cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

COVID vaccine certificates ‘easily forged’, warns expert

A leading cyber security expert has sounded the alarm on the federal government’s COVID-19 vaccine certificate, warning that it is easily forged and open to abuse.

user iconJames Mitchell
Tue, 31 Aug 2021
COVID vaccine certificates ‘easily forged’, warns expert
expand image

Services Australia has already begun rolling out its vaccine certificates, a system that will be used to determine which Australians are fully vaccinated against the deadly coronavirus.

All Australians are now able to view their digital certificate via the Express Plus Medicare mobile app after receiving all required doses of an approved COVID-19 vaccine. It can also be viewed on a Medicare online through myGov. Services Australia has encouraged all Australians to add it to their Apple Wallet or Google Pay.

But Australian cyber security specialists TrustGrid, who created digital drivers’ licences for the NSW government, have warned the vaccine certificate is flawed.


“The major issue with the federal government’s proposed vaccine certificate is that it not machine readable,” TrustGrid chief digital privacy officer David Palmer told MyBusiness.

Palmer said there is already a digital trust ecosystem that can present a vaccine certificate which is easy to use, safe and can be machine verified and authenticated anywhere in Australia through participating government agencies to avoid digital fakes.

“Recently a software engineer was able to use animated graphics to prove that the vaccination certificate can be doctored and edited. There is no machine-readable capability in the vaccine certificate in its current form, like a bar code or QR code,” he explained.

“The beauty of a QR code is that it cryptographically binds information to your identity. That would make the vaccination certificate near impossible to forge.”

But the federal government is yet to include a QR code to its vaccine certificates. Palmer said that in addition to credibility issues that come with potential forgeries, the system could create operational problems for establishments like restaurants and pubs once lockdowns end.

“I can see going forward that if people are queuing up to get into a restaurant or pub, they will need to show a certificate to someone, who will need to read it and verify it, rather than simply scanning a QR code at the door,” he said.

“It opens us up to people who may be infected forging vaccination certificates in order to enter an establishment and putting others at risk.”

Palmer, who has worked as a data privacy expert for ANZ, NAB and Westpac, said the cybersecurity risks to businesses and citizens have increased dramatically since the first outbreak of COVID-19 as more people spend more time online.

He cautioned governments to consider the cybersecurity risks as they rush to roll out the vaccine certificates and other digital documents, despite a sense of urgency amid the pandemic.

“There is a simple solution here. It has been done before. With the vaccine certificates, it just needs to be done right,” Palmer concluded.

[Related: COVIDSafe app report released, only identified extra 17 contacts]

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.