Hitler has the green pass: are you hacking the certificate generation keys?

Adolf Hitler also uses the green pass. As absurd as it may seem, this is not a hoax, but a potential, big flaw in the green certificate generation system. Hitler's green pass has appeared online in the last few hours as a joke on the part of those who, so it is thought , managed to hack the keys for generating the certificates , effectively taking over the whole mechanism of the vaccination certificate. The dictator's QR Code is fully functional: the forged passport is able to pass the checks of the Verification C19 app.

Hitler's green pass and the theft of keys

It all started with a tweet from the user reversebrain , a French penetration tester, who last night put forward the hypothesis of a leak of the keys to the green pass . The user posted a QR code and showed how the verification application deemed it valid , revealing however that the offending green pass belonged to Adolf Hitler. A beautiful and good fake that, however, has passed the checks of the digital certificate.

hitler green pass keys
Hitler's green pass published by user reversebrain.

Many other users followed the same test and obtained a valid certification for the fake QR. On Raidforums, one of the most popular forums on the dark web, a Polish user appeared (ironically?) Who claims to be able to create fake certificates capable of passing European controls. But what is really going on?

At the moment it is not clear whether there is a real certificate leak behind it or if it is rather the work of an insider who has access to the system and is able to generate fake ones. Sogei – Società Generale d'Informatica, the company that provides the codes for the generation of certificates in Italy, stated that it did not register any attacks. Stefano Zanero, professor of computer forensics at the Politecnico di Milano, argues that it is an alteration of the private keys, used to generate the green passes.

At first glance, it seems that the private keys used to sign the green passes, a kind of stamp used to validate the documents, have been stolen. The solution would be an inversion of those keys that would invalidate all generated passes, and a re-stamping of them (sic)

Stefano Zanero

A few hours ago a new user verification revealed that Hitler's green pass was no longer valid. This does not mean that the risk of the theft of keys and their diffusion is a problem to be dealt with immediately .

Green pass and smartworking: where are we?

After 6 August, the green pass has become increasingly central and indispensable for Italian citizens. If initially the certificate was necessary to access places of culture and indoor recreational spaces, now it is also essential for the entire world of work. The measure, taken on October 15, will last until December 31, the expected date of termination of the health emergency.

At the same time, the Minister of Public Administration Renato Brunetta presented the new guidelines for smartworking to the trade unions , to better address the return to public offices. The arrival of the pandemic had upset the Italian working environment, particularly affecting the public sector. While most private individuals managed to cope with the change by introducing teleworking, the institutional offices and public bodies had struggled from the start.

Public administration is also adapting to smartworking.
Public administration is also adapting to smartworking.

State contracts must be renewed as soon as possible, with new protections and new disciplines. In the guidelines shared so far, we talk about an agile mode with disconnection of 11 consecutive hours . An adequate rotation of staff must also be guaranteed, favoring work in the presence. Agile work will alternate with classic work, leaving the rights to permits, absences and training unchanged.

Regarding the connection used for teleworking, the worker must only use the one provided by his own organization. It is therefore forbidden to access applications and perform tasks relating to a public body with one's internet connection. The minister's goal is to reduce the share of work from home by up to 15%.

The article Hitler has the green pass: are you hacking the certificate generation keys? comes from Tech CuE | Close-up Engineering .