Posted on 11/02/2021 3:54:10 PM PDT by Mount Athos
The rollouts and usage of vaccine passports are proving problem-laden in many places around the world, wither on technical or ethical merit, or both (or lack thereof), and the newest member of this “club” is an app called Docket, that is the endorsed Covid vaccine app in US states of Utah and New Jersey. The Centers for Disease Control and Prevention (CDC) also approved the app.
But just last week, reports revealed that Docket was yet another app that had a security vulnerability. TechCrunch said it was responsible for identifying the bug and submitting a report, while the CEO of the company behind the app, Michael Perretta, then informed them the server level bug had been fixed.
However, he was last Tuesday unable to say if somebody had exploited the vulnerability, saying instead that server logs were being inspected for traces of malicious activity. And he said that while the authorities of the two states that trusted Docket to be good enough for their residents would be informed, he wasn’t clear if users would be notified as well.
What was happening prior was an undetected vulnerability compromising the integrity of QR codes – that contain information such as users name, date of birth, Covid vaccination status, date of vaccination, and the vaccine they received. And this information was stored, as it turns out, insecurely on Docket servers for an unspecified amount of time, letting anyone access and request any of other Docket users’ QR codes.
The makers of the app reportedly didn’t make sure that their servers were authenticating requests for QR codes – although this is possible with run of the mill and readily available software paired with QR codes generated by the SMART Health Card standard, that is being increasingly adopted around the world.
Docket previously said on Twitter it had a million users. That tweet is now gone.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.