COVID vaccine certificates can be forged within 10 minutes due to 'obvious' security flaw
Near-perfect forgeries of the federal government's COVID-19 vaccine digital certificate can be made in 10 minutes using free software, a member of the public has discovered.
Richard Nelson, a software engineer in Sydney, has found an "obvious" security flaw in the Express Plus Medicare app allowing him to make vaccine certificates with any name and date of birth and featuring the background animations meant to prevent forgery.
The Prime Minister has previously said the certificates are a "credible and effective" way for states to administer exemptions from aspects of lockdowns.
Mr Nelson found the security hole in the current system (which was launched more than two months ago) while mucking around with the Express Plus Medicare app one evening last week.
"It's a very basic flaw. "I thought surely there would be some kind of mitigation to stop this kind of attack, but there wasn't."
/cloudfront-us-east-2.images.arcpublishing.com/reuters/WH6YZXYGUVPP3EGR3KFXLDHZ2Q.jpg)
