Huge flaw in the European Green Pass system. Someone has stolen the encrypted keys that allow the creation of certifications and started selling fake ones, but which are valid for controls, on the dark web.

This is what is learned from qualified Italian sources, according to which it has already been decided to cancel all the Green passes generated with those keys. Urgent meetings have been convened at European level between all technical stakeholders concerned for an in-depth analysis of the situation.

Investigations are underway, the number of stolen codes is not known at the moment.

The theft, according to initial information, would not have occurred in Italy. From the first investigations carried out, in fact, there are no cyber attacks on Sogei, the Information technology company of the Ministry of Economy which provides the codes for Italy to generate green certificates.

The attack could therefore have targeted a counterpart in another European country. At the moment, however, the keys that have been stolen have been canceled and, consequently, all the green passes generated with those codes have been invalidated and reissued.

ADOLF HITLER'S QR CODE - In a discussion on Raidforums, one of the most popular forums on the dark web, a user asks a Polish seller to create a European Green pass in the name of Hitler. He gets it for € 300 and it's “perfectly functional”, he confirms.

The green tick appears on the display, “certification valid throughout Europe”.

THE EXPERT - "At a first analysis it seems that the private keys used to sign the green passes have been stolen, a kind of stamp that is used to validate the documents. The solution would be an inversion of those keys that would invalidate all passes generated, and their re-stamping ": explains Stefano Zanero, professor of computer security and computer forensics at the Milan Polytechnic.

(Unioneonline / L)

© Riproduzione riservata