Ontario should prevent the 'hack' that hit Quebec's vaccine passport app, expert warns
Ontario’s vaccine passport app should learn from an episode in Quebec where some people created their own QR codes and spoofed the identity of several Quebec politicians, says a Toronto cybersecurity expert.
Quebec’s government has complained to police about so-called hackers who were able to appear to obtain the QR codes of Quebec leaders -- including Premier Francois Legault -- something that should be avoided here, says Claudiu Popa.
“I like QR codes as much as anybody else. You can flash them and scan them on the fly. But they should be only used to transfer and communicate secure information and the best way to protect confidentiality is to use encryption,” he said.
Quebec has defended its system, saying the alleged breach exploited a small vulnerability that is being fixed.
“It’s a really precise loophole that is being corrected right away,” Eric Caire, Quebec’s minister for government digital transformation, told CTV Montreal last week.
“We will think about it if it’s a good idea to put more obstacles in the system, more constraints,” he said.
QR codes are short for “quick response” codes and are often used to store a string of characters such as a website or some names and dates in a speedy, machine-readable format.
In Quebec, the QR codes contain a person’s name, date of birth, and information about the vaccinations they have received.
Those codes are a central feature of the Quebec government’s vaccine passport system, which launched on Wednesday.
It appears the so-called hackers were able to obtain publicly available information such as the name and the birthdate, and used whether the politician had already disclosed his or her vaccination status.
Then it appears the person made their own QR code, which could be read by the vaccine passport app.
In Ontario, the vaccine passport will first be a printed or shown vaccine receipt, and an app is scheduled to come in only on October 22.
Ontario’s Associate Minister of Digital Government Kaleed Rasheed told a news conference that the government is aware of the issue in Quebec.
“The provincially designed app is going to be very secure and privacy protected,” he said.
If the QR code displayed by a customer contains an encrypted code which only the QR reader can decode, the app would be more secure, Popa said.
He also advised that people should not flash around their QR codes, and keep them private as they would with a credit card or a drivers’ licence.
“We have so many tools that could scan QR codes from a distance,” he said.
CTVNews.ca Top Stories
'They needed people inside Air Canada:' Police announce arrests in Pearson gold heist
Police say one former and one current employee of Air Canada are among the nine suspects that are facing charges in connection with the gold heist at Pearson International Airport last year.
House admonishes ArriveCan contractor in rare parliamentary show of power
MPs enacted an extraordinary, rarely used parliamentary power on Wednesday, summonsing an ArriveCan contractor to appear before the House of Commons where he was admonished publicly and forced to provide answers to the questions MPs said he'd previously evaded.
Leafs star Auston Matthews finishes season with 69 goals
Auston Matthews won't be joining the NHL's 70-goal club this season.
Trump lawyers say Stormy Daniels refused subpoena outside a Brooklyn bar, papers left 'at her feet'
Donald Trump's legal team says it tried serving Stormy Daniels a subpoena as she arrived for an event at a bar in Brooklyn last month, but the porn actor, who is expected to be a witness at the former president's criminal trial, refused to take it and walked away.
Why drivers in Eastern Canada could see big gas price spikes, and other Canadians won't
Drivers in Eastern Canada face a big increase in gas prices because of various factors, especially the higher cost of the summer blend, industry analysts say.
Doug Ford calls on Ontario Speaker to reverse Queen's Park keffiyeh ban
Ontario Premier Doug Ford is calling on Speaker Ted Arnott to reverse a ban on keffiyehs at Queen's Park, describing the move as “needlessly” divisive.
'A living nightmare': Winnipeg woman sentenced following campaign of harassment against man after online date
A Winnipeg woman was sentenced to house arrest after a single date with a man she met online culminated in her harassing him for years, and spurred false allegations which resulted in the innocent man being arrested three times.
Woman who pressured boyfriend to kill his ex in 2000s granted absences from prison
A woman who pressured her boyfriend into killing his teenage ex more than a decade ago will be allowed to leave prison for weeks at a time.
Customers disappointed after email listing $60K Tim Hortons prize sent in error
Several Tim Horton’s customers are feeling great disappointment after being told by the company that an email stating they won a boat worth nearly $60,000 was sent in error.