CoronaCheck app blocks false QR codes, that’s how they got into circulation

The Ministry of Health takes action against fraudulent QR codes in the CoronaCheck app. For a long time it was possible to use fake codes created abroad to get a green tick. They have now been removed from the app.

These are codes generated mainly in Eastern Europe. In recent weeks, copies have been circulated on websites or in antivaxer app groups. Some of those codes are now on the app’s block list.

CoronaCheck app blocks fake codes

The Ministry of Health confirms after a message from the NOS that it has recently found a new way to throw these fraudulent QR codes off the app. They no longer work to gain access to places where a corona pass is requested.

Trade in false QR codes CoronaCheck, ministry files a report

A spokeswoman for the ministry cannot say how many codes are involved. People get a green check mark with their QR code if they have been vaccinated, have recovered or have recently tested negative. Only then are they allowed in somewhere. In more and more places, people have to have the corona app scanned for access. The app is also an essential part of the possible introduction of 2G. If both the House of Representatives and the Senate approve the bill, only people who have been vaccinated or cured will still be allowed access to certain places. A negative corona test is then no longer sufficient.

Experts criticize legislative proposals about 2G: ‘The minister is given a lot of space’

Where did those fake QR codes come from?

Although we are talking about fake QR codes here, the codes were recognized as valid. They are also technically valid codes. Research shows that they are mostly made in Eastern European countries, such as Poland and the Czech Republic. After a code was put in the name of Adolf Hitler, it made frequent headlines. Later, codes in the name of famous actors, such as Leonardo DiCaprio, also surfaced.

Anyone can create a QR code, but what makes the codes for the CoronaCheck app valid is that they are signed by the issuing country. That signature can be made using a digital key, which is only in the possession of the health services of European countries. After the first forged codes surfaced, it was thought that the key used to create certified codes had been leaked. However, that turned out not to be the case.

The most likely explanation is that health service workers in European countries were bribed to create these codes. In some countries, local health authority systems allow employees to manually generate codes. In the Netherlands, a commercial test company that could generate codes was not properly secured. As far as is known, however, there are no false codes signed by the Dutch government in circulation.

Seen a mistake? Mail us. We are grateful to you.

Reply to article:

CoronaCheck app blocks false QR codes, that’s how they got into circulation

Leave a Reply