Vaccinated, tested, recovered, tricked? “QR codes are a ticking time bomb”

Vaccinated, tested, recovered, tricked? "QR codes are a ticking time bomb"

QR codes are not counterfeit-proof, and using them as tickets in pandemic times endangers the health of the population. […]

Austria tests, Austria vaccinates. In order to enable far-reaching opening steps, these measures must be verifiable quickly and without errors. After all, a sick person, but healthy according to the certificate, is enough to provide for a new cluster in trade, gastronomy or cultural business. In the future, vaccination and test results across the EU will be verified by means of a QR code. “Negligent!”says Andreas Spechtler, CEO of Authentic Vision, a company specializing in authentication solutions. QR codes are not counterfeit-proof, and using them as tickets in pandemic times endangers the health of the population.

Anyone who has been vaccinated, tested or recovered may again participate in public life in Austria somewhat more fully. The regular bar, the hair salon and the concert stage are no longer taboo, compliance with the “3G rule” or proof of the same authorization to enter. In order to avoid long waiting times including snake formation, a quick and uncomplicated check of this proof is necessary. In the digital age, a quick response code, or QR code for short, seems to be perfect for this. The EU intends to certify vaccinations and negative test results in this way. In Austria, the codes already function as admission tickets, and in the future the QR codes will also be used for the Green Pass- although the Federal Ministry of Social Affairs, Health, Care and Consumer Protection is currently warning against counterfeits that are already in circulation.

“The QR codes work perfectly in that they do exactly what they were designed to do. If the code is scanned, it redirects to the linked data set in seconds,“ explains Andreas Spechtler, Executive Chairman of Authentic Vision. “However, the safety aspect did not play a decisive role in the development. Printed QR codes in particular are easily susceptible to counterfeiting and are a ticking time bomb in terms of vaccination records and test results.“

Analog use is not safe

Falsifying QR codes displayed in the smartphone is “not a trivial challenge”, according to Spechtler, but printed analog codes that are used in corona times, for example as stickers on test strips and in vaccination passports, represent a much greater risk. In physical form, a QR code can be easily copied and duplicated. On the one hand, this allows “tricked” evidence – ie people who have not been vaccinated, tested or recovered, pretend to meet the “3G rule”-but also opens the door to a number of other dangers.

“There are several potential security leaks here, especially with regard to corona self-tests,” Spechtler explains. “Harmful QR codes can be smuggled into pharmacies or retailers before they are issued. As a result, the attacker gains access to the data of the test persons or, in the worst case, redirects them to his own website, which resembles the design of the official page. There, the test person is then asked to enter bank details or credit card information. Another risk is that the attacker could be

a security leak gains access to the original code list or generates the codes itself due to their simple structure. If the attacker uses these one-time codes, he makes them unusable for the legitimate test subjects. Despite a negative test result, ‘the ticket’ is already validated in advance and can no longer be used. In the worst case, the entire self-test system becomes unusable.“

But even a digital worst-case scenario is quite realistic, as the app” Corona Green Pass Austria ” currently proves. This generates supposedly valid QR codes to give users access to gastronomy and body-related services. The Austrian government therefore urges caution – the codes are difficult to recognize as fakes, their use is punishable.

Holographic fingerprint protects

Unique security features that can not be copied and at the same time act as a seal of quality promise to remedy the situation. Authentic Vision developed such a technology in five years of research. The Salzburg-based company produces security holograms that cost a few cents in production and are already used worldwide for the protection of branded products. Now they should also make test results and vaccination certificates forgery-proof. Authentic Vision has already been integrated into the Land Salzburg app and a test run has been successfully implemented. Authentic Vision would thus be ready for deployment in Austria, the EU and beyond.

“We have created a holographic fingerprint that can be clearly assigned to a person or a test result or proof of vaccination,” explains Andreas Spechtler. “The security hologram can be attached as a sticker to test kits and in vaccination passports and then cannot be removed without destroying it. These are unique pieces. Not even we ourselves can produce two completely identical copies of these holograms. They are absolutely forgery-proof.“

Founded in 2012, Authentic Vision is a mobile authentication solutions provider offering the latest anti-counterfeiting and authentication technologies that protect investment in product innovation, brand value and reputation. The patented Holographic Fingerprint™, mobile authentication app, and real-time analytics protect physical goods from counterfeiting and warn brand and product owners of potential fraudulent activity.

Ready to see us in action:

More To Explore
Enable registration in settings - general
Have any project in mind?

Contact us: