We told you yesterday (2 days) that the government-made electronic vaccination certificate can be easily forged.
Accordingly, the government confirmed the problem and said that it has taken measures to prevent authentication of fake certificates in the future.
However, when we interviewed, it was confirmed that the alteration of changing the name and birthday of the inoculator in the issued real certificate was still possible, and it was confirmed that the system could not filter it out.
After yesterday, reporter Kim Deok-Hyun reported alone.
smartphone vaccination verification app created by the government also has a function to read another person's vaccination verification QR code.
After taking the QR code with the camera to get the personal information of the actual inoculation, I changed the name to'Cat' and the date of birth to'February 30'.
Soon another QR code is created and verified as vaccinated.
Earlier, after the SBS report that the Korean Disease Service could create a vaccination proof QR code with false information, it explained that the emergency update has made it no longer possible to authenticate online except for official government certificates.
However, it has been confirmed that it is still possible to tamper with the data of official certificates that have already been certified by the government.
You don't even need to read the QR code of the actual inoculator with the camera.
When a vaccination person connects to a public Wi-Fi without a password, the data of the government certification certificate transmitted to the smartphone through a hacking program can be obtained.
[Park Ji-soo/CEO of Blockchain Security Company: It seems that the verification part for the issuance target is missing. We believe that writing unencrypted communication can be a threat. Attacks such as hijacking and checking data being communicated or sending it by altering it are also possible.]
SBS reported additional issues to the government today, fearing the possibility of exploitation.
It is pointed out that there should be no gaps in security issues as it is a vaccination proof app that will be used by all citizens.
(Video coverage: Jang Woon-seok, video editing: Park Ji-in)