Certificates
- About the agency
- Digital and Population Data Services Agency
- Digital and Population Data Services Agency as an Employer
- Use our services electronically
- Contact
- Customer service for private customers
- Customer service for organisations
- Service locations
- Digital and Population Data Services Agency address, switchboard e-billing details
- Digital and Population Data Services Agency Management
- Marriage ceremony premises information
- Contact details for media
- International Affairs
- Invoicing
- Quality policy
- Equality plan for customers
- Data protection
- News
- Population Information System
- For media
- Brochures and publications
- Projects
- Foresight and research cooperation