Technical Advisory – New York State Excelsior Pass Vaccine Passport Scanner App Sends Data to a Third Party not Specified in Privacy Policy

Vendor: New York State Vendor URL: https://covid19vaccine.health.ny.gov/excelsior-pass Versions affected: iOS 1.4.1, Android 1.4.1 Systems Affected: iOS, Android Author: Dan Hastings dan.hastings[at]nccgroup[dot]trust Advisory URL / CVE Identifier: Risk: Information Leakage Summary The New York State (NYS) Excelsior scanner app is used by businesses or event venues to scan the QR codes contained in the NYS Excelsior … Continue reading Technical Advisory – New York State Excelsior Pass Vaccine Passport Scanner App Sends Data to a Third Party not Specified in Privacy Policy

Technical Advisory – New York State Excelsior Pass Vaccine Passport Credential Forgery

Vendor: New York State Vendor URL: https://play.google.com/store/apps/details?id=gov.ny.its.healthpassport.wallet Versions affected: 1.2.0 Systems Affected: Android Google Play Store Author: Siddarth Adukia sid.adukia[at]nccgroup[dot]com Summary New York State developed an application called NYS Excelsior Pass Wallet that allows users to acquire and store a COVID-19 vaccine credential. During some research it was discovered that this application does not validate … Continue reading Technical Advisory – New York State Excelsior Pass Vaccine Passport Credential Forgery

How cryptography is used to monitor the spread of COVID-19

On April 10, Apple and Google announced1, 2 that they were joining forces in an effort to help reduce the spread of COVID-19. Their solution leverages Bluetooth technology to trace interactions between individuals. This principle is known as contact tracing and public health agencies are heavily relying on it to monitor and prevent the spread … Continue reading How cryptography is used to monitor the spread of COVID-19