What do we know about Adolf Hitler's valid Green Passes
by Andrea NeporiSome certificates in the name of the dictator are recognized as valid by verification apps. One no longer works. It is not yet completely clear how it was possible to generate them: the most likely hypothesis is the compromise of some encryption keys
OCTOBER 27, 2021
There are Green Passes in the name of Adolf Hitler, and verification apps have recognized them (and in some cases still recognize them) as valid. It's not a bad joke, nor is the plot of the He sequel back. One of the certificates was generated by the user of a hacking and leaking forum, who used them to promote the sale of bogus but valid certificates for $ 300 each. The user is identified by the name "przedsiebiorca", which simply means "entrepreneur" in Polish.
The codes that run online are three. Two are graphically dissimilar, but they have the same content. By scanning them with the QR code analysis app you learn that they would have been generated in France. They have Adolf Hitler's name in capital letters and the date of birth is set to January 1, 1900 (for those wondering, Hitler was born on April 20, 1889). The third code is different and is the one generated by “przedsiebiorca”: the name is in lowercase, the date of birth is set to 1930 and the issuing country is Poland.
During the night and until the early morning of October 27, the Verification C19 app of the Ministry of Health recognized all three passes as valid. From mid-morning French certificates are no longer properly verified. When we write instead the third QR code continues to be valid both on Verification C19, on the German verification app Corona-Warn-App and on the Danish and Belgian control apps.
“The two Green Passes are obviously false, but valid”, Enrico Ferraris, a lawyer specializing in the protection of personal data, explains to Italian Tech. "At present, the most likely hypothesis is that those who generated them have abused the private keys used by public structures for signing QR Codes, but it is not clear how they could have obtained them"
The only other way to generate a false but verifiable green pass is direct access to the systems of a vaccination center: in that case, however, no one could generate an "Adolf Hitler" certificate so quickly, and there would be a series of limitations. related to the administration of vaccine doses.
If, as it seems to have happened, someone has actually stolen the French and Polish cryptographic keys for generating the certificates, the only solution is to revoke the keys themselves. The European system provides for this possibility, to be used precisely in a case like this. “The invalidation of the keys that generated Adolf Hitler's green passes will make all the other authentic certificates generated with the same keys no longer verifiable”, explains Ferraris.
At the moment it is not clear whether this solution has already been implemented and if for this reason the “French” green passes of Adolf Hitler are no longer recognized as valid by Verification C19. If so, it is likely that millions of French Green Pass holders will have to update their QR Codes with the new valid keys. For those who use the official government app the process will not be complicated, but it may be less simple to reprint the codes of all those who instead use the paper version printed in the pharmacy. At the moment the Italian green passes do not have any problems and no operation is necessary by the owners.
Article
Archive
