Remember meForgot password?
    Log in with Twitter

article imageVaccine passports could be prone to fraud and security issues

By Tim Sandle     Mar 3, 2021 in Science
The biggest placebo-controlled trial of psychedelic medications yet run indicates that the reported psychological benefits of microdosing are in fact explainable by the placebo effect.
The distribution of COVID-19 vaccine passports to allow a return to international travel has been debated worldwide. Just the notion that the government was “looking at the technology” to do so, has sparked controversy, with some critics arguing that civil liberties would be infringed.
Although the UK had initially ruled out plans for such passports, it appears that discussions will soon be underway to discuss EU proposals for coronavirus vaccine passports, aimed at reviving international travel.
Documents identifying those who have been inoculated could help governments reopen after lockdown, but they also raise questions over security, privacy and patient rights. In addition, it has been reported that there are fears such vaccine passports could be easily forged.
Looking into the issue for Digital Journal is Tim Mackey, who is the principal security strategist at the Synopsys Cybersecurity Research Centre.
Mackey says that the starting challenge is with the definition of “vaccinated”. He notes: "Outside of the Yellow Card, more formally known as the international certificate of vaccination for yellow fever, there really isn’t an internationally accepted means to confirm if an individual has met a vaccination requirement. Considering the Yellow Card is itself a paper document signed by a medical professional who supervised the actual vaccination, that model would be difficult to replicate given the scale of COVID-19 vaccination requirements – and that’s before we get to the potential security implications."
Mackey adds: "Since there is a clear need for some form of attestation of vaccination for travel purposes, it’s not surprising that a number of businesses have been founded to provide mobile apps that attest to the COVID-19 state of the bearer. The security implications of those mobile apps are similar to any healthcare app – any medical data on a person is of prime value to an attacker. "
Such data is of great value, says Mackey: "The reason medical data is so valuable stems from how personal it is. Even if the medical data is limited to a simple statement of vaccination, the nature of the pandemic makes even that data rather valuable. For example, if there were a bug in the app or underlying service that caused it to display to someone that a vaccination protocol hadn’t been completed when it had, then such an error could result in the traveller being denied entry or worse."
There are other concerns too, especially given that: "Technology is far from fool proof, and when it comes to the security of critical data, serious security reviews are obligatory. Those reviews often uncover issues that were overlooked or deferred during the design phase when the business is trying to define a new market or disrupt an existing market. We need only look back at the challenges faced with contact tracing applications to recognize that a technologically acceptable solution might not address privacy concerns. That’s in part because there is no single solution to any problem, and often cool new technologies like “blockchain” or complex technologies like “encryption” are applied without understanding how they might function under adverse conditions like those found during a cybersecurity attack."
Measures are also needed to ensure: "Significant coordination between international entities is required to ensure that the data recorded by the app is correct and complete. Once in the app, the data needs to be verifiably secure and stored in a tamper evident form that itself can’t be modified. Building confidence around this process requires some of the transparency seen within open source software development where skilled practitioners are able to review the implementation and configuration of the proposed solution. Missteps along this path could easily tarnish the reputation of digital health passports and form a setback to the return to a pre-Covid-19 travel experience."
More about Vaccine, vaccine passports, Security, Fraud
Latest News
Top News