ESET statement to protect the digital vaccination card from counterfeiters. There are currently media reports about plans by the Federal Ministry of Health for vaccination cards, which open the door to counterfeiters.
Data from vaccination cards in doctor's practices, pharmacies or vaccination centers are to be transferred to the new digital EU vaccination card without verification. It is of crucial importance to have a digital, uniform and, above all, forgery-proof vaccination card. Such a document, whether analog or digital, must not allow misuse or identity theft.
How a digital vaccination card can be secure
ESET security expert Thorsten Urbanski explains what such a digital vaccination card looks like and which criteria it must meet: "To avoid misuse, the data from a vaccination card should not simply be taken over by the family doctor or pharmacy and entered in a database for the upcoming digital version. It is imperative that data is exchanged and compared with the health authorities or the health insurance companies. Otherwise it is as good as impossible to protect the database system for the digital vaccination card from manipulation. "
“Multi-level hurdles must be integrated within the app, which generally make identity fraud more difficult or impossible. The creation of screenshots within the app, previously possible in the Corona warning app, should be prevented. "
Screenshots cannot be prevented
Urbanski continues: “But it must be clearly stated that the creation of screenshots on smartphones cannot be perfectly prevented from a technological point of view. This becomes even more problematic if the vaccination document is simply printed out without security features. That still seems to be planned at the moment. It is utopian to believe that every restaurant or shop will always have an identity card shown to verify the vaccination status. ”According to ESET, abuse must be prevented by a secure second instance here.
“There are already procedures that are used by payment providers, for example. Using a backend system and a plausibility check, for example, can prevent the simultaneous use of credit cards in different countries or cities. A similar system would be absolutely necessary for the digital vaccination card or the use of the QR code, taking into account data protection compliance.
When verifying the vaccination card via QR code and comparing the database, it must be compared with a backend system. However, this presupposes that the verification by a second device via app records the location data during the respective verification process and transmits it to the instance to be compared. The tracking that takes place in turn must be completely anonymized. Implementation by summer will be a challenge if you still have to create the infrastructure and at the same time want to implement security and data protection compliant. But I think that the actors have taken this into account. Realization of the project was certainly started last year. "
Open information campaign for more acceptance
To ensure widespread acceptance, a clear and very open information and education campaign should start when it is introduced so that the population is also behind the vaccination card. “Politically, an open discussion and information is certainly required here. If trust is to be created here, independent expertise should be obtained at an early stage. Institutions such as the CCC, TÜV-IT or experts from the IT security association TeleTrusT could be brought on board. "
More at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.