A weakness in the Express Plus Medicare app allows the COVID-19 digital certificate to easily be forged. I’ve reported the issue to the Department of Health, as they have a VDP, but this app doesn’t fall under them. I’ve also reported to ASD Assist, who may have forwarded to relevant people at Services Australia, but have not received a response.
So if anyone has a pointer on connecting to Services Australia security team, I’d be grateful.
You won’t get an outcome response from ASD assist, but you should probably email them again letting them know that it hasn’t been fixed it @caseyjohnellis thoughts?
EDIT: if it’s a huge job to fix, I’d probably sit tight. If it’s a joke of a vulnerability, then I’d email them again, asking if they can confirm receipt.