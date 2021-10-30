A security breach, detected by Internet users, has made it possible to generate “real” fake health passes, some of which have been widely shared on social networks.

False health passes, because they are associated either with fictional characters or with deceased personalities, but with a valid QR code … This unusual discovery fascinated Internet users, many of whom shared their findings, broadcasting on social networks sometimes a health pass in the name of SpongeBob SquarePants, sometimes associated with a certain Adolf Hitler.

How are QR codes generated?

In an attempt to explain such a failure, many media have looked into the issue. We must start by underlining that with the creation of the European health pass, the process of creating QR codes is the same in all EU countries, even if in each country, only government authorities “have encryption keys. that allow them to be generated, “says Libé.

And as BFM explains, this Union-wide “universality” means that a flaw in the electronic signature process of one of the countries could lead to the validity of the QR codes in all the countries of the country. ‘EU.





A simple form

According to a developer who has also tested to generate valid QR codes with fake names, the fault is located on the side of North Macedonia, a country outside the EU, but whose health pass has recently been recognized by the latter. .

And if the problem now seems to be resolved, this flaw has visibly made the web page for generating QR codes accessible for several hours, allowing hackers to generate passes. On Twitter, Xiloe also testifies to the disarming simplicity with which it was possible to create a fraudulent pass, albeit perfectly valid, from a simple form to fill out.

Many fraudulent passes in circulation?

The Checknews service of Liberation explains that in fact, from October 24, the user of a forum well known to hackers, offered to generate valid QR codes for around 300 euros. To prove that the concept works, another Internet user asks him to generate a health pass for Adolf Hitler. What he does successfully.

If Adolf Hitler’s health pass has since been reported, the fact that it could have been generated and considered valid necessarily questions the number of other false health passes that may have been created.