Skip to content

A seemingly functional EU Covid digital certificate bearing Adolf Hitler’s name circulated online this week, before being invalidated. The incident raises questions about the security of the “vaccine passport” system.

A QR Code appeared online on Tuesday and, when scanned with multiple verification apps, revealed a working EU Covid digital certificate with the name “Adolf Hitler” born January 1, 1900. Several versions of the code were then noticed on the technical forums, some with the name in capital letters, others with a different date of birth. But all would have granted the Fuhrer access to any indoor event prohibited to the unvaccinated.

The story was picked up by the Italian media, but it is not known where the security keys needed to generate Hitler’s QR code actually came from. He Post reported that Hitler’s pass was issued with a key to France, but noted that this information may also have been tampered with.

Also on
‘Unmitigated disaster’: Covid passport program in Scotland dismantled by sites after chaotic first weekend of law enforcement

The Europe-wide Covid pass system works by associating a public key (contained in the QR code and visible to anyone scanning the code with an app) with a private key (held by hospitals or other healthcare providers health). Sites verifying the validity of someone’s Covid pass scan the code and receive a green check mark if it matches the private key, or a red cross otherwise.

On Wednesday afternoon, the private key used to verify Hitler’s pass was revoked, but a Polish user on a tech forum still claimed to be selling work certificates, as were some posters on the so-called ‘dark web “.

Whether the private key used to validate Hitler’s pass was stolen or disclosed remains a mystery. Alternatively, a healthcare worker with access to the private key could have generated the fake certificate for the Nazi leader.

Also on
French teenager arrested for trying to enter hospital with President Emmanuel Macron’s vaccination passport – media

Leaked or stolen keys present a serious problem for the EU’s Covid certificate system. Any number of passes can be generated based on a single private key, which means that revoking one of those keys would invalidate any pass based on it, real or false. Re-certifying hundreds or even thousands of passes at a time could undermine public confidence in the system, which is already unpopular in some countries.

Hitler is not the first leading name to obtain a fake Covid certificate. Earlier this month, a French teenager was arrested earlier as he tried to enter a hospital using data from President Emmanuel Macron’s health passport. Public data from the French president had leaked online, meaning anyone could use their QR code as their own and the code would be read as valid. However, it would be immediately obvious to an official checking the code in person that the user was not, in fact, the chairman.

Do you think your friends would be interested? Share this story!

rt Gt

Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.