Flaw discovered in the Quebec COVID passport app’s verification method

A flaw has recently been found in Quebec’s VaxiCode Verif COVID-19 vaccine passport app.

Indeed, this could lead to the risks of not publishing source code for outside scrutiny before a government-backed application is released. However, experts declared that the Quebec government missed a good opportunity to publish the source code of the applications it produced for the sake of transparency. Discovering the flaw showed that a greater number of experts analyzing it can improve significantly the security of this kind of application.

Weaknesses in the security in the app’s QR code mechanism were also found out previously, which was used to link to a provincial government URL with an individual’s vaccine health record. The flaw allowed the application to be forced to recognize non-government-issued QR codes as valid.

By updating the app, it will remove the functionality of downloading public keys from the issuer’s URL. Hence, using existing standards and technologies will ensure both signature security and interoperability between regions using the SMART Health Cards protocol.

It was then reported that the flaw was fixed quickly, showing the desire to have a secure system.

Featured

More
articles

Celebrating Achievement of Finalist in the North America Software Testing Awards 2023!

Here are the North American Software Testing Awards of 2022!

Website

Our Sites

Products

Newsletter

Your form has been submitted

More articles

Celebrating Achievement of Finalist in the North America Software Testing Awards 2023!

Uptake of cloud and M2M implementations in global smart plants market

Here are the North American Software Testing Awards of 2022!

Your form has been submitted

More
articles