Tech News

Tech Business News

  • Home
  • Technology
  • Business
  • News
    • Technology News
    • Local Tech News
    • World Tech News
    • General News
    • News Stories
  • Media Releases
    • Tech Media Releases
    • General Media Releases
  • Advertisers
    • Advertiser Content
    • Promoted Content
    • Sponsored Whitepapers
    • Advertising Options
  • Cyber
  • Reports
  • People
  • Science
  • Articles
    • Opinion
    • Digital Marketing
    • Gaming
    • Guest Publishers
  • About
    • Tech Business News
    • News Contributions -Submit
    • Journalist Application
    • Contact Us
Reading: COVID vaccine certificates can be forged within 10 minutes
Share
Font ResizerAa
Tech Business NewsTech Business News
  • Home
  • Technology News
  • Business News
  • News Stories
  • General News
  • World News
  • Media Releases
Search
  • News
    • Technology News
    • Business News
    • Local News
    • News Stories
    • General News
    • World News
    • Global News
  • Media Releases
    • Tech Media Releases
    • General Press
  • Categories
    • Crypto News
    • Cyber
    • Digital Marketing
    • Education
    • Gadgets
    • Technology
    • Guest Publishers
    • IT Security
    • People In Technology
    • Reports
    • Science
    • Software
    • Stock Market
  • Promoted Content
    • Advertisers
    • Promoted
    • Sponsored Whitepapers
  • Contact & About
    • Contact Information
    • About Tech Business News
    • News Contributions & Submissions
Follow US
© 2022 Tech Business News- Australian Technology News. All Rights Reserved.
Tech Business News > Cyber > COVID vaccine certificates can be forged within 10 minutes
CyberTechnology News

COVID vaccine certificates can be forged within 10 minutes

Editorial Desk
Last updated: September 21, 2021 2:39 pm
Editorial Desk
Share
SHARE

Due to a obvious security flaw near-perfect forgeries of the federal government’s COVID-19 vaccine digital certificate can be done in 10 minutes using free software, one member of the public found.

Contents
Key points:“It’s a very basic flaw. I thought there would surely be some kind of mitigation to stop this kind of attack, but there hasn’t been.”Will this be fixed?A basic security check and an audit would have found flaw“Or, they did not do a security audit,” he said.‘Certificates need QR-code digital signatures’

Richard Nelson, a software engineer in Sydney, found an “obvious” security hole in the Express Plus Medicare app, allowing him to make vaccine certificates with any name and date of birth and featuring background animations designed to prevent forgeries.

Key points:

  • A flaw in the Medicare app means Australia’s COVID-19 vaccine digital certificates can be forged
  • A basic security audit would have identified the vulnerability
  • Without confidence in certificates, governments may delay giving the vaccinated more freedoms

The Prime Minister previously stated that certificates are a “credible and effective” way for states to administer exemptions from the blocking aspects.

The discovery of the defect could put a brake on state and federal governments by allowing vaccinated people more freedom.

Mr. Nelson found a security vulnerability in the current system (which was launched more than two months ago) while rummaging through an Express Plus Medicare app one night last week.

“It’s a very basic flaw. I thought there would surely be some kind of mitigation to stop this kind of attack, but there hasn’t been.”

Other security experts have confirmed that this is an obvious vulnerability that could be identified by a basic application security audit.

To demonstrate how easy it is to falsify certificates, it took Mr. Nelson 10 minutes to produce a fake certificate bearing the name of this reporter (who didn’t have all the pictures yet).

YOUTUBEA counterfeit COVID-19 vaccine certificate

Will this be fixed?

After discovering the defect, Mr. Nelson sent detailed instructions to the government but has not yet received a reply.
In response to ABC questions, a spokesman for Labor Minister Stuart Robert, who is ministerial in charge of data and digital policy, said the government had “iteratively updated vaccination certificates.

“The government will continue to iteratively update proof of vaccination certificates … including by strengthening security measures,” he said.

From the response, it was not clear whether the government would fix the vulnerability (which would require an update to the Medicare app).


A basic security check and an audit would have found flaw

The security vulnerability differs from the one identified by Senator Rex Patrick earlier this month.

The senator used “few graphical tools” to forge the PDF export of the vaccine certificate.

