Barely on the market and already having problems?
The digital vaccination card is apparently more insecure than expected.
Fraudsters could steal vaccination status.
Bonn - The digital vaccination certificate has recently been available in Germany.
This makes it easier for people vaccinated against the coronavirus * to prove that they have received a vaccination.
What many people see as a sensible or overdue opportunity to say goodbye to the yellow vaccination certificate, however, also harbors problems.
Obviously, the digital vaccination certificate is less secure than expected.
Corona: security gap in the digital vaccination card?
Fraudsters could steal certificates
Because the digital vaccination status generated by the QR code can apparently be accessed and misused by fraudsters without much effort.
The
Business Insider
reports a "security hole in the digital certificate of vaccination."
The code contains the name of the person vaccinated, the date of vaccination and details of the vaccine *.
The Corona warning app or the newly created CovPass * app then read the code and create another QR code.
This then acts as an entrance ticket to the restaurant, stadium & Co.
But how secure is the digital vaccination certificate?
"The digital vaccination certificate is cryptographically protected from changes," says the Federal Ministry of Health *.
“All digital vaccination records are only temporarily created in the vaccination log system and then deleted.
They are only permanently stored locally on the users' smartphones. "
Corona: How secure is the digital vaccination certificate?
"It is possible to load other vaccination certificates into his app"
However, this decentralized storage does not seem to protect against misuse.
Because apparently it is possible that the vaccination status can be stolen and thus any number of people can use the same QR code at the same time.
The Federal Office for Information Security confirms this to
Business Insider
.
"If the QR code of a vaccination certificate is read in by the Corona Warning app or the CovPass app - a so-called wallet app - the information is read from the vaccination certificate and displayed in plain text."
This causes problems: "Since the wallet apps do not know the identity of the app users, they cannot check whether the identity of the person being vaccinated matches." into his wallet app. "
Corona: Digital vaccination pass - expert advises sensitive handling: "The certificates can be copied"
To prevent this, the digital vaccination card must be presented in conjunction with a photo ID.
How much attention is paid to this in reality cannot, however, be assessed.
Experts therefore advise sensitive handling of the vaccination certificate.
"The certificates can be copied," says Holger Bleich from the specialist magazine
c't
.
The expert advises only using the certificate for official occasions such as traveling or in border traffic.
In everyday life, skeptical inquiries also help: "If someone checks the vaccination status at the beer garden, I would be shown that this is really the check app," says Bleich.
The CovPass-Check app can be recognized by the white app symbol with a blue sign - in contrast to the CovPass app with a blue symbol and a white sign. If you check a vaccination certificate with her, a green tick will appear on the phone of the person inspecting, along with the name, surname and date of birth of the vaccinated person.
(as / dpa) * Merkur.de is an offer from IPPEN.MEDIA
