ESET cybersecurity professional Marc-Étienne Léveillé analyses in-depth the Quebec vaccine proof apps VaxiCode and VaxiCode Verif.
The launch of the cellular functions permitting the storage and verification of the vaccination passport by the Quebec authorities (VaxiCode and VaxiCode Verif) has induced loads of ink to circulate final week. It’s with good motive; the VaxiCode Verif app can be utilized by all non-essential service retailers as of September 1, 2021.
Like many different specialists, I analyzed the contents of the QR code as quickly as I acquired it throughout my first vaccination final Could. Final week, I additionally analyzed the 2 functions established by the Quebec authorities and developed by Akinox.
This blogpost explains how the vaccine passport system arrange by the Quebec authorities works from a technical viewpoint, in addition to particulars concerning the vulnerability we present in VaxiCode Verif that allowed the applying to be pressured to acknowledge non-government issued QR codes as legitimate. Right now, it’s unimaginable to verify that this is similar vulnerability discovered by “Louis” as reported by Radio-Canada final Friday, since no technical particulars have but been launched.
We knowledgeable Akinox concerning the vulnerability we discovered on Sunday, and now we have confirmed that the VaxiCode Verif 1.0.2 replace for iOS launched in the previous couple of days fixes the flaw. The Android model of the apps has not but been analyzed, however VaxiCode and VaxiCode Verif use the Expo framework that enables iOS and Android apps to be produced utilizing the identical supply code. Subsequently, the functions on each platforms are in all probability equal.
Let’s deep dive within the Quebec vaccine passport’s content material
First, let’s have a look at what the QR code accommodates. Usually talking, a QR code consists of solely textual content. It’s typically a URL.
However let’s return to the Quebec vaccine passport utility. We discover that the URL contained on this QR code begins with
shc:/. “shc” is definitely an acronym for SMART Well being Playing cards, a specification that defines a format for exchanging details about an individual’s vaccination standing. This specification was born in 2021 with the target of having the ability to difficulty this well-known vaccine passport and to have the ability to confirm its veracity. This is similar commonplace that has been chosen by a number of American states, together with California, New York and Louisiana. The event of this specification is being spearheaded by the Vaccination Credential Initiative, a coalition of private and non-private organizations working to allow the safe deployment of the passport around the globe. Akinox, the corporate that developed VaxiCode and VaxiCode Verif for the Quebec authorities, is a member of this group.
The specification describes tips on how to decode the numbers within the URL into readable content material.
The data is decoded right into a JSON Internet Token (JWT), or extra particularly a JSON Internet Signature (JWS) since it’s a signed token. The SHC specification didn’t reinvent the wheel: JWT is an present expertise for exchanging encrypted or digitally signed data.
If you need to know extra concerning the contents of your vaccine passport, you possibly can simply examine it from a cellular gadget utilizing an on-line software developed by François Proulx.
Ought to this data be encrypted?
Many have advised encrypting the knowledge within the QR code. This will likely seem to be a great way to guard it; nevertheless, it will be a lot too simple to decipher this data. The data should be understood by VeriCode Verif, so the applying ought to comprise the decryption key. As soon as the secret is extracted, anybody may decrypt the QR codes. This is able to give a misunderstanding of safety and result in extra criticism from the general public.
For these causes, the SHC protocol doesn’t present an encryption methodology. Nonetheless, it does require a digital signature.
How the digital signature works
The digital signature relies on uneven cryptography, which signifies that a key pair is used. This pair consists of a non-public key, which solely the issuer (right here, the Authorities of Quebec) has in its possession to signal information, and a public key, which verifies that the signature has been made with the non-public key.
Uneven cryptography is used, amongst different issues, to encrypt communications on the Web. There are not any identified assaults to signal with out having the non-public key or to guess the non-public key from the general public key.
This additionally signifies that the precedence is to guard this non-public key in any respect prices. Compromising this key would permit the technology of cryptographically legitimate QR codes. This isn’t the case with the flaw we discovered: we didn’t want the non-public key to forge a vaccine proof that VaxiCode Verif deemed legitimate. Moderately, the issue was within the implementation of the verification algorithm in VaxiCode Verif.
What precisely was the flaw in VaxiCode Verif?
The SMART Well being Playing cards specification was designed to permit for the potential of a number of vaccine proof issuers. This displays the fact that every nation or area is accountable for issuing its personal proof. Subsequently, every authorities has its personal pair of keys to signal and confirm passports.
