Belgian regulator investigates possible vulnerability in CovidScan app – Computer – News

The Belgian Data Protection Authority is investigating a possible security flaw in the validation of Covid Safe Tickets in the CovidScan app. More than 39,000 people may have been affected.

The Data Protection Authority itself announced the possible security flaw on Wednesday, several Belgian media write, including The morning. The CovidScan app is used to read and validate QR codes from the Belgian CovidSafe app. With such a QR code, people can demonstrate that they have been vaccinated or tested for the coronavirus, or have previously contracted the coronavirus itself, in order to gain access to certain events.

According to the GBA, the potential vulnerability exists with a particular encrypted list. It would show people who have been vaccinated against the corona virus, but who later tested positive for that virus. Of those people their vaccination certificate is suspended, after which they are placed on a suspension list which is accessible via the web. This list is encrypted, but could still be read via the CovidScan app. According to the GBA, ‘more than’ 39,000 people have been affected.

The privacy supervisor indicates that the problem has been noticed by a citizen, also writes The evening. It concerns an employee of the University of Louvan-la-Neuve, who managed to read the suspension list, thanks to an encryption key that is incorporated in the CovidScan app. This would theoretically make it possible for hackers to view a list of data from vaccinated people who have tested positive for the coronavirus. According to De Morgen, the GBA indicates that it takes the case as ‘very serious’ and will ‘follow up’ it, but there are no details yet about possible follow-up actions. As far as is known, the leak has not yet been closed, the newspaper reports.

–