Services Australia brushes off vulnerability concerns in COVID-19 digital certificates
Services Australia has received criticism due to its lack of concern over security risks in Covid-19 digital certificates. The company was grilled by senators in Australia’s federal Budget Estimates last year over various initiatives such as the Covid-19 digital certificate rollout and the bungled robo-debt scheme. According to senators, there was a lack of security in Australia’s Covid-19 digital certificates due to its ability to be easily forged through man-in-the-middle cyberattacks. There is currently no vulnerability disclosure program in place nor any future plans to implement one.
Despite warnings from security professionals, the digital Covid-19 certificate remains largely unprotected. Services Australia also stated that it has no plans to consider establishing bounty programs. The company affirmed the country that it takes the integrity of the Medicare system extremely seriously, and conducts full cyber assessments multiple times a year. The Australian Cyber Security Centre is involved in potential vulnerability detection on mobile applications in regards to the certificate as well.