The Limited Times

Now you can see non-English news...

Digital corona vaccination certificates: Pharmacy customers have to be patient

2021-07-30T12:00:27.255Z


More than a week after the emergency stop, pharmacies are slowly regaining access to the system for issuing digital corona vaccination certificates. But researchers consider it unsafe even after the update.


Enlarge image

Digital vaccination certificate from the pharmacy: "Available again in the coming days"

Photo: Sven Hoppe / dpa

Relief in a pharmacy in North Rhine-Westphalia: Corona vaccination certificates have been issued there again since Friday morning.

"Of course we put customers off," a pharmacist told SPIEGEL on the phone.

That is clear when asked for a digital vaccination certificate but none can be issued.

The customers were, however, informed via the media, "they were then very relaxed".

Things are different in a pharmacy in Saxony.

There a pharmacist announced on the phone that customers would still have to be turned away if they wanted their entry in the vaccination card to be converted into a QR code for their smartphone.

The attempt on Friday morning to access the portal for the digital corona vaccination certificates failed.

Vaccinated persons have been waiting for more than a week to receive QR codes in pharmacies for their entry in the vaccination pass.

The Federal Ministry of Health and the German Pharmacists Association had blocked access to the certificate server.

The reason: With a few image processing tricks, security researchers managed to pretend to be a pharmacist and thus gain access to the online tool.

Developers tighten access rules

According to a spokesman for the Federal Association of German Pharmacists' Associations (Abda), the first pharmacies have been involved again since Thursday.

"A few thousand pharmacies already have access again," said the spokesman on Friday.

"We assume that this voluntary offer from pharmacies will again be available nationwide in the coming days."

more on the subject

  • Security gap: Why pharmacies are currently no longer issuing corona vaccination certificatesBy Jörg Breithut

  • Vulnerability in the new health network: The card trick by Judith Horchert and Jasmin Klofta

Among other things, the developers have tightened the request for the so-called telematics ID when registering.

Medical institutions are assigned this identification number in order to issue electronic prescriptions, among other things.

"We have now completely integrated the telematics infrastructure," said the spokesman.

You now have to dial into this infrastructure with special hardware (the so-called connector) and VPN access.

The security level has thus been massively increased again.

"It is no longer enough to enter a TI number on the form."

The two researchers Martin Tschirsich and André Zilch exploited this gateway.

With a forged operating permit, a manipulated proof of transfer for night and emergency services and an invented telematics ID, the scientists pretended to be pharmacists and were able to create QR codes themselves - with any name, vaccination data and vaccine.

According to the Abda spokesman, all guest accesses have been checked and no further fake pharmacies have been found.

IT expert: "Not yet a sufficient level of security"

Martin Tschirsich has doubts about the security of the portal even after the changeover. "It's a first step," says the IT expert in an interview with SPIEGEL. "But the solution does not yet achieve a sufficient level of security." In his opinion, querying the telematics ID is not enough to protect the portal from misuse. Tschirsich himself and other researchers showed two years ago that the telematics infrastructure also has some weak points.

He cannot understand why the pharmacies are not given the same tool as the general practitioners. "Then these problems would be solved." After all, tax money has already been spent on this. Doctors' practices do not create the QR codes via an online platform, but rather via a module for their practice software, which is also used to manage patients and create prescriptions. This means that the personal data is not entered manually, but taken from the practice's database. The federal government has paid for the update in the practices.

About 18,000 pharmacies in Germany can use the “My Pharmacy Portal” tool to subsequently convert the Covid-19 entry in the vaccination pass into a QR code so that citizens can prove their vaccination against the coronavirus at borders, airports and restaurants on their smartphones . The code can be scanned with the Corona warning app, CovPass and Luca, among other things. Via the “My Pharmacy Manager” portal, customers can check whether their pharmacy is already connected to the system again and is issuing codes.

Source: spiegel

All tech articles on 2021-07-30

You may like

Life/Entertain 2024-02-21T15:44:05.846Z
Life/Entertain 2024-02-21T15:44:32.584Z
News/Politics 2024-02-10T14:13:10.796Z

Trends 24h

Tech/Game 2024-03-27T18:05:36.686Z

Latest

© Communities 2019 - Privacy

The information on this site is from external sources that are not under our control.
The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.