Thanks to technology, we are seeing an increasing number of home testing kits for various diseases that can be uploaded onto our phones and then uploaded online to our doctors, so that they can monitor our health remotely and get the latest information. It sounds convenient, but there is also some danger to that.
A good example would be recently, F-Secure researcher Ken Gannon discovered a vulnerability in Ellume’s nasal swab test, which is a home testing kit for COVID-19. The kit uses Bluetooth to transmit data from the kit to a companion app on a smartphone. However, the vulnerability allowed Gannon to basically create a couple of scripts that would allow him to change the results of the test that was being uploaded.
This means that if someone tested negative, they could change it to positive and vice versa for whatever reasons they might have. However, it should be noted that this wasn’t a particularly easy hack which means that not everyone will be able to start hacking their COVID-19 test kits, but the fact that the vulnerability was there is concerning.
The good news is that Ellume has since patched the issue and the company says that they have followed F-Secure’s recommendations to do more analysis to ensure that the data from their kits are accurate.