If you haven’t received a QR code for the vaccination pass apps after your corona vaccination , the pharmacies were your point of contact to get a QR code for the apps. That was stopped last week. How are things going now?
As the Handelsblatt reported last week, IT security experts managed to bypass all security measures within 48 hours and to issue official vaccination certificates issued by the RKI. They used the online portal of the German Pharmacists’ Association (DAV), through which the pharmacies could issue their vaccination certificate.
The security experts did not launch a hacker attack. You only presented yourself to the DAV as a pharmacy. So they got a guest access to the portal. The process is not unusual, because not all pharmacies are members of the association, but non-members can also create the certificates via guest access. The German Pharmacists’ Association pulled the rip cord and blocked access to all pharmacies. Now it has been said how things should go on.
PHARMACISTS ASSOCIATION RELEASES PORTAL AGAIN
In a joint statement by the DAV and the Federal Ministry of Health, it says: “Only the few hundred pharmacies that are not members of the DAV are potentially affected. All granted accesses are already checked and verified. According to the current state of knowledge, there has been no fraud in the creation of vaccination certificates. ”If this should be done, it would be a criminal offense, according to the statement.
“All pharmacies that wish to do so will gradually have access to the DAV portal again in the next week, so that they can issue vaccination certificates again.” This means the week that has now started, so that it is possible that you will be able to do so in the course of the coming Days in your pharmacy you will receive a corresponding QR code again.
The statement goes on to say: “DAV, IBM, gematik and BMG are also working together to further increase the security when issuing vaccination certificates by integrating this process into the secure telematics infrastructure.”
REVIEW: NECESSARY DOCUMENTS FOR VACCINATION CERTIFICATE FALSIFIED
This was how unauthorized persons got access: The security experts needed an operating permit to log in. Forging these was apparently just as easy as submitting a notice from the night and emergency service fund. The DAV waved the application through and sent a registration code by post. Two days after their bogus registration, according to the Handelsblatt, the experts were able to create an officially signed vaccination certificate for CovPass or the Corona warning app . An examination of whether the imaginary pharmacy even exists was obviously not carried out. An additional problem: All pharmacies use the same guest access and certificates that have been issued once can no longer be deactivated.
