Are you aware of this security flaw with the corona vaccination certificates? Vulnerability uncovered

Date:

Share post:

The 2G corona rule is now implemented widely throughout Germany. To go shopping you need to show your digital vaccination certificate. So the question that has people worried is: Do you know which app the shops, restaurants and cafes and other places are using to scan your certificate? Both the “Corona warn app” and the “CovPass check app” can scan the digital vaccination certificate.

Security flaw: How easy is it for someone to steal your digital vaccination certificate? They just have to stand at the door and “check” your vaccination status, which you must now prove. Do you keep track of everywhere your digital vaccination certificate was scanned?

security flaw

Bar owner saves 200 digital vaccination certificates belonging to customers

A Cologne bar owner had almost 200 vaccination certificates on his mobile phone. He actually only wanted to check the vaccination certificates of his guests, but then a restaurateur in North Rhine-Westphalia suddenly saved all of the evidence in his Corona warning app. There is a security problem behind this.

It was just an accident: When the Cologne bar owner Tobias Mintert recently checked the vaccination cards of his guests, he used his Corona warning app instead of the CovPass check app provided for it. He noticed the mistake when he suddenly had more than 180 certificates saved on his cell phone.

He has long since deleted the certificates, but behind the seemingly small error lies a serious security problem. Anyone who scans the QR code of a digital vaccination card with a different app than the one provided will have access to the vaccination certificate.

security flaw

Misuse of digital vaccination certificates possible

▶ Theoretically, you could use someone else’s vaccination certificate to prove compliance with the 2G rule. In theory, in addition to the QR code, the identity card must also be checked, but this does not happen in all restaurants and shops. This makes abuse easier.

In addition, the case in Cologne raises data protection concerns. “With the Corona warning app, other medically sensitive data such as exact vaccination dates and the vaccine used can get into the wrong hands,” criticized Ayten Öksüz from the North Rhine-Westphalia consumer protection center.

What you can do as a customer

As a customer, you should therefore always make sure at the entrance that the CovPass-Check app is actually used to check the code. This is the only way to ensure the protection of your own data at the moment.

The bar owner was also amazed that he was able to save almost 200 certificates on his mobile phone. Basically it is intended by the developers that the limit is not one. For example, parents can store the vaccination records of their children or spouses on one device and manage them more easily. Whether this should be possible with an unlimited number of certificates is another question.

security flaw

Telekom criticizes lack of education

Telekom, which developed the Corona warning app, explains that the innkeeper simply used the wrong instrument for the certificate check in the case mentioned.

Mintert’s case shows that restaurateurs and retailers are barely informed about the correct procedure for checking the vaccination records of their customers in the wake of the new 2G regulations: Hosts who do not check carefully and correctly make it easier for unvaccinated people to misuse digital certificates.

Vaccination certificate plus identity card mandatory for inspection

The restaurateur Tobias Mintert has meanwhile recorded his experiences in a Facebook video, among other things.

It is important to ensure that those who control the vaccination status are sensitized. In other words, that you are not only satisfied with the presentation of your vaccination card, but that you always compare it with your identity card.

Expaturmhttps://www.expaturm.com/
Expaturm aims to help educate Expats in Germany on key issues that they will have to deal with while living in Germany by providing everything you need to know about Banking, Healthcare, Lifestyle, and Housing in Germany

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related articles

Corona “Recovered” status was just shortened retrospectively: NEW 2022 Information

"Recovered" status after a corona infection is now only valid for three months. Recovered corona status: Anyone who has...

Coronavirus: Your rights in the event of a trip cancellation and holiday withdrawal

Trip cancellation, withdrawal, high-risk area: what does the corona virus mean for travelers?  Trip cancellation: What rights do you...

Working time fraud: When is a warning or termination legal in Germany?

In Germany, whether consciously or not, if an employee submits incorrect working hours, they is committing working time...

Apply for a job reference: How and when to file a job reference claim in Germany in 2022

In Germany, employees are entitled to a job reference certificate after termination of employment. If an employer does not...