Concerns Arise Over Russian Code in Hungary’s New Digital Identification System
The Hungarian government has introduced the Client Gate+ (Ügyfélkapu+) system and the Digital Citizenship Programme (DCP) mobile app, replacing the previous Client Gate (Ügyfélkapu) system. These updates aim to enhance digital identification security through the integration of one-time codes generated via various applications. The new system employs dual-factor authentication, which is particularly beneficial for users without smartphones or tablets. The government recommends several authenticator apps for both Android and iOS users, as well as desktop alternatives to improve data security.
However, the recommendation of a Russian-developed one-time code generator has raised concerns among experts and also citizens . One of the desktop solutions, TOTP.APP, reportedly included code from the Russian company Yadro, which has connections to the domain counter.yadro.ru. This association has drawn scrutiny, especially given the ongoing geopolitical tensions between NATO and Russia. Critics argue that the use of such software could pose risks to the security of Hungarian users’ data.
A cybersecurity expert emphasized the need for a thorough investigation into the implications of using TOTP.APP, questioning the government’s choice to recommend a program with Russian origins. The expert noted that the website for TOTP.APP previously operated exclusively in Russian until 2018 and lacks essential data protection notices. The Special Service for National Security did not clarify whether the website had undergone a comprehensive security examination, only stating that the app has been recommended since the launch of Client Gate+ in 2022.
In light of the controversy, the developer of TOTP.APP has reportedly removed the Russian code from the site. Additionally, the website is now available for purchase at a price of €18,500. This incident is not isolated, as previous concerns have arisen regarding Russian software used in Hungary, notably in 2017 when the national consultation website was found to be utilizing code from the Russian technology company Yandex.
