ESET’s cybersecurity knowledgeable Marc-Étienne Léveillé analyses in-depth the Quebec’s vaccine proof apps VaxiCode and VaxiCode Verif.
The launch of the cell functions permitting the storage and verification of the vaccination passport by the Quebec authorities (VaxiCode and VaxiCode Verif) has brought on plenty of ink to circulation final week. It’s with good motive; the VaxiCode Verif app will probably be utilized by all non-essential service retailers as of September 1, 2021.
Like many different specialists, I analyzed the contents of the QR code as quickly as I obtained it throughout my first vaccination final Could. Final week, I additionally analyzed the 2 functions established by the Quebec authorities and developed by Akinox.
This blogpost explains how the vaccine passport system arrange by the Quebec authorities works from a technical standpoint, in addition to particulars concerning the vulnerability we present in VaxiCode Verif that allowed the applying to be pressured to acknowledge non-government issued QR codes as legitimate. At the moment, it’s unattainable to substantiate that this is similar vulnerability discovered by “Louis” as reported by Radio-Canada last Friday, since no technical particulars have but been launched.
We knowledgeable Akinox concerning the vulnerability we discovered on Sunday, and we have now confirmed that the VaxiCode Verif 1.0.2 replace for iOS launched in the previous few days fixes the flaw. The Android model of the apps has not but been analyzed, however VaxiCode and VaxiCode Verif use the Expo framework that permits iOS and Android apps to be produced utilizing the identical supply code. Due to this fact, the functions on each platforms are in all probability equal.
Let’s deep dive within the Quebec vaccine passport’s content material
First, let’s have a look at what the QR code comprises. Usually talking, a QR code consists of solely textual content. It’s usually a URL.
However let’s return to the Quebec vaccine passport software. We discover that the URL contained on this QR code begins with
shc:/. “shc” is definitely an acronym for SMART Health Cards, a specification that defines a format for exchanging details about an individual’s vaccination standing. This specification was born in 2021 with the target of with the ability to difficulty this well-known vaccine passport and to have the ability to confirm its veracity. This is similar customary that has been chosen by a number of American states, together with California, New York and Louisiana. The event of this specification is being spearheaded by the Vaccination Credential Initiative, a coalition of private and non-private organizations working to allow the safe deployment of the passport world wide. Akinox, the corporate that developed VaxiCode and VaxiCode Verif for the Quebec authorities, is a member of this group.
The specification describes find out how to decode the numbers within the URL into readable content material.
The knowledge is decoded right into a JSON Net Token (JWT), or extra particularly a JSON Net Signature (JWS) since it’s a signed token. The SHC specification didn’t reinvent the wheel: JWT is an present expertise for exchanging encrypted or digitally signed data.
If you need to know extra concerning the contents of your vaccine passport, you may simply inspected it from a cell gadget utilizing an online tool developed by François Proulx.
Ought to these informations be encrypted?
Many have recommended encrypting the data within the QR code. This will likely seem to be a great way to guard it; nonetheless, it might be a lot too straightforward to decipher this data. The knowledge should be understood by VeriCode Verif, so the applying ought to include the decryption key. As soon as the secret is extracted, anybody may decrypt the QR codes. This could give a misunderstanding of safety and result in extra criticism from the general public.
For these causes, the SHC protocol doesn’t present an encryption technique. Nonetheless, it does require a digital signature.
How the digital signature works?
The digital signature relies on asymmetric cryptography, which implies that a key pair is used. This pair consists of a non-public key, which solely the issuer (right here, the Authorities of Quebec) has in its possession to signal information, and a so-called public key, which verifies that the signature has been made with the personal key.
Uneven cryptography is used, amongst different issues, to encrypt communications on the Web. There are not any identified assaults to signal with out having the personal key or to guess the personal key from the general public key.
This additionally implies that the precedence is to guard this personal key in any respect prices. Compromising this key would enable the technology of cryptographically legitimate QR codes. This isn’t the case with the flaw we discovered: we didn’t want the personal key to forge a vaccine proof that VaxiCode Verif deemed legitimate. Slightly, the issue was within the implementation of the verification algorithm in VaxiCode Verif.
What precisely was the flaw in VaxiCode Verif?
The SMART Well being Playing cards specification was designed to permit for the potential for a number of vaccine proof issuers. This displays the truth that every nation or area is answerable for issuing its personal proof. Due to this fact, every authorities has its personal pair of keys to signal and confirm passports.
