Australia’s vaccine certificates easy to fake due to “obvious” security flaw, says software engineer
A Sydney-based software engineer has worked out a way to create a passable forgery of Australia’s digital COVID-19 vaccine certificates.
And he reckons it can be done in just 10 minutes using free software.
Richard Nelson told ABC News an “obvious” security flaw allowed him to make a copy of the proof-of-jab feature in the Medicare app with anyone’s details on it – no vaccine required.
His version even contains the anti-forgery animation used in the background of the certificates.
Nelson said he found the security flaw while playing around on the Medicare app one night.
“It’s a very basic flaw. I thought surely there would be some kind of mitigation to stop this kind of attack, but there wasn’t,” he told the national broadcaster.
“I don’t think it’s a good idea to get it out there among the anti-vax crowd.
“People who don’t have a valid certificate can fairly easily present one — the implications of that are left up to the imagination.”
Just in case our imagination isn’t vivid enough, this means unvaccinated people could use the app to travel internationally when the time comes, chucking a huge spanner in the works for the rest of us by potentially prolonging travel restrictions.
Not to mention risking lives.
This should not be anywhere near this easy to fool (I’m not vaccinated.. yet) pic.twitter.com/faTQws7XhX
— Richard Nelson (@wabzqem) August 18, 2021
Once he realised how easy it was to trick the app, he notified the government with detailed instructions, but told ABC News he has not heard back.
Travel Weekly has reached out to the Department of Health and the office of Employment Minister Stuart Robert, who is responsible for data and digital policy, but is yet to receive a response.
However, a spokesman for Robert told ABC News the government is continuously updating the proof of vaccine certificates.
“The government will continue to iteratively update the proof of vaccination certificates … including bolstering security measures,” the spokesman said.
According to ABC News, other security experts confirmed the flaw should have been picked up in a basic security audit.
Email the Travel Weekly team at traveldesk@travelweekly.com.au
forgery Meidcare app proof of vaccine Richard Nelson Stuart Robert vaccine certificationLatest News
Voyages celebrates 40 years at Uluru with two new immersive experiences
No plans for celebrating your 40th this year? Here's a hot tip from us.
SkyDeck: The inflight entertainment you could never have imagined
Forget those external cameras you can live stream while in the air... With SkyDeck you can check it out for yourself.
Second Boeing whistleblower dies of ‘mystery infection’
Joshua Dean died from a fast-growing mystery infection on Tuesday.
Aussie winners of American Airlines ‘Sell Your Way to the USA’ announced
Show me the money! For the winners, Sell Your Way to the USA was worth getting involved in.
ANZCRO celebrates 30th with special edition of iconic New Zealand Book
Choice bro! ANZCRO celebrates its 30th with a special edition of its iconic New Zealand Book. Chur!
Room to move at Cairns Harbourside Hotel with ‘spacious’ new family package
Moody teens can eat two-minute noodles while younger brothers and sisters get to eat free with mum and dad. Win, win!
A&K unveils lavish around the world wildlife adventure in private jet
The kind of holiday that if you need to ask the cost, you probably can't afford it.
Flight Centre and Reforest hit one million trees target early
Nice one Flight Centre, we think you've earned an early Friday knockoff.
New cruise options spearhead stacked APT 2025 program
Just in case you thought you were running out of cruise itineraries, APT's here with a fresh batch.
Travel Weekly announces a new team to helm Australia’s No.1 travel trade title
Some shameless self-promotion from us, but we thought you needed to know who's bringing you the news.
IHG reveals plans for Brisbane’s first Kimpton in 2028
Just another reason to book that trip to Brisvegas. But don't jump the gun, it's not open until 2028.
Cruiseabout’s first store in five years opens in Perth
Perth gets a break from being behind the rest of the country with the addition of the first Cruiseabout store.
ATAS complaints process acknowledges non-economic loss
A High Court case win over 'disappointment and distress' on a cruise gone wrong prompts ATIA complaints change.
Cunard previews new Queen Anne
Yep, this one does exactly what it says on the tin.
Bunnik Tours unveils latest expansion to Iceland
Just as the Icelandic vikings did many years ago, Bunnik is expanding into new territories.
