Looking for security contact at Services Australia

A weakness in the Express Plus Medicare app allows the COVID-19 digital certificate to easily be forged. I’ve reported the issue to the Department of Health, as they have a VDP, but this app doesn’t fall under them. I’ve also reported to ASD Assist, who may have forwarded to relevant people at Services Australia, but have not received a response.

So if anyone has a pointer on connecting to Services Australia security team, I’d be grateful.

2 Likes

You won’t get an outcome response from ASD assist, but you should probably email them again letting them know that it hasn’t been fixed it @caseyjohnellis thoughts?

EDIT: if it’s a huge job to fix, I’d probably sit tight. If it’s a joke of a vulnerability, then I’d email them again, asking if they can confirm receipt.

3 Likes

Hi, reporter here. Any movement on this? If you’d like, I can contact their press office. Sometimes knowing the media is on it creates more urgency.

1 Like

I believe @caseyjohnellis has made contact with Services Australia regarding this issue. I have not (yet, I’m still hopeful!) heard from them.

1 Like