Verification There is a serious error in the C19 application

From tomorrow, the duty to display is soon Green Boss Activities and access to public places, application VerificaC19 It will be used to make millions and millions of related QR codes Green certificate. We know How it works And how it controls when protecting Privacy Of the citizen. We also now know that she suffers from what is called a Grave error.

Verification C19 Serious error for application

Niccol செ Sekato, an engineering student at Milan Polytechnic, brought the issue to light. Problems Of the project on GitHub. Affects the download version on devices Android, not one for iOS. Below is the translated form of the report.

In the application Android Change device date to change certificate validity. For example, you can verify an already expired certificate by bringing the device date forward.

So this is enough Change the date To get a different result from the verification process.

It is sufficient to change the date of the device to change the verification result from the system settings. It was tested with a certificate issued 11 days after the first dose of the vaccine, so it is no longer valid by law and therefore correctly identified as not yet valid if used on a properly dated device. Postponing it for 15 days after the first dose, so from the validity date of the certificate, a new scan gives a positive result.

Which is possible Solution? It is provided by the author of the report, which recommends obtaining the required date and time to perform the check from a central server or in any other source other than the device.

The date and time should be obtained from a single, certified source, such as a government server, rather than from a device.

Verification The use of C19 is also guaranteed OfflineTherefore, in the absence of an internet connection (Up to 24 hours), Which is unlikely to be a solution without impacting the operating modalities announced so far.

General knowledge should be sufficient to understand it, but we put it in black and white to avoid suspicion: The existence of the problem does not authorize it to exploit it to avoid or change the restrictions. Considering the need to include these, it is necessary to underline this Frequently Asked Questions Answer the question on the corporate website Can the Govt-19 Green Certificate be forged or forged?.

Update: According to a reader report, we are thankful, the problem is interesting Also iOS version Of the application.