Anyone Can Fake Israel’s Vaccination Certificate - Here’s How Easy It Is

Send in e-mailSend in e-mail
Send in e-mailSend in e-mail
Anyone can fake Israel’s vaccination certificate, cybersecurity firm Check Point reveals; Health Ministry says issue will be addressed
Anyone can fake Israel’s vaccination certificate, cybersecurity firm Check Point reveals; Health Ministry says issue will be addressed Credit: Check Point (screen capture)

Israeli cybersecurity firm Check Point found a flaw in Israel’s so-called green passport, which serves as proof of vaccination against coronavirus and is intended to confer privileges on those who have already been inoculated.

Check Point has reached out to Israel’s Health Ministry and shared with them a video showing how it is “very easy to forge” the vaccination certificate, Haaretz has learned. 

Experts said the forgery is so simple to do that anyone with access to Photoshop or Acrobat, or any image or visual document editing program, can create a seemingly valid document indicating they have received the vaccine and are immune to the virus

>> Follow live updates of Israel's coronavirus pandemic

The green passport as it is called looks like an I.D. card and consists of a photo, date of vaccination and a unique barcode which can be scanned both to prove the authenticity of the physical document but also, in the future, to allow access to certain venues.

A woman receives the Moderna vaccine against coronavirus this yearCredit: Henry Ford Health System / AFP

Experts from Check Point explained to ministry officials that “the current certificate validating vaccination is just a file that can be easily edited by any program that can edit PDFs. To forge it, all an attacker needs to do is create a new and unique barcode - and there are plenty of sites that do this - and graft it onto an existing document with a program and thus create a seemingly valid certificate of vaccination.” In the case of such a forgery, scanning the specially created QR code would lead to a copy of the falsified image, thus seemingly confirming its validity.

In response to Check Point’s findings, the Health Ministry said they were aware of the issue and added that it as well as others were being addressed. 

Haaretz has revealed that there are already fake vaccination certificates on sale in closed groups on the Telegram messaging app. These cost 750 shekel (roughly $230) and though they currently do not grant that many privileges, they do exempt holders from quarantine should they come in contact with a confirmed coronavirus patient. Furthermore, as Israel’s vacaine drive makes headway, the green passport is expected in the near future to play a larger role, allowing travel, access to cultural events and centers of commerce, as well as other privileges.

Cryptographers that spoke with Haaretz about the two cases said simple solutions could be quickly implemented to secure the document. For example, they note using a unique “digital signature” (as opposed to just a scannable code) which would be scannable and could serve as a way to validate the originality of the document. 

Watch the video (Hebrew) to see how the document can be forged:

Click the alert icon to follow topics:

Comments