Belgian regulator investigates potential vulnerability in CovidScan application – Computer
The Belgian data protection authority is investigating a potential vulnerability in the validation of Covid Safe tickets in the CovidScan application. More than 39,000 people may have been affected.
The data protection authority itself announced a possible security breach on Wednesday, wrote several Belgian media, including Morning. The CovidScan app is used to read and validate the QR codes of the Belgian CovidSafe app. With this QR code, people can prove that they have been vaccinated or tested for the coronavirus, or that they have already had the coronavirus itself, in order to access certain events.
According to GBA, the potential vulnerability exists with a certain encrypted list. People vaccinated against the coronavirus, but later tested positive for this virus, will appear. Among these people, their vaccination certificate is suspended, after which they are placed on a List of comments accessible via the web. This list is encrypted, but can still be read through the CovidScan app. According to the GBA, more than 39,000 people have been affected.
The privacy moderator says the issue was noticed by the citizen, Evening writes. This is an employee of the University of Louvain-la-Neuve, who was able to read the list of comments, thanks to an encryption key integrated into the CovidScan application. In theory, this would allow hackers to view a list of data from vaccinated people who tested positive for the coronavirus. According to De Morgen, the GBA says it considers the case “extremely serious” and “will pursue it”, but there are no details yet on possible follow-up actions. As far as is known, the leak has not yet been closed, the newspaper reported.
“Total coffee specialist. Unconditional reader. Incurable music scholar. Web guru. Independent troublemaker. Problem solver. Travel pioneer.