Security Researcher Finds Flaw in At-Home COVID Test, Easily Changed Result by Intercepting Bluetooth Traffic

A security researcher revealed that he was able to switch the result of an at-home test for COVID-19. He was able to get those results changed by hacking and manipulating the Bluetooth traffic from the Android device before it fully reached the app.

Security Researcher Reveals Easy Way to Change Results

Ken Gannon, the security researcher who did the experiment, found the issue with Ellume's at-home COVID nasal swab test. The swab test was designed to analyze and transmit data to an Ellume app that displays and saves the result of the test.

According to F-Secure, the security company that Gannon works at, Ellume has fixed its nasal swab test flaw.

The process of changing the result of the test was not simple. According to F-Secure, Gannon used an Android device to tap into the data and analyze the tester that sends the data to the app.

From there, Gannon was able to know how the swab test results were sent, and the authenticity of the results was verified.

The security researcher was able to tap the Bluetooth system and was able to successfully change the result of the COVID test from a negative to a positive one.

When he got an email from Ellume regarding his result, he said that it showed he had tested positive when he was COVID-free.

Ellume stated that it had strictly followed F-Secure's advice to do more analysis to ensure that the data transferred was accurate.

It also advised users to make some changes to the app so that it would be more difficult for others to take over its transmission.

Dangers of the App Flaw

In an exclusive interview with The Verge, Gannon said that he did not test to see if his experiment could be done on an iOS device and that the goal of this was to see if an average person can change the result of a COVID test.

Gannon added that this issue could be dangerous as it can be used to hack the app and get whatever result would benefit them.

While Gannon's research only includes switching negative COVID results to positive ones, he said through a press release that the process works both ways, which means the negative result can be switched to positive ones and positive results to negative ones.

Before Ellume released the patches for the app, Gannon warned that those with the right skills could use the problem to make sure that they could get a negative test result in every single time, according to The New York Times.

In theory, a fake certification could be used to meet the re-entry requirements to the United States. F-Secure was able to get the fake result certified by the health agencies and establishments, and the video test supervisor was not able to figure out that the result was fake.

F-Secure said that Ellume is currently working on a verification portal that will allow authorities to verify that its at-home COVID tests are authentic. It has gone back to study all of its previous results for accuracy. Ellume revealed that it found none of them had been faked.

Aside from Ellume, Amazon also got approval from the Food and Drug Administration or FDA to sell their own at-home COVID-19 test.

Related Article: DIY COVID Test Will Soon Be Available to Americans Who Wants to Take the Test Home

This article is owned by Tech Times

Written by Sophie Webster

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics