Pictures of cats, Mickey Mouse, even a takeout menu from a BBQ restaurant: Users of New York City’s COVID SAFE app have discovered they can upload just about any photo into the new vaccine verification software.
“The New York City app is nothing more than a glorified photo storage app,” said Brian Linder of cybersecurity research company Check Point. He added, “When someone shows a picture of a card in this app, it’s believed that it’s real, but there’s absolutely no verification of it whatsoever.”
City officials said it’s up to the staff at restaurants, gyms and event spaces to verify the authenticity of the pictures in the app–no different than bouncers checking drivers’ licenses at bars.
Read the full article. The three-step NYC app asks users to upload a photo ID, a photo of their CDC vax card, and a screenshot of a “recent” COVID test result. New York state’s Excelsior Pass actually confirms your vax status via the CDC’s database.
We need to get New Yorkers vaccinated, not another City Hall PR stunt.
— Albert Fox Cahn (@FoxCahn) August 2, 2021
Pictures of cats, Mickey Mouse, even a menu from a BBQ restaurant: Users of NYC’s COVID SAFE app found they can upload just about any photo into the new vaccine verification software. A cybersecurity expert called it “a glorified photo storage app.” https://t.co/3b4oalBSbT
— Gothamist (@Gothamist) August 6, 2021