British cyber technology company VST Enterprises (VSTE) has recently launched the public ‘fit to fly’ secure health passport designed for air travel. The cross border platform called V-Health Passport can already be downloaded from the Apple App Store or Google Play by searching for ‘Vpassport’ or by visiting www.v-healthpassport.co.uk
It is a publicly available secure digital health passport that the public can download and use alongside any form of Covid-19 testing and vaccination that does not use unsecure bar codes and QR code technology. Airlines and transport carriers can also download and use the system.
It comes at a time when security over the use of bar codes and QR codes in airline travel has come under intense scrutiny following the cyber attack on the former Australian prime minister Tony Abbot. The former PM had his Qantas airline boarding pass hacked. Details including his passport, mobile phone, and messages between Qantas staff about him were intercepted. The wider threats of fake Covid-19 test certificates have also been prevalent, with an alarming rise in the sales of fake Covid-19 certificates booming in Russia and the Middle East.
VST Enterprises, the Manchester based cyber security and technology has introduced a fully functioning live health passport that can be used cross border and across all transport by air, land, and sea.
The V-Health Passport uses next-generation VCode code scanning cybersecurity technology. Using the most advanced closed-loop technology with end to end encryption, V-Health Passport has 2.2 Quintillion collision-free combination codes. These decode based on geolocation, time & date, device type, and user login.
It can provide airline passengers and airlines with a secure digital passport that validates the passengers’ identity, authenticates their Covid-19 test result and vaccination/immunization details in one secure app. The V-Health Passport also uniquely provides airline passengers and airlines with a contact tracing technology that uses anonymized data. The infrastructure security in cloud computing is what is very crucial for keeping hackers away.
Unlike other health passports, V-Health Passport has been designed with a citizens’ privacy front and center. The technology does not track your live location and provides all data in a secure GDPR compliant framework giving citizens a unique ‘self sovereign identity’ style technology putting them in control of who, when, and how they share their data.
VST Enterprises chief executive officer and inventor of the VCode technology and V-Health Passport, Louis-James Davis, said, “We are the first technology company in the world to have developed a secure, multipurpose, cross corporate & cross-government digital health passport that does not rely on using bar codes or QR codes as its authentication technology. Both bar codes and QR codes have huge potential security implications as they can be cloned and hacked, with the latter being subject to a process called ‘Attagging.’ Therefore, any suggestion of using this type of technology in a health passport for air travel has very real security risks. Not only is a citizen’s personal information at risk, but their Covid test status, vaccination records, and also their credit card information. All of this can lead to the very real potential of a massive data breach and a person’s personal information and data hacked and stolen. This is of particular concern when using a bar code or QR code technology designed for use to authenticate a person’s Covid-19 testing and/or vaccinations records.”
With the alarming increase and black market trade in fake Covid-19 test certificates, this also puts a very real threat and risk to passenger safety on airline carriers with the potential to infect and contaminate other passengers on what would be a Covid safe bubble onboard an aircraft.
It is well documented that bar codes and QR codes can be hacked, so any airline which considers using a health passport for Covid-19 testing and vaccination using this method of authentication risks a serious potential breach of its passenger data. In 2018 British Airways was fined a record £20 million (approximately Rs 197 crore) for a data breach on 400,000 of its customers, which affected their personal and credit card data.
Louis-James Davis went on to state that both bar codes and QR codes – which represent first and second-generation technology – are unsecure and vulnerable to hacking.
“QR codes were originally developed as a scanning technology for close proximity car parts tracking, a world away from identity and banking use cases and now digital health passports. It was then used to skip the input of websites for marketing and promotional purposes. They were never designed with security or privacy in mind. They are simply not fit for purpose and should not be used at all in any form for delivery of sensitive information, travel or event tickets, or health passport.
QR codes can be subject to a process called ‘attagging’ or ‘cloning.’ The process of ‘attagging’ is where a ‘genuine QR code’ is replaced by a ‘cloned QR code,’ which then redirects the person scanning that code to a similar website where personal data can be intercepted and breached. The problem is that serious that in India alone, there are over 1 Billion fraudulent financial transactions each day using QR codes. As the scanning user journey is the same, it is only tech-savvy individuals that may notice the domain name has changed.”
As reported by a recent Forbes Magazine investigation, it is predicted that over 11 million households in the US alone will scan a QR code this year, and the majority of them, some 71% of people who have interacted with a QR code, will not know if it is the start of a malicious hack. It is envisaged that over 5.3 Billion QR codes will be redeemed this year, making it one of the fastest-growing tech scanning interactions and also posing one of the greatest cyber threats.
QR codes can be cloned and redirected to other information points or websites. Often criminals and hackers will exploit this by putting a fake QR code over a genuine QR code. So a QR code, for example, on scanning would link to the genuine website www.similardomain.com, but a fake QR code can be made up printed off, and placed over the genuine code to redirect to www.similar-domain.com. At this point, the member of the public is tricked into entering their personal information, private data, and financial information. The rogue website looks and feels exactly like the genuine one and is made to mirror it precisely.
VCode, which is the ultra-secure digital code that powers the V-Health Passport, cannot be cloned. Even if it was printed off, or a photograph was taken and placed over a VCode or V-Health Passport, it simply won’t scan as it works on a call and response system of information between the code and web platform to verify location of the code, user ID and time and date and much more.”
Louis-James Davis added, “We developed and built the V-Health passport and health wallet to be the most secure technology on the planet that you could use as a health passport where you could combine your test status, vaccination record, boarding pass, airline ticket, music or sports ticket all in one app. With V-Health Passport, we wanted to provide functionality and greater mobility to allow citizens to return to work, be fit to fly, or return to the sports stadiums. But at the heart of the technology was the ability to protect and respect the individual’s data privacy.
“The lack of engagement and interaction by the public with Government track and trace app/s over the pandemic was over privacy, the security of data and the tracking of a persons live location. This is why we have built a unique system in the vein of ‘self sovereign ID’ with the ethics of privacy & security by design. The V-Health Passport puts the citizen in control in a way which they share information with who, when, and where.”
V-Health Passport will help employers safely return their employees back to their offices, factories, and warehouses. It will facilitate airlines to allow their passengers to be fit to fly and avoid the need for quarantine restrictions. At the same time, it will ensure their airline ticket or boarding pass is secure and won’t be hacked.
A citizen will be able to share their health pass and confirm their Covid test status or present their vaccination record. They will also be able to show their credit score, work permit or visa, scan their travel or event pass. At the heart of each interaction, they will have peace of mind that their data and information is highly secure, and ultimately, they control who sees what, who scans what, where, and when.