Hi, I'm Geoff 👋 I'm a security researcher and this website that generates real fake vaccination certificates was made to highlight failures to address security concerns. Over the last couple of months members with the AusOpenTech community have discussed this scenario with the media and so far there has been no deviation from this faulty path and NSW has doubled down on it.
When I visit places I want my legitimate certificate to be trusted and I feel Australia could have done a lot more. It feels like our leadership is going for minimal effort for this roll out and is ignoring people like Richard Nelson who in a couple of hours conjured up a proof-of-concept showing how Australia can provide verifiable evidence of a person’s vaccinations status.
Australia needs a good federal approach that works for everyone. If there’s a fallback to the insecure PDF for state/border travellers there’s not much point in each state doing anything. The insecure PDF can be unlocked via LittleBirdy (or opening the PDF in macOS the Preview.app) at which point the PDF can be edited using standard tools and generation of vaccination certificates becomes childsplay. As no authentication features are part of the immunization statement it is impossible to determine authenticity. The source code of this application is available on GitHub, is 65 lines of code and runs completely in your web-browser with no backend.