Australia’s first glamping retreat turns 25
25th anniversary gifts usually come in silver. Ours comes in the way of a news story.
Embrace the journey: Traversing the world with the Shokz OpenRun
If you’ve been on the wrong side of a final call in the airport, or missed the stop on rail journey, it might be time to invest in a pair of Shokz OpenRun headphones. Originally marketed as headphones for fitness fanatics, runners or cyclists with a keen to steer clear of a prang with a car, […]
Tourism Western Australia MD Carolyn Turnbull departs
Turnbull hints her new role will see her staying in the tourism and hospitality industry and who can blame her?
DriveAway launches Brit-Euro Blitz campaign
If agents can put the foot down quick enough and get involved, there are some great prizes to be won.
Fly and Stay Free with the Great Southern
Unlike those dodgy scam phone calls you're getting more and more of, there's no strings attached to this deal.
Sober travel and TikTok guide Australian Gen Z trips
Can you call it a sober holiday if you enjoy a few glasses of red on the flight? We think yes.
Travel DAZE Exec Agenda REVEALED: top execs to speak on airline competition
As the industry reels from Bonza's implosion, it is more important than ever to ask the big questions.
TTC: Deals are driving up demand for September trips
The latest market research from TTC Tour Brands shows interest in international leisure travel remains high for 2024, with 77 per cent of Australians over 18 still planning trips this year. Notably, 28 per cent of those travellers are eyeing September for their journeys. Europe continues to be the most popular destination, with 68 per […]
Skroo says Rex will need deep pockets to fill lost Bonza slots
The door is open for Rex, and anyone else who wants to launch a regional Aussie airline...
Sno’n’Ski Holidays unveils 2025 mega famil to Colorado!
Let the games begin - this is certainly not a famil that you will want to miss!
Walk Japan launches Kyoto: Mountains to the sea walking tour
There are two types of people, one who enjoys walking on holiday and another who enjoys sipping Mojitos by the pool.
Which destination had a 48% boost in bookings following 10 MILLION TikTok views?
Here's a clue: it's not Malabar Beach.
Asher Telford appointed General Manager of SeaLink Whitsundays
Telford has plenty of reasons to smile after SeaLink doubles down and makes him GM after buying his tourism operation.
Qantas ‘working urgently’ to fix app data leak
Qantas is looking into customer reports that passengers have this morning been able to access other passengers’ personal information on the airlines app. X user Lachlan posted that he was able log into different accounts every time he opened the app. My @Qantas app logs me in to a different person each time I open […]
Hilton Expands Presence in North Queensland with the signing of Hilton Garden Inn Townsville
Heading to a North Queensland Cowboys clash? Hilton Garden Inn Townsville is set to open, but not until 2026.
Rail Europe ANZ: making dream journeys come true
Rail Europe's running a lottery! You're not going to win millions, but you might just snag a free holiday.
UPDATE: Bonza hole deepens as administrators investigate financial affairs
Administrators dig deeper as struggling airline unlikely to be revived.
Revamped Wailoaloa Beach hotel opens as Crowne Plaza Fiji Nadi Bay Resort & Spa
Crowne Plaza Fiji Nadi Bay Resort & Spa is open and ready for bookings after the first phase of a multi-million-dollar transformation. Part of IHG Hotels & Resorts’ premium collection, the transformation has seen the completion of 106 guestrooms showcasing contemporary interiors reflective of the premium Crowne Plaza brand and is a first for the […]
Nielsen Data reveals brands spending big to attract Aussie tourists
Trip A Deal, Virgin and Ignite Travel walk into a bar, blow their cash on travel advertising instead of the pokies.
Kamalaya Koh Samui clinches clutch of wellness awards
Kamalaya Wellness Sanctuary & Holistic Spa has so far clinched five prestigious awards in 2024, including being inducted into the ‘Hall of Fame’ at the World Spa & Wellness Awards in London. Founders of the Koh Samui sanctuary and spa John and Karina Stewart expressed their heartfelt gratitude for the awards. “We are profoundly honoured […]
Jetstar offers 200,000 return for free flights to celebrate 20th anniversary
Jetstar hits 20 and everyone else gets the presents with free return flights to domestic and international destinations.