British cyber technology company VST Enterprises (VSTE) has launched the world’s first public ‘Fit to Fly’ secure health passport designed for air travel. The cross border platform called V-Health Passport can already be downloaded from the Apple App Store or Google Play by searching for ‘VPassport’ or by visiting www.v-healthpassport.co.uk.
It is the world’s first publicly available secure digital health passport that the public can download and use alongside any form of Covid-19 testing and vaccination that does NOT use unsecure bar codes and QR code technology. Airlines and transport carriers can also download and use the system.
It comes at a time when security over the use of bar codes and QR codes in airline travel has come under intense scrutiny following the cyber attack on the former Australian Prime Minister Tony Abbot. The former PM had his Qantas airline boarding pass hacked. Details including his passport, mobile phone and messages between Qantas staff about him were intercepted.
The wider threats of fake Covid 19 test certificates have also been prevalent with an alarming rise in the sales of fake Covid 19 certificates booming in Russia and the Middle East.
VST Enterprises the Manchester based cyber security and technology is the first company in the world to have a fully functioning LIVE heath passport that can be used cross border and across all transport by air, land and sea.
The V-Health Passport is the worlds most secure health passport using next generation VCode® code scanning cyber security technology. Using the most advanced closed loop technology with end to end encryption, V-Health Passport has 2.2 Quintillion collision free combination codes. These decode based on geo location, time and date, device type and user login… meaning it cannot be hacked.
It can provide airline passengers and airlines with a secure digital passport that validates the passengers’s identity, authenticates their Covid 19 test result and vaccination/immunisation details in one secure app. The V-Health Passport also uniquely provides airline passengers and airlines with a contact tracing technology which uses anonymised data.
Unlike other health passports, V-Health Passport™ has been designed with a citizens privacy front and centre. The technology does not track your live location and provides all data in a secure GDPR compliant framework giving citizens a unique ‘self-sovereign identity’ style technology putting them in control of who, when and how they share their data.
VSTE CEO and inventor of the VCode technology and V-Health Passport Louis-James Davis says; “We are the first technology company in the world to have developed a secure, multipurpose, cross corporate & cross government digital health passport that does not rely on using bar codes or QR codes as its authentication technology. Both bar codes and QR codes have huge potential security implications as they can be cloned and hacked with the latter being subject to a process called ‘Attagging’. Therefore any suggestion of using this type of technology in a health passport for air travel has very real security risks. Not only is a citizen’s personal information at risk, but their Covid test status, vaccination records and also their credit card information. All of this can lead to the very real potential of a massive data breach and a persons personal information and data hacked and stolen. This is of particular concern when using a bar code or QR code technology designed for use to authenticate a persons Covid-19 testing and/or vaccinations records.”
With the alarming increase and black market trade in fake Covid 19 test certificates this also puts a very real threat and risk to passenger safety on airline carriers with the potential to infect and contaminate other passengers on what would be a Covid-safe bubble onboard an aircraft.
It is well documented that bar codes and QR codes can be hacked so any airline who considers using a health passport for Covid-19 testing and vaccination using this method of authentication risks a serious potential breach of its passenger data. In 2018 British Airways was fined a record £20m for a data breach on 400,000 of its customers which affected their personal and credit card data.
Louis-James Davis went on to state that both bar codes and QR codes – which represent first and second generation technology – are unsecure and vulnerable to hacking. “QR codes were originally developed as a scanning technology for close proximity car parts tracking, a world away from identity and banking use cases and now digital health passports. It was then used to skip the input of websites in marketing and promotional purposes. They were never designed with security or privacy in mind… they are simply not fit for purpose and should not be used at all in any form for delivery of sensitive information, travel or event tickets or health passport.”
Davis adds: “QR codes can be subject to a process called ‘Attagging’ or ‘cloning.’ The process of ‘Attagging’ is where a ‘genuine QR code’ is replaced by a ‘cloned QR code’ which then redirects the person scanning that code to a similar website where personal data can be intercepted and breached. The problem is that serious that in India alone there are more than 1 billion fraudulent financial transactions each day using QR codes. As the scanning user journey is the same, it is only tech savvy individuals that may notice the domain name has changed.”
As reported by a recent Forbes Magazine investigation, it is predicted that over 11 million households in the US alone will scan a QR code this year and the majority of them, some 71% of people who have interacted with a QR code will not know if it is the start of a malicious hack. It is envisaged that over 5.3 Billion QR codes will be redeemed this year making it one of the fastest growing tech scanning interactions and also posing one of the greatest cyber threats.
QR codes can be cloned and redirected to other information points or websites. Often criminals and hackers will exploit this by putting a fake QR code over a genuine QR code. So a QR code for example on scanning would link to the genuine website www.similardomain.com but a fake QR code can be made up printed off and placed over the genuine code to redirect to www.similar-domain.com at this point the member of the public is tricked into entering their personal information, private data and financial information. The rogue website looks and feels exactly like the genuine one and is made to mirror it precisely.
VCode which is the ultra-secure digital code which powers the V-Health Passport cannot be cloned. Even if it was printed off, or a photograph was taken and placed over a VCode or V-Health Passport it simply won’t scan as it works on a call and response system of information between the code and web platform to verify location of the code, user ID and time and date and much more.”