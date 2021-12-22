



Security researchers have discovered a Bluetooth vulnerability in a popular home COVID-19 test and have made it possible to change the results.

F-Secure researcher Ken Gannon has identified a defect fixed in the Ellume COVID-19 Home Test. This is a self-managed antigen test that can be used to check if an individual is infected with the virus. Instead of submitting the sample to the test facility, the sample is tested using a Bluetooth analyzer, which reports the results to users and health authorities via the Ellumes mobile app.

However, Gannon discovered that the Ellume app could trick the built-in Bluetooth analyzer into allowing users to tamper with authenticateable results before processing the data.

To perform the hack, Gannon used a rooted Android device to analyze the data that the test sent to the app. Next, identify the two types of Bluetooth traffic that users are most likely to tell their mobile app whether their COVID is positive or negative before creating two scripts that can successfully change negative results to positive results. Did.

Ganon says that when he received an email with the results from Erme, it falsely indicated that he was positive on the test. To complete the proof of concept, F-Secure is a counterfeit COVID from Azova, a telemedicine provider that Ellume is affiliated with to certify COVID-19 testing at home for travel or entry. 19 Succeeded in obtaining a certified copy of the test results. jobs.

The Gannons article only includes changing negative results to positive results, but this process “works in both ways. He also before the patch is applied. Said that someone with the right motives and technical skills could use these flaws and get negative results each time they or someone they work with can get negative results. In theory, you can submit a fake certificate to meet US re-entry requirements.

In response to F-Secures findings, Ellume states that it has updated its system to detect and prevent the transmission of forged results.

It also provides a verification portal that allows authorities such as health departments, employers, schools and event organizers to verify the authenticity of the Ellume COVID-19 home test, said Alan Fox, Head of Information Systems at Ellume. I am saying. Ellume is confident in the reliability of its ECHT test results, pays attention to this issue, and appreciates F-Secure’s daily work to protect consumers, businesses and organizations around the world. ..

