The state's recent 'vaccination passport' may include new security measures, but experts worry forgeries may still emerge with less secure ways of displaying a COVID certificate remaining acceptable.
Subscribe now for unlimited access.
$0/
(min cost $0)
or signup to continue reading
The Service NSW app now provides the reassurance of a QR code that businesses can scan below the vaccine certificate user's can now access on the same page as their check-in status.
But while previous methods are still accepted, including the use of the Express Plus Medicare app or a printed document of which neither include a QR code, experts are worried this may provide an opportunity for forged certificates.
Cybersecurity specialist David Palmer is the chief digital privacy officer at Trustgrid, known for successfully implementing the digital driver's licence onto the Service NSW app.
He said the absence of a QR code or barcode on the COVID certificate was an oversight by the government.
"It would be very easy for criminals to forge a vaccination passport or certificate by creating a web page that asks for your name, date of birth, some other information, and then it would build a page on your phone screen that would very easily pass as an authentic vaccination certificate issued by the federal government," he said.
IN OTHER NEWS:
Mr Palmer said the use of public key cryptography, or more simply a QR code, can eliminate any doubt that a document is authentic.
"The only way to validate that a document is real is to use a QR code, which binds the information about your vaccination status and who you are as an individual citizen and it presents that in a special code that can't be reproduced by anybody attempting to forge a vaccination certificate," he said.
"Using those cryptographic mathematical processes a business can, with the ultimate certainty, validate your vaccination status."
One flaw Mr Palmer believes Service NSW could have rectified in contrast to other methods of displaying the certificate was the inclusion of photo identification.
"At the moment, what was being shown by Victor Dominello is a QR code, the green letters 'vaccinated', but how do we know that is the person who is presenting as the owner of the phone?" he said.
"Somebody could say 'here, I'm fully vaccinated and you're not so use my phone to get in'."
Mr Palmer suggests that the Australian Immunisation Register be upgraded to include identifying information about those who have received their vaccinations to help state and territory government to verify them properly.
"The states and territories can't currently identify individuals on that database because it has no identifying information," he said.
"Say your name is John Smith, there's many John Smiths, so there must be a piece of information that clearly identifies you in that database, so that the data can be referenced and compared to ensure that what's being presented is correct and valid."
"Now, if that's put in place, that system would work very well."
Our journalists work hard to provide local, up-to-date news to the community. This is how you can continue to access our trusted content:
- Bookmark dailyadvertiser.com.au
- Follow us on Twitter
- Follow us on Instagram
- Follow us on Google News
- Make sure you are signed up for our breaking and regular headlines newsletters