Green Pass hacker attack: what to do if the certificate doesn’t work anymore

Stepped at least one private key useful to generate fake, but 100% valid Green Passes: what happens now

Adolf Hitler has the Green Pass, but it is fake and because of him now someone could be forced to download again his own green certificate. It sounds like a joke, but it's not: somewhere in Europe a hacker got hold of at least one private key to generate valid Green Passes, as it was discovered by security researcher who signs himself "Reversebrain" on Twitter.

Reversebrain posted a tweet containing a QR code and a short text: "Try to scan this QR Code with the official Government Verification C19 app". The chilling result is a Green Pass valid throughout Europe in the name of the Nazi dictator. Reversebrain also explained that most likely there has been a "leak" of private keys, thanks to which it is possible to generate fake COVID certifications but that work perfectly during verification. The key to generate Hitler's QR Code has been sold on RaidForums, a real marketplace open to everyone (it's not on the Dark Web), where hackers buy and sell illegal code of any kind.

Green Pass hacked: what happened

The explanation of Reversebrain, as well as the most probable one, is that in a Green Certificate center, somewhere in Europe, someone let slip one or more private keys to generate Green Passes. It may have happened without his knowledge, or perhaps such keys were sold.

Initially it seemed that this "leak" of keys had happened in Italy, then Reversebrain clarified that it believes it is more likely that the fact happened in France. The result, however, is that now this key has been cancelled and all certificates issued with that key are no longer valid.

The problem is that we still do not know for sure if it is an Italian key or a key of some other European country: a Green Pass generated in France or in any other EU country, in fact, is recognized as valid in Italy. And, not for nothing, several commentators on Twitter claim to have verified the validity of Hitler's fake Green Pass in Poland, Spain, France and other countries.

In all cases, until the key was revoked, the Green Pass was in order and the fake Hitler could travel, work, go to a restaurant without any problem.

If the theft concerns only one key, then everything is already solved. If it concerns more than one key, instead, at this moment there is someone who is producing and selling Green Passes that are fake but valid for 100% of the checks.

What to do if the Green Pass doesn't work anymore

It is very unlikely, at least at the moment, but it could happen: if the revoked key belonged to a pharmacy or an Italian health institution authorized to issue Green Passes, then all those who have done the Green Pass in that facility would find themselves with an unusable certificate. Just because the stolen key has been cancelled.

Should something like this happen, however, it would not be an insurmountable problem: it would be enough to re-download the green certificate from the Immuni app, or go to the pharmacy to have it reissued.