FB pixel

Canadian digital health pass easily spoofed, exposed data, developer claims

PORTpass also suffers crash in early use
Canadian digital health pass easily spoofed, exposed data, developer claims

A web developer in Calgary, Canada created a fake vaccination credential under the name of an actor using a promotional image for a movie using the PORTpass digital health pass, according to a Tweet.

Conrad Yeung says he was testing the app, and used the first spoof materials he could find, with immediate success.

PORTpass has been recommended by the Calgary Sports and Entertainment Corporation (CSEC), which owns the city’s big-league sports franchises, for use meeting the pandemic mitigation rules for access to its events. Yeung further says the app does not use blockchain as claimed, and that he could access the system’s backend because its website did not properly apply SSL security. Finally, he claimed that he had discovered the personal information of Canadian held by the app is stored on an Amazon EC2 server in Ohio, rather than in Canada as the developer states.

An attempt to use the digital health pass before a recent NHL preseason game was also abandoned due to technical difficulties, CTV News reports. Yeung’s fake account reportedly stopped working around the same time.

The company then issued a statement denying social media reports that suggested its database was exposed. The database includes driver’s license data and other personal information for thousands, possibly hundreds of thousands of users, according to the CBC.

“The statements made are unequivocally untrue and PORTpass will be working with local authorities to take action against this malicious misinformation, and the submission of fraudulent documents,” the company said in the statement. “Documents uploaded for proof of vaccination and test results go through both manual review and machine learning analysis, and are securely used with Amazon Web Services.”

PORTpass CEO Zakir Hussein acknowledged that the app has “holes” and said the company is working on addressing them. He also said there are more than 650,000 registered PORTpass users.

A security expert interviewed by CTV was able to register with a United States Library of Congress card instead of scanning his provincial driver’s license as directed.

Alberta Health says it is developing its own QR code-based proof of vaccination solution.

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News


Kenya raises issuance targets for digital IDs and passports

Everything being equal, Kenya plans to issue at least three million digital national IDs and one million biometric passports before…


IOM and Japan back biometrics at Sri Lanka ports of entry

Biometric technology use continues to grow at airports around the world. Air transport industry IT provider SITA predicts that by…


The UK’s election may spell out the future of its national ID cards

Identity cards are back among the UK’s top controversial topics – thanks to the upcoming elections and its focus on…


Challenges in face biometrics addressed with new tech and research amid high stakes

Big biometrics contracts and deals were the theme of several of the stories on that drew the most interest from…


Online age verification debates continue in Canada, EU, India

Introducing age verification to protect children online remains a hot topic across the globe: Canada is debating the Online Harms…


Login.gov adds selfie biometrics for May pilot

America’s single-sign on system for government benefits and services, Login.gov, is getting a face biometrics option for enhanced identity verification…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events