The SHC specification requires the issuing entity to make its public key(s) accessible on the Web. The vaccine proof accommodates a URL to the issuer’s web site within the “iss” (brief for issuer) area. A verifying utility ought to discover the issuer’s public key(s) by concatenating
/.well-known/jwks.json to this URL.
The specification does not outline (at the very least for now) a approach to decide if the issuer is reliable.
Akinox has chosen to incorporate the Quebec authorities’s public key in VaxiCode and VaxiCode Verif. The applying makes use of this key when the issuer is the Quebec authorities (particularly if
https://covid19.quebec.ca/PreuveVaccinaleApi/issuer). Nonetheless, the code to obtain third celebration issuer keys remains to be within the utility, although it isn’t required.
The vulnerability lies in the truth that as soon as a public secret is downloaded, it’s used to validate another passport, with out checking if it matches the content material of the issuer area (
Right here is an assault state of affairs to show a cast vaccine proof as legitimate:
- The attackers generate a key pair and make the general public key accessible at
- They generate two SMART Well being Playing cards within the type of QR codes:
- The primary is created with arbitrary content material, supplied the
- The second is created with the non-public data of the one that desires to impersonate as vaccinated in addition to the
issarea pointing to the professional authorities area, and signal it with the important thing generated in step 1.
- The primary is created with arbitrary content material, supplied the
- Throughout a verification of the vaccine passport, the attackers first current the primary QR code. This validation can be rejected by VaxiCode Verif, however will pressure the applying to obtain the attackers’ public key and add it to its trusted keychain.
- The attackers will then current the second QR code, which can be validated as professional by VaxiCode Verif.
The model 1.0.2 accessible since Sunday on the Apple App Retailer fixes the issue. This replace fully removes the performance of downloading public keys from the issuer’s URL.
What may have been executed higher?
The authorities and builders accountable for deploying the vaccine proof are beneath a restriction that’s tough to mitigate: time. Your complete improvement and deployment of proof of vaccination in Quebec was executed in a number of months. Whereas there have been some shortcomings, the system is working.
The Quebec authorities could have missed a superb alternative to publish the supply code of the functions it produced for the sake of transparency. In any case, there’s nothing to cover and nothing secret about these functions. The speedy discovery of flaws has proven that evaluation by a bigger variety of specialists improves the safety of any such utility. The publication of the supply code and its evaluation by specialists may need averted scandals that would have an effect on the general public’s confidence, for the reason that complete inhabitants would have been capable of test the safety by itself.
Some folks additionally really feel that the non-public information contained within the Quebec vaccine passport is extreme. On this regard, it will have been attainable to provide a lighter model of the passport containing much less data. That mentioned, this lighter model may doubtlessly be unusable outdoors of Quebec, for the reason that guidelines for figuring out whether or not an individual is protected can change from area to area (which vaccines are thought-about legitimate, what number of doses, and many others.).
That is what Switzerland selected with its “COVID mild certificates”. It must also be famous that the supply code of the Swiss functions has additionally been accessible for a number of months.
We didn’t take a look at the servers permitting the issuance of vaccine passports, as a result of now we have neither the mandate nor the permission from the Quebec authorities or Akinox to take action. In contrast to the evaluation of the functions supplied by Quebec, this might represent an assault on a distant system that would lead to a threat of service interruption.
Our evaluation first seemed on the improvement historical past of the CHS specification, which was developed internationally particularly for issuing COVID-19 vaccination confirmations. We then defined the significance of utilizing uneven cryptography for signing information, and on this case, to make sure the validity of the vaccination proofs supplied. Nonetheless, we found a flaw within the implementation of the verification algorithm, which allowed vaccine proofs displayed as professional by VaxiCode Verif to be cast. We notified Akinox of this flaw, and it was fastened as quickly as the applying was up to date, which was inside a number of days. Lastly, we identified the potential advantages of better transparency with respect to the supply code of those functions.
Because of this evaluation, I imagine that, though VaxiCode Verif had some issues at its launch, the applied sciences on which the system relies are stable. The concept of utilizing present requirements and applied sciences is for my part a superb choice. It ensures each signature safety and interoperability between areas utilizing the SMART Well being Playing cards protocol. In my view, a flaw within the system that denied a sound vaccine passport would have a way more severe affect than the reverse, and that isn’t the case right here.
That the issue was fastened in only a few days reveals that every one events need a safe system. There are at all times areas for enchancment, however using the digital signature proposed by SHC is, up to now, safe.