Technology

Australia’s vaccine certificates easy to fake due to “obvious” security flaw, says software engineer

A Sydney-based software engineer has worked out a way to create a passable forgery of Australia’s digital COVID-19 vaccine certificates.

And he reckons it can be done in just 10 minutes using free software.

Richard Nelson told ABC News an “obvious” security flaw allowed him to make a copy of the proof-of-jab feature in the Medicare app with anyone’s details on it – no vaccine required.

His version even contains the anti-forgery animation used in the background of the certificates.

Nelson said he found the security flaw while playing around on the Medicare app one night.

“It’s a very basic flaw. I thought surely there would be some kind of mitigation to stop this kind of attack, but there wasn’t,” he told the national broadcaster.

“I don’t think it’s a good idea to get it out there among the anti-vax crowd.

“People who don’t have a valid certificate can fairly easily present one — the implications of that are left up to the imagination.”

Just in case our imagination isn’t vivid enough, this means unvaccinated people could use the app to travel internationally when the time comes, chucking a huge spanner in the works for the rest of us by potentially prolonging travel restrictions.

Not to mention risking lives.

Once he realised how easy it was to trick the app, he notified the government with detailed instructions, but told ABC News he has not heard back.

Travel Weekly has reached out to the Department of Health and the office of Employment Minister Stuart Robert, who is responsible for data and digital policy, but is yet to receive a response.

However, a spokesman for Robert told ABC News the government is continuously updating the proof of vaccine certificates.

“The government will continue to iteratively update the proof of vaccination certificates … including bolstering security measures,” the spokesman said.

According to ABC News, other security experts confirmed the flaw should have been picked up in a basic security audit.



SEE WHAT PEOPLE ARE SAYING

Leave a Reply

Tourism

Colorado Tourism Office say G’day to the industry

The Colorado Tourism Office joined media and travel titans last Friday at Bentley’s in the Sydney CBD to reconnect with the Aussie travel industry.

Share

CommentComments

Aviation

Bonza calls on Aussies to name its first plane

Some of the names suggested so far include Purple Rippa, Bonza Bruce, and Kimbo. We challenge you to come up with something more Aussie sounding than that!

Share

CommentComments

Aviation

Qantas increases international connection time to reduce mishandled baggage

The upside of all these missing bags is that you no longer have to sprint through the airport to catch your connecting flight. Although we’ll miss the rush.

Share

CommentComments

Events

Missed the Visit USA Expos? Fear not, we’ve got your biggest questions covered.

by sponsored by Visit USA Australia

No more FOMO! These hot tips will get you in top-tip shape to visit the USA.

Share

CommentComments

Travel Agents

TravelManagers’ TCF Launch Applauded by PTMs

by Sponsored by TravelManagers

We hope you’re an AL (acronym lover), because this headline has plenty to go around!

Share

CommentComments

Tourism

G Adventures to relaunch Bhutan trails

These trails are kind of like the Bondi to Bronte walk, except completely different in almost every aspect.

Share

CommentComments

News

Industry movements: New hires at Intrepid, TravelManagers, Silversea and more

Keep tabs on all the latest movements in the industry, find who you need to shmooze at the next networking event and suss out all the latest gossip right here.

Share

CommentComments

Cruise

Coral Princess brings cruising back to Newcastle

Cruising has returned to Newy, marking more opportunities for the locals to hang out by the water and wear thongs.

Share

CommentComments

Hotels

Soneva introduces cryptocurrency payments at its resorts

This new update could mean that other travel companies may soon accept crypto, and then someone may finally buy our Travel Weekly NFT!

Share

CommentComments

Tourism

Paul Hogan gets top Tourism Australia honour

Hogan was reportedly quite happy with the award, but quietly disappointed that it wasn’t a knife which he could compare with his larger knife.

Share

CommentComments

News

Jucy to expand rental car fleet with $40m worth of new inventory

Jucy is a vehicle rental operator, not the company that makes those pink velour track pants, in case you were also a bit confused.

Share

CommentComments

Aviation

Qantas group engineers vote to strike

More than 700 Qantas, Jetstar and Network Aviation’s maintenance engineers are in favour of industrial action over pay negotiations.

Share

CommentComments