Due to the COVID-19 pandemic, and social distancing, a lot of public spaces are relying on the QR (Quick Response) codes right now as it helps to streamline necessary steps like ordering, paying, and monitoring the number of people meeting at an event.
Across the UK, restaurants and bars are now being encouraged to display their authorised QR codes. In this case, when you scan the code, there’s a record of you being there and if the area is identified as high-risk in the future, you’ll be notified instantly.
But, the much-used QR code is not truly secure especially within any form of health passport for airline travel or entry into a venue or workplace which could lead to potential security breaches of personal data and information.
QR codes can be cloned
As reported by a recent Forbes Magazine investigation, it is predicted that over 11 million households in the US alone will scan a QR code this year and the majority of them, some 71% of people who have interacted with a QR code will not know if it is the start of a malicious hack.
QR codes can be cloned and redirected to other information points or websites. Often criminals and hackers will exploit this by putting a fake QR code over a genuine QR code.
It follows the hack and breach earlier this year of the former Australian Prime Minister Tony Abbot whose Qantas airline boarding card was hacked and details revealed including his passport number, mobile phone number, and Qantas airline messages referring to the former PM.
Virtual event platform Hubilo gets £17M funding, plans expansion in the UK
Meet, V-Health Passport
In this regard, VST Enterprises, a Manchester-based startup has developed a 5-in-1 digital health passport and wallet — V-Health Passport. It is a simple-to-use ID system that can display various health status’ about the passport holder in the most secure way.
As per the company, V-Health Passport can be used by international Governments, consumers, and companies to authenticate a person’s true identity, their Covid test results, and vaccinations.
Interestingly, it comes with a contact tracing capability ‘True Contact’ that uses anonymised data, thereby protecting citizens’ data and privacy with a concept in the vein of self-sovereign identity’.
UK’s app-based bank Atom to raise £40M as it prepares for IPO in 2022
“QR codes were originally developed as a scanning technology for proximity car parts tracking, a world away from Identity and banking use cases and now digital health passports. It was then used to skip the input of websites for marketing and promotional purposes. They were simply never designed with security or privacy in mind… they are simply not fit for purpose and should not be used at all in any form for delivery of sensitive information, travel or event tickets, or health passport. QR codes can be subject to a process called ‘Attagging or cloning.’
Davis also warned that the public will not tolerate breaches of their personal data and information along with their already existing and heightened concerns over privacy during the pandemic. He continued;
He continues, “Attagging is where a ‘genuine QR code’ is replaced by a ‘cloned QR code’ which then redirects the person scanning that code to a similar website where personal data can be intercepted and breached. The problem is so serious that in India alone there are over 1 billion fraudulent financial transactions each day using QR codes. As the scanning user journey is the same, it is only tech-savvy individuals that may notice the domain name has changed.”
V-Code powers V-Health Passport
In this case, the V-Health Passport is powered by VCode, an ultra-secure digital code that cannot be cloned, claims the company. Even if it was printed off, or a photograph was taken and placed over a VCode or V-Health Passport it simply won’t scan as it works on a call and response system of information between the code and web platform to verify the location of the code, user ID and time and date and much more.
Wurkr, a London-based ‘Office in the Cloud’ company, secures £1M as growth capital
Louis-James Davis said,
“We developed and built the V-Health Passport and health wallet to be the most secure technology on the planet that you could use as a health passport where you could combine your test status, vaccination record, boarding pass, airline ticket, music or sports ticket all in one app.
With V-Health Passport we wanted to provide functionality and greater mobility to allow citizens to return to work, be fit to fly or return to the sports stadiums. But at the heart of the technology was the ability to protect and respect the data privacy of the individual.
The lack of engagement and interaction by the public with Government track and trace app/s over the pandemic was over privacy, the security of data, and the tracking of a person’s live location. This is why we have built a unique system in the vein of ‘Self Sovereign ID’ with the ethics of privacy & security by design. The V-Health Passport puts the citizen in control in a way in which they share information with who, when, and where.”
As per the company’s claims, a citizen will be able to share their health pass and confirm their COVID test status or present their vaccination record. They will also be able to show their credit score, work permit or visa, scan their travel or event pass.