The SHC specification requires the issuing entity to make its public key(s) out there on the Web. The vaccine proof comprises a URL to the issuer’s web site within the “iss” (quick for issuer) subject. A verifying software ought to discover the issuer’s public key(s) by concatenating
.well-known/jwks.json to this URL.
The specification does not outline (not less than for now) a strategy to decide if the issuer is reliable.
Akinox has chosen to incorporate the Quebec authorities’s public key in VaxiCode and VaxiCode Verif. The applying makes use of this key when the issuer is the Quebec authorities (particularly if
https://covid19.quebec.ca/PreuveVaccinaleApi/issuer). Nonetheless, the code to obtain third celebration issuer keys continues to be within the software, regardless that it isn’t required.
The vulnerability lies in the truth that as soon as a public secret is downloaded, it’s used to validate some other passport, with out checking if it matches the content material of the issuer subject (
Right here is an assault situation to show a cast vaccine proof as legitimate:
- An attacker generates a key pair and makes the general public key out there at
- He generates two SMART Well being Playing cards within the type of QR codes:
- The primary is created with arbitrary content material, supplied the
- The second is created with the private data of the one who desires to impersonate as vaccinated in addition to the
isssubject pointing to the legit authorities area, and indicators it with the important thing generated in step 1.
- The primary is created with arbitrary content material, supplied the
- Throughout a verification of the vaccine passport, the attacker first presents the primary QR code. This validation will probably be rejected by VaxiCode Verif, however will pressure the applying to obtain the attacker’s public key and add it to its trusted keychain.
- The attacker will then current the second QR code, which will probably be validated as legit by VaxiCode Verif.
The model 1.0.2 out there since Sunday on the Apple App Retailer fixes the issue. This replace utterly removes the performance of downloading public keys from the issuer’s URL.
What may have been accomplished higher?
The authorities and builders answerable for deploying the vaccine proof are underneath a restriction that’s tough to mitigate: time. Your entire improvement and deployment of proof of vaccination in Quebec was accomplished in a couple of months. Whereas there have been some shortcomings, the system is working.
Quebec authorities might have missed alternative to publish the supply code of the functions it produced for the sake of transparency. In any case, there may be nothing to cover and nothing secret about these functions. The fast discovery of flaws has proven that evaluation by a bigger variety of specialists improves the safety of such a software. The publication of the supply code and its evaluation by specialists might need prevented scandals that would have an effect on the general public’s confidence, because the entire inhabitants would have been capable of verify the safety by itself.
Some individuals additionally really feel that the private information contained within the Quebec vaccine passport is extreme. On this regard, it might have been attainable to provide a lighter model of the passport containing much less data. That stated, this lighter model may probably be unusable exterior of Quebec, because the guidelines for figuring out whether or not an individual is protected can change from area to area (which vaccines are thought-about legitimate, what number of doses, and so on.).
That is what Switzerland chose with its “COVID mild certificates”. It also needs to be famous that the supply code of the Swiss functions has additionally been out there for a number of months.
We didn’t take a look at the servers permitting the issuance of vaccine passports, as a result of we have now neither the mandate nor the permission from the Quebec authorities or Akinox to take action. In contrast to the evaluation of the functions supplied by Quebec, this could represent an assault on a distant system that would lead to a danger of service interruption.
Our evaluation first seemed on the improvement historical past of the CHS specification, which was developed internationally particularly for issuing COVID-19 vaccination confirmations. We then defined the significance of utilizing uneven cryptography for signing information, and on this case, to make sure the validity of the vaccination proofs supplied. Nonetheless, we found a flaw within the implementation of the verification algorithm, which allowed vaccine proofs displayed as legit by VaxiCode Verif to be cast. We notified Akinox of this flaw, and it was fastened as quickly as the applying was up to date, which was inside a couple of days. Lastly, we identified the potential advantages of higher transparency with respect to the supply code of those functions.
On account of this evaluation, I imagine that, though VaxiCode Verif had some issues at its launch, the applied sciences on which the system relies are stable. The thought of utilizing present requirements and applied sciences is for my part resolution. It ensures each signature safety and interoperability between areas utilizing the SMART Well being Playing cards protocol. In my view, a flaw within the system that denied a sound vaccine passport would have a way more critical influence than the reverse, and that’s not the case right here.
That the issue was fastened in only a few days reveals that every one events desire a safe system. There are at all times areas for enchancment, however the usage of the digital signature proposed by SHC is, thus far, safe.