An EU digital CORONAVIRUS "green pass" called Adolf Hitler circulated online this week, and the green code could pass Italy's official verification system. Although it was later declared invalid, it raised questions about the security of the "vaccine passport" system.
According to Italian media reports, a QR code appeared on the Internet on October 26, local time, and when scanned with the Italian VerificationC19 verification application, it showed a valid EU digital coronavirus "green pass" that said the holder was Adolf Hitler, who was born on January 1, 1900. Moreover, the QR code is displayed as a valid green code on the verification procedures in several other countries.
Subsequently, on social media, several versions of Hitler's "Green Pass" code appeared, some with capitalized names and others with different birthdays. But all this allowed holder Hitler to enter any interior for activities.
It's unclear where the security keys needed to generate Hitler's QR code actually came from. There are reports that Hitler's pass was issued from France, but it is pointed out that this information may also be forged.
After the incident, European security experts were shocked because the EU's new crown "green pass" QR code generation system has a high level of security.
The system works by pairing the public key (contained in a QR code, which anyone scanning the code with an app can see) with the private key (held by a hospital or other healthcare provider).
Venue scan codes that check the validity of someone's "green pass" and receive a green checkmark if it matches the private key, or a red cross if it doesn't.
As of the afternoon of October 27, local time, the private key used to verify Hitler's pass had been revoked, but a Polish user on a technology forum still claimed to be able to sell the certificate, as did some posters on the so-called "dark web".
Whether the key used to verify Hitler's Pass was stolen or leaked remains a mystery. Some technologists speculate that a health care employee with access to a private key may have generated a fake certificate for the Nazi leader.
The leak or theft of keys has caused serious problems with the EU's COVID-19 "Green Pass" QR code generation system. Generate any number of passes based on a single private key, which means that revoking one of the keys will invalidate any pass based on it, whether true or false.
Recertifying hundreds or even thousands of passes at a time could undermine public confidence in the system, as the implementation of a "green pass" is already unpopular in some EU member states.
The "Hitler gets a fake pass" incident is not the first. Earlier this month, a French teenager was arrested while trying to use health pass data from French President Emmanuel Macron to enter the hospital.
The French president's public data has been leaked online, meaning anyone can use his QR code as their own QR code, which is read as valid.
Nandu reporter Shi Minglei