So it turns out, that the vaccine certificate that is given to Australian citizens is extremely easy to forge, only requiring a basic PDF editor, like LibreOffice Draw, a completely free and open source program, to simply edit the PDF.
After loading the PDF, all a potential forgery needs to do is to format the watermark in a special way.
To showcase this, I simply decided to make my own “totally legitimate” copy:
Once again, the goverment has failed at a basic technological hurdle, as fixing this would only require that they, instead of giving a PDF, give an image, which will not preserve the layering, making it harder to edit the document.
That is of course ignoring the issue that is the fact that they also didn’t cover the most important fields with their watermark, being the DoB and name, most of the IHI, and the document number. Of course this would be verifably false by someone with access to the medicare internal systems, however given the goverments objective of only having double vaccinated people out in the public, this would only require a laughable amount of social engineering to work.