This only works with a PDF file, as the certificate in the application itself is tamper-proof with an animated checkmark, a live clock, and a flickering emblem (similar to the one used for a digital driver’s license).

As seen in the video above, Mr. Nelson’s more sophisticated spoof includes these anti-fraud features.

Mr. Nelson said the flaw would have been “absolutely” identified in a security audit.

“Or, they did not do a security audit,” he said.

This is not the first time an experienced software developer has breached government IT systems.

He was part of the tech community that found important vulnerabilities in the COVIDSafe app last year, including the fact that the tracking app didn’t work properly on a locked iPhone.

Privacy expert Vanessa Teague, another prominent member of the tech community, said the Medicare app crash “was not surprising after trying out COVIDSafe.”

‘Certificates need QR-code digital signatures’

Certificates also have a bigger security problem, he said.

Other designs, such as the one used by the EU, have a digital signature in the form of a QR code which can be verified as a defence against fraud.

Such a system would be much more difficult to fool.
“They still have to do something similar to what the EU has done,” Ms Teague said.

The prime minister noted that the vaccine certificate will be revised in October, although it is unclear if the new version will only be used for international travel and work alongside existing vaccine certificates.

In early July, the Australian Digital Health Agency, the official body responsible for various digital health initiatives, issued a tender request for a smartphone app to store digital vaccination certificates along with test results for COVID-19.

The proposed mobile application will be ready “by December 2021”

Robert’s spokesman did not respond to questions as to whether the government was working on a new type of vaccination certificate.

ByEditorial Desk
The TBN team is a well establish group of technology industry professionals with backgrounds in IT Systems, Business Communications and Journalism.
Previous Article Iphone-13-prices-australia Apple iPhone 13 Price Will Start At $1199
Next Article HPE Chemist Warehouse Chemist Warehouse Selects Hewlett Packard Enterprise To Modernize It’s Data Centre
Leave a Comment

Leave a Reply Cancel reply

You must be logged in to post a comment.

Fake Covid Certificate

Tech Articles

Sean Yu, VP of Commercial APAC at EBANX.

The Consumers Driving Global E-Commerce Growth Are Closer to Australia Than Many Businesses Think

The consumers driving global e-commerce growth are closer to Australia…

June 9, 2026
The Growing Crisis of Space junk and Debris

Space Junk Is Becoming One of the Biggest Threats to Modern Spaceflight

More than 33,000 tracked objects now orbit Earth at speeds…

May 8, 2026
Why your nbn evening speeds slow down

Why Your NBN Slows Down at Night — And How To Find the Real Cause

NBN slow at night? ACCC data shows why evening speeds…

July 2, 2026

Recent News

Parents warned over rise in AI-generated child abuse material
Technology News

Parents Warned of Disturbing Rise In AI Deepfake Abuse Targeting Students

2 Min Read
Westpac looks to broad AI integration within the business bank
Technology News

Westpac Accelerates AI Adoption To Transform Business Banking Operations

1 Min Read
Telecoms called out
Technology News

Commpete calls out outdated policies and settings in the telco sector

8 Min Read
seo-clerks-outage
Technology News

Popular Freelance Platform Seoclerks.com goes down. Unable to restore services.

2 Min Read
Tech News - Technology Business

Tech Business News

In 2026, technology news is shaping business outcomes faster than ever—driven by AI adoption, rising cyber risk, cloud modernisation, data regulation, and constant platform change.
 
Tech News keeps Australian organisations and industry professionals informed with timely reporting and practical coverage across AI, cybersecurity, cloud, enterprise IT, startups, science, people and business, plus major world and local news impacting the tech sector.
 
Tech Business News publishes news and analysis designed to be clear, relevant, and easy to act on. It supports the industry with technology news reports, whitepaper publishing services, and a range of media, advertising and publishing options 

About

About Us 
Contact Us 
Privacy Policy
Copyright Policy
Terms & Conditions

July, 04, 2026

Contact

Tech Business News
Melbourne, Australia
Werribee 3030
Phone: +61 431401041

Hours : Monday to Friday, 9am 530-pm.

Tech News

© Copyright Tech Business News 

Latest Australian Tech News – 2026

Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?