Australia’s vaccine certificates easy to fake due to “obvious” security flaw, says software engineer

Human hand holding smart phone with Digital International Certificate of Covid-19 Vaccination in Time Square, New York City.  The certificate indicates that the holder has been vaccinated against Coronavirus Covid-19. French version.

A Sydney-based software engineer has worked out a way to create a passable forgery of Australia’s digital COVID-19 vaccine certificates.

And he reckons it can be done in just 10 minutes using free software.

Richard Nelson told ABC News an “obvious” security flaw allowed him to make a copy of the proof-of-jab feature in the Medicare app with anyone’s details on it – no vaccine required.

His version even contains the anti-forgery animation used in the background of the certificates.

Nelson said he found the security flaw while playing around on the Medicare app one night.

“It’s a very basic flaw. I thought surely there would be some kind of mitigation to stop this kind of attack, but there wasn’t,” he told the national broadcaster.

“I don’t think it’s a good idea to get it out there among the anti-vax crowd.

“People who don’t have a valid certificate can fairly easily present one — the implications of that are left up to the imagination.”

Just in case our imagination isn’t vivid enough, this means unvaccinated people could use the app to travel internationally when the time comes, chucking a huge spanner in the works for the rest of us by potentially prolonging travel restrictions.

Not to mention risking lives.

Once he realised how easy it was to trick the app, he notified the government with detailed instructions, but told ABC News he has not heard back.

Travel Weekly has reached out to the Department of Health and the office of Employment Minister Stuart Robert, who is responsible for data and digital policy, but is yet to receive a response.

However, a spokesman for Robert told ABC News the government is continuously updating the proof of vaccine certificates.

“The government will continue to iteratively update the proof of vaccination certificates … including bolstering security measures,” the spokesman said.

According to ABC News, other security experts confirmed the flaw should have been picked up in a basic security audit.

Latest News

  • News
  • Tour Operators

CATO Touring Academy doubles achievements

The Council of Australian Tour Operators (CATO) Touring Academy has surpassed all expectations, with over 1,000 enrolments, 11,000 course completions, and more than 600 agents earning their CATO Touring Certification since its mid-2024 launch. As the travel industry gears up for another dynamic year, the CATO Touring Academy is empowering travel professionals to elevate their […]

  • Destinations
  • Tour Operators

Mat McLachlan Battlefield Tours advises final call for Anzac Day 2025

Mat McLachlan Battlefield Tours has advised that the final call for Anzac Day 2025 is on 31 January 2025 with pre-registration also available for Anzac Day 2026. Travellers are encouraged to book their spot for either the 10-day Anzac Day on the Western Front departing on 19 April from Paris or the 8-day Anzac Day […]

  • Destinations
  • Hotels

Two destinations to visit in Mexico for Valentine’s Day

Valentine’s Day is quickly approaching and here are two romantic getaway destinations in Mexico to make any traveller’s day with their special someone even better. Casona Roma Norte, Mexico City This Valentine’s Day is the perfect time to visit Mexico City, as the streets come alive with roses, heartfelt gifts, and the city basks in […]