{"id":29888,"date":"2021-10-28T12:15:23","date_gmt":"2021-10-28T16:15:23","guid":{"rendered":"https:\/\/www.kaspersky.com.au\/blog\/whats-wrong-with-forged-green-pass\/29888\/"},"modified":"2021-11-03T01:17:31","modified_gmt":"2021-11-02T14:17:31","slug":"whats-wrong-with-forged-green-pass","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/whats-wrong-with-forged-green-pass\/29888\/","title":{"rendered":"Forged Green Pass from the Internet \u2014 what can go wrong"},"content":{"rendered":"<p>Unidentified scammers are <a href=\"https:\/\/nltimes.nl\/2021\/10\/27\/covid-access-pass-qr-code-issued-adolf-hitler-ministry-investigating\" target=\"_blank\" rel=\"nofollow noopener\">selling Green Passes<\/a> (certificates required for travel and access to many public places and events in the European Union) on hacker forums and in Telegram channels. To demonstrate their capabilities and attract potential customers, they created a Green Pass issued in the name of Adolf Hitler. Perhaps most disturbing, the QR code passes app verification as valid. This raises a number of questions, which we will try to answer in this post.<\/p>\n<h2>What is Green Pass?<\/h2>\n<p>Green Pass is a certificate that verifies its owner either was vaccinated, recently recovered from COVID-19, or received a negative test result no more than 48 (for rapid test) or 72 (for PCR) hours ago. The certificate contains a QR code that can be validated with an application. Green Pass is a standard document in the countries of the European Union and some others \u2014 in Israel (where it was initially developed), Turkey, Iceland, Ukraine, Switzerland, Norway, and <a href=\"https:\/\/ec.europa.eu\/info\/live-work-travel-eu\/coronavirus-response\/safe-covid-19-vaccines-europeans\/eu-digital-covid-certificate_en\" target=\"_blank\" rel=\"nofollow noopener\">some others<\/a>.<\/p>\n<p>Usually, medical institutions issue Green Pass certificates. Depending on the country, a Green Pass may be required for travel; for visiting bars, restaurants, museums, and public events; in educational institutions; and even for work. The Green Pass also exists in paper form, but most often it is an <a href=\"https:\/\/greenpassapp.eu\/\" target=\"_blank\" rel=\"nofollow noopener\">application<\/a> that displays a QR code to verify the certificate.<\/p>\n<h2>How attackers can sign fake certificates<\/h2>\n<p>Some shady traders on the Internet and Telegram channels in particular are selling forged Green Pass certificates apparently issued by health services in Poland or France. <a href=\"https:\/\/github.com\/ehn-dcc-development\/hcert-spec\/issues\/103\" target=\"_blank\" rel=\"nofollow noopener\">Several theories<\/a> explain how they could succeed. According to one, criminals somehow got a secret cryptographic key enabling them to issue such certificates. If that\u2019s the case, the legitimate Green Pass certificates will probably have to be reissued.<\/p>\n<p>According to another theory, the sellers have accomplices in France\u2019s and Poland\u2019s healthcare systems. In that case, reissuing the cryptographic key is unlikely to help \u2014 law enforcement agencies will have to find the insiders.<\/p>\n<p><strong>Updated on November 2, 2021:<\/strong> According to the latest information from <a href=\"https:\/\/threatpost.com\/eus-green-pass-vaccination-id-private-key-leaked\/175857\/\" target=\"_blank\" rel=\"nofollow noopener\">European Commission representatives<\/a>, the incident wasn\u2019t caused by a cryptographic issue with the generation of the certificates, or with the storage of the signing keys. Most likely, \u201cpersons with valid credentials to access the national IT systems, or a person misusing such valid credentials,\u201d created the fake certificates.<\/p>\n<h2>Is the entire Green Pass system compromised?<\/h2>\n<p>For now at least, the Green Passes most EU countries issue remain as legitimate as before. Only certificates issued in Poland and France are under suspicion.<\/p>\n<h2>Will Green Pass certificates issued in Poland and France be revoked?<\/h2>\n<p>EU authorities are conducting investigations. In the worst case scenario, Poland and France will have to reissue certificates \u2014 but not necessarily all of them. If the malefactors cannot manipulate issue dates, then only some will have to be replaced.<\/p>\n<h2>Can you buy a fake Green Pass?<\/h2>\n<p>Well, there\u2019s nothing stopping you from spending your money. However, visiting EU countries with a fake certificate is not a good idea. First, the fake certificates will be revoked, and although you\u2019d most likely just lose some money, it is also possible customers will be caught in the same law-enforcement net as forgers. With a fake Green Pass, you have a good chance of winning a long conversation with European law enforcement agents.<\/p>\n<p>We have reason to believe this is far from the last fraud scheme regarding the Green Pass system. Various scams will most likely appear quite soon. However, this incident will also draw more attention from law enforcement agencies. For that and other reasons, we do not recommend getting a Green Pass from anywhere but an official European medical institution.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"ksec\">\n","protected":false},"excerpt":{"rendered":"<p>Some forged Green Pass certificates on sale on the Internet pass validation tests. However, it\u2019s still not a good idea to buy them, and here\u2019s why.<\/p>\n","protected":false},"author":32,"featured_media":29889,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1789],"tags":[109,3244,3353,2188,1557,726,321],"class_list":{"0":"post-29888","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology","8":"tag-apps","9":"tag-coronavirus","10":"tag-covid-19","11":"tag-healthcare","12":"tag-qr-codes","13":"tag-scam","14":"tag-technology"},"hreflang":[{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/whats-wrong-with-forged-green-pass\/29888\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/whats-wrong-with-forged-green-pass\/23573\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/whats-wrong-with-forged-green-pass\/19020\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/whats-wrong-with-forged-green-pass\/9532\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/whats-wrong-with-forged-green-pass\/25633\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/whats-wrong-with-forged-green-pass\/23694\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/whats-wrong-with-forged-green-pass\/23213\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/whats-wrong-with-forged-green-pass\/26353\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/whats-wrong-with-forged-green-pass\/25881\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/whats-wrong-with-forged-green-pass\/31810\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/whats-wrong-with-forged-green-pass\/10236\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/whats-wrong-with-forged-green-pass\/42728\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/whats-wrong-with-forged-green-pass\/17983\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/whats-wrong-with-forged-green-pass\/18385\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/whats-wrong-with-forged-green-pass\/15466\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/whats-wrong-with-forged-green-pass\/27661\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/whats-wrong-with-forged-green-pass\/27779\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/whats-wrong-with-forged-green-pass\/24526\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/whats-wrong-with-forged-green-pass\/29691\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.au\/blog\/tag\/qr-codes\/","name":"QR codes"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/29888","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/comments?post=29888"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/29888\/revisions"}],"predecessor-version":[{"id":29910,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/29888\/revisions\/29910"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media\/29889"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media?parent=29888"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/categories?post=29888"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/tags?post=29888"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}