Of course, a home COVID test using Bluetooth was cracked to falsify the results • The Register


Security provider F-Secure tampered with a COVID test result on a home COVID test equipped with Bluetooth. Fortunately, the seller has since repaired the device.

The firm tested the Ellume COVID-19 home test, a device selected specifically because it uses a “Bluetooth connected analyzer for use with an app on your phone”.

As F-Secure probed the device and its associated app, its researchers spotted non-exported activity called com.ellumehealth.homecovid.android/com.gsk.itreat.activities.BluetoothDebugActivity Users with root-level access to an Android machine can initiate this activity to “help interact with the scanner over Bluetooth,” F-Secure found.

Further study revealed two types of Bluetooth traffic related to the communication of test results. F-Secure researchers were able to play with these, as follows:

It’s worse: Falsified data produced by the Ellume unit was thankfully ingested by a company named Azova that certifies COVID test results so travelers can enter the United States. F-Secure’s post details a test in which a member of its staff used the Ellume device to test for COVID, produced a negative result, but used the above methods to falsify the results.

The security company explained their work to Ellume and recommended some changes. The message from F-Secure states that Ellume has followed these recommendations and implemented:

  • Further analysis of results to flag falsified data
  • Additional obfuscation and OS checks in the Android app

F-Secure shared their work on GitHub.

Alan Fox, Head of Information Systems at Ellume, sent the following statement to The register:

“Ellume has updated our system to detect and prevent the transmission of falsified results. Additionally, we have analyzed all results to date and confirmed that no further results have been affected. We will also provide a verification portal to allow authorities – including health departments, employers, schools, event planners and others – to verify the authenticity of the Ellume COVID-19 home test. “

“Our test is already one of the most secure on the market and thanks to information from F-Secure our ECHT is now even more secure – especially compared to the non-digital tests currently available, which can be easily tampered with simply by putting water or soda. on the test without requiring specialized skills. Ellume is confident in the reliability of our ECHT test results, and we would like to thank F-Secure for bringing this issue to our attention and for the work they do every day to protect consumers, businesses and organizations. worldwide. “®


Comments are closed.