A Sydney-based software developer claims to have discovered a simple way to obtain a passable forgery of a COVID-19 digital vaccine certificate.
Richard Nelson told ABC News that an “obvious” security flaw allowed him to make a copy of the proof-of-jab feature in the Medicare app with anyone’s details on it – no vaccine required.
His discovery raises concerns about the security of the vaccine passport certificate system.
Mr Nelson said he found the security flaw while playing around on the Medicare app one night.
“It’s a very basic flaw. I thought surely there would be some kind of mitigation to stop this kind of attack, but there wasn’t,” he told the national broadcaster.
“I don’t think it’s a good idea to get it out there among the anti-vax crowd.
“People who don’t have a valid certificate can fairly easily present one – the implications of that are left up to the imagination.”
Mr Nelson provided a video as proof, showing ‘his’ COVID-19 digital certificate on a mobile device, even though he has not been vaccinated.
Mr Nelson said he had reported the vulnerability to the Department of Health late last week, but told ABC News he had not heard back.
Early in the pandemic, there were significant concerns from government and health authorities that organised crime groups may create a market for illicit or fake vaccines. According to other security experts, this flaw should have been identified in a basic security audit.
What do you think about this flaw? Please share your thoughts in the comments section below.
If you enjoy our content, don’t keep it to yourself. Share our free eNews with your friends and encourage them to sign up.