The Corona warning app should make everything easier: including the digital vaccination pass. However, users complain about several security gaps.
Berlin – The long-awaited digital vaccination pass is here. Vaccinated persons can download the certificate onto their smartphone using a QR code. This is not only possible with the CovPass app or the Luca app developed for this purpose, but also with the Corona warning app. But how well does it work?
The application has enjoyed mixed popularity for a long time. Again and again there are critical voices, error messages and doubts about the effectiveness of the nationwide fight against pandemics. The Bavarian Prime Minister Markus Söder once called the Corona warning app a “toothless tiger”. As far as the new vaccination certificate is concerned, this tiger still seems a little reluctant. Apparently there seem to be several bugs.
Serious bug in the Corona warning app – changing the date is enough to be considered vaccinated
Those who have already been vaccinated receive a printed QR code from the vaccination center, doctor’s practice or pharmacy and can use it to load the vaccination pass into their app. Even if less than 14 days have passed after the corona vaccination. The field “Digital proof of vaccination: Sars-CoV-2 vaccination protection” is then actually highlighted in gray. After all, full vaccination protection is only achieved after two weeks. Then under the heading: “Complete vaccination protection in 14 days”.
As the Twitter user Marco Bereth proves, this display can be tricked relatively easily: If you change the date on your mobile phone – in this case to July 1st – you will already receive a full vaccination protection displayed. A screenshot shows: It works. The date of the vaccination can only be seen in the detailed view and the trick can be transferred. A weakness of the system with serious consequences. “It’s roughly the same way that 30-day test versions of software were ‘pimped’ 15-20 years ago,” Bereth scoffs.
So far, the Robert Koch Institute has not yet reacted to the apparent security gap.
Corona warning app bug: Can I just copy my QR code?
Other vaccinated people also encounter bugs in the Corona warning app. Another Twitter user uncovered a security hole in the QR code. “Apparently this is not a public / private key procedure,” he writes, and in his tweet addresses the Robert Koch Institute: “I’ve tested it once: If I show the QR code intended for checking, I can go to the Scan with another phone and import the code. ”The vaccination pass can be easily imported to another smartphone without a security query and without approval.
At first glance, this “weakness” of the app seems to indicate a data and security gap. But it is evidently consciously integrated. After all, the code is only valid in combination with an identity card. Linus Zifer from the Chaos Computer Club explains on ZDF: “That is relatively uncritical, what matters is that the document has no validity at all without the ID.” After numerous replies to his feed, the Twitter user finally also has to see: “I understand that one has obviously made a conscious decision and that the control of identity is an essential part of it. ”Nevertheless, he points out:“ But since this often does not take place in reality, I still consider it problematic. ”(vs) * Merkur.de is an offer from IPPEN.MEDIA