136 Weaknesses in the Covid certificate
In order to test the security of the Covid certificate, the National Cyber Security Center (NCSC) conducted a public security test, among other things. In the report now published, the authority provides an overview of the vulnerabilities reported to date.
Covid certificates have been issued in Switzerland since June 7, 2021. In order to In order to thoroughly test the functionalities and handling of the entire system, as well as its security, various internal and public tests were previously carried out at the federal government.
Internal analyses were conducted before and during the launch of the Covid certificate, with guidance from the National Cyber Security Center (NCSC), by several agencies, including the Federal Office of Information Technology and Telecommunications (FOITT) and the National Cyber Security Testing Institute (NTC).
The number of findings at weak points was to be classified as "normal" in view of the extensive nature of the work. The entire Report of the authority comprises 16 pages. Mentioned are 136 vulnerabilities. Several critical flaws are still being analyzed and will not be published for the time being for security reasons. According to the NCSC, there is no need for action in some cases, since some of them were misjudged by the reporters.
The Public Security test however, continues to run. The QR code contains, among other things, the surname, first name and date of birth of the certified.
Source: NCSC
