Home » News » “The failings are dramatic”: Further security flaws leave Australia’s vaccination certificates open to forgery

10 September, 2021

“The failings are dramatic”: Further security flaws leave Australia’s vaccination certificates open to forgery

By Alexandra Coulton

Another tech-savvy Aussie has pointed out how easy it is to forge the government’s COVID-19 vaccination certificates, which could be a huge problem for domestic, and, potentially international travel.

Melbourne-based software developer Finn Bailey told ABC News the government was using “high-school grade” security to protect the document from being copied or altered.

He said the failings are “dramatic” to anyone who is fairly qualified in this field, and that the name and vaccination status on the certificate can both be altered using a well-known technique.

“One could argue that this means these [documents] are not certificates, in that they fail to meet the definition of being certified as authentic,” Bailey said.

“You can make it say whatever you want.”

Last month, a Sydney-based software engineer Richard Nelson posted to Twitter about an “obvious” security flaw that made it possible to forge the vaccine certificates in just 10 minutes using free software including anti-forgery animation used in the background.

Nelson notified the government with details about flaw, but ABC News reported that he had still not heard back as of this morning.

On Wednesday, Tourism Minister Dan Tehan said the government would have a “vaccine passport”, which Australians could use to travel overseas, up and running in the coming weeks.

The certification scheme will be separate from the certificates currently available to Australians through the Express Plus Medicare app.

Tehan said the government was developing a QR code with the International Civil Aviation Organisation that would allow the new certificates to be recognised across the globe.

Australians will be able to use the easily-forged certificates to access greater freedoms in locked-down areas of New South Wales next week, including more time outdoors, with more privileges expected to be added as the vaccination rate grows.

According to ABC News, the NSW government will trial its own “vaccine passport” on the Services NSW app which the state currently uses to check in to venues.

It is now known whether the app will be similar to the Medicare version or feature a QR code like the federal government plans to use for international travel.

A Services NSW spokesperson told ABC News that the vaccination certificate and check-ins would have “a number of security features which can be validated to help reduce risk of fraud”.

Forging proof of vaccination appears to be on the rise overseas, with a 24-year old woman facing charges for using a forged COVID-19 certificate to skip quarantine requirements while travelling to Hawaii.

And she may have gotten away with it if she hadn’t misspelt the name of the vaccine she claimed to have received.

Reuters has reported a booming market for fake vaccine certificates has cropped up online, with the head of a cyber intelligence firm telling the news outlet he has seen “hundreds” of websites on the dark web selling the forgeries for as little as $12.

Advertise with us

Email the Travel Weekly team at traveldesk@travelweekly.com.au

COVID-19 vaccination certificate Dan Tehan domestic travel Finn Bailey international travel proof of vaccination Richard Nelson security software vaccine certification