Spoofing Bug Highlights Cybersecurity for Digital Vaccine Passports

2021-09-08 17:28

Three weeks after an independent researcher found a critical bug in the Services Australia COVID-19 digital vaccine certificate that would allow an attacker to falsify someone's vaccine status, it still hasn't been fixed.

Researcher Richard Nelson looked into the security behind a new digital vaccine passport app from the Australian government's Express Plus Medicare program, which automatically pulls someone's vaccine status from the Australian Immunization Register.

Nelson tweeted his work because he was unable to get in touch with Services Australia, the organization which oversees the COVID-19 digital vaccine application, he explained.

As governments turn to vaccine passports and contact-tracing solutions to slow the spread of COVID-19, it's critical that users have confidence in both the accuracy of the vaccine data, as well as basic privacy protections.

"With vaccine data in their hands, vaccine fraudsters will take hold of every channel available, including vaccine passports, vaccination cards, human chips and vaccine health records to try to capitalize on it."

Absent a more responsive mechanism for reporting security flaws, particularly for government-run applications and technology, users can take important precautions as the demand for vaccine passports rises around the globe.

News URL

https://threatpost.com/spoofing-bug-cybersecurity-vaccine-passports/169287/

#cybersecurity #digital