Technology

Australia’s vaccine certificates easy to fake due to “obvious” security flaw, says software engineer

A Sydney-based software engineer has worked out a way to create a passable forgery of Australia’s digital COVID-19 vaccine certificates.

And he reckons it can be done in just 10 minutes using free software.

Richard Nelson told ABC News an “obvious” security flaw allowed him to make a copy of the proof-of-jab feature in the Medicare app with anyone’s details on it – no vaccine required.

His version even contains the anti-forgery animation used in the background of the certificates.

Nelson said he found the security flaw while playing around on the Medicare app one night.

“It’s a very basic flaw. I thought surely there would be some kind of mitigation to stop this kind of attack, but there wasn’t,” he told the national broadcaster.

“I don’t think it’s a good idea to get it out there among the anti-vax crowd.

“People who don’t have a valid certificate can fairly easily present one — the implications of that are left up to the imagination.”

Just in case our imagination isn’t vivid enough, this means unvaccinated people could use the app to travel internationally when the time comes, chucking a huge spanner in the works for the rest of us by potentially prolonging travel restrictions.

Not to mention risking lives.

Once he realised how easy it was to trick the app, he notified the government with detailed instructions, but told ABC News he has not heard back.

Travel Weekly has reached out to the Department of Health and the office of Employment Minister Stuart Robert, who is responsible for data and digital policy, but is yet to receive a response.

However, a spokesman for Robert told ABC News the government is continuously updating the proof of vaccine certificates.

“The government will continue to iteratively update the proof of vaccination certificates … including bolstering security measures,” the spokesman said.

According to ABC News, other security experts confirmed the flaw should have been picked up in a basic security audit.


SEE WHAT PEOPLE ARE SAYING

Leave a Reply

Wholesalers

Give your clients a taste of Wabi-sabi with InsideJapan’s new cultural journey

Don’t worry; the new trip doesn’t involve eating loads of that little green paste that comes with your sushi, that’s WASABI, not Wabi-sabi. However, if that’s your thing we won’t stop you.

Share

CommentComments

Hotels

Welsh hotel cops criticism for charging almost $400 for access to its bar

The hotel owner said he introduced the fee because he was tired of finding strangers in his garden, which is the most Welsh thing we’ve ever read.

Share

CommentComments

Destinations

This tourism ad is so weird and trippy, it’ll have you declaring “WTF did I just watch?”

Did you perhaps take an ecstasy tablet in your misspent youth? Travel Weekly warns this ad could bring it back on 15 years later.

Share

CommentComments

Technology

Sabre’s Nicole Regel promoted to regional role

Travel Weekly understands Nicole Regel is eyeing the IKEA JÄRVFJÄLLET leatherette swivel chair in charcoal after her recent promotion.

Share

CommentComments

Cruise

P&O extends Aussie cruise pause, as Pacific Adventure emerges from dry dock

Don’t let the headline fool you; this article also contains some uplifting cruise news to give sail-savvy agents a little Friday boost.

Share

CommentComments

Tourism

Travel industry veteran takes “black sheep” approach to help brands navigate COVID landscape

Trish Shepherd, the mastermind behind this new company, has assured us it’s got nothing to do with agricultural practices, as we first imagined.

Share

CommentComments

Destinations

“A wonderful spectacle”: Spain’s Tourism Minister suggests using catastrophic volcanic eruption to attract visitors

The country’s Tourism Minister is in hot water after she appeared to propose using a volcanic eruption that has destroyed hundreds of homes to lure tourists to the Canary Islands.

Share

CommentComments

Aviation

WATCH: Flight attendant promises to annoy passengers who don’t wear a mask

As you can imagine, the comment section on this TikTok user’s video was… divided, to say the least.

Share

CommentComments

Tourism

Tourism Minister says international borders will reopen by Christmas “at the latest”

by Ali Coulton

Dan Tehan has urged states to stick to the national plan and encouraged Aussies to “roll up their sleeves”.

Share

CommentComments

Hotels

IHG’s Leanne Harwood elected first-ever female president of the Accommodation Association

Hospo industry veteran Leanne Harwood is back in the headlines, and this time it’s about her very deserving new role.

Share

CommentComments

Aviation

Passenger claims flight attendant told her to glue a mask to her distressed toddler’s face

A mother has taken to social media to call out a flight attendant who she claims gave her a rather distressing ultimatum.

Share

CommentComments

Travel Agents

Strong take-up of AFTA membership continues

If the current demand for AFTA membership is anything to go by, there’s a lot of confidence that agents can clear the remaining pandemic hurdles.

Share

CommentComments