Malaysia Vaccine Certificate Verifier is Useless
source link: https://anonoz.github.io/tech/2021/07/15/malaysia-vaccine-certificate-unsafe.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Malaysia Vaccine Certificate Verifier is Useless
Jul 15, 2021
In Malaysia, we use MySejahtera to perform contact tracing, vaccination appointments, and vaccine certification. Malaysia government has also provided another app - Vaccine Certificate Verifier - to allow the public to scan the vaccine certificate QR code in MySej app. This app will be used a lot when enough people are vaccinated and shops reopen.
I show you why this app is useless and harmful in its present form, as of 15th July 2021.
Maybe you expect the app to at least verify the website comes from MOH. It doesn’t, it’s just a simple QR code reader. The fake cert is obviously not on Ministry on Health’s server, but mine. You can try scan this:
Thankfully the fix should be trivial. Just check for the hostname in the QR code, and make sure HTTPS is always used.
Hope you guys fix it soon before we move onto reopening!
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK