His Bluetooth analyzer, which reports user test results to both users and health authorities via Elume’s mobile app, is a security consultant for F-Secure, which specializes in mobile his security. It caught the attention of a certain Ken Gannon. During his investigation, Gannon discovered that by exploiting a flaw in the Bluetooth analyzer, he could alter Covid test results before they were reported to Ellume’s app. Additionally, Gannon and a colleague were able to obtain a proof of observation certificate for a changed result from a third-party video observation service they were directed to by the company’s website.
As President Biden prepares to make at-home Covid testing available to more Americans, security researchers say someone will come up with a fix. I found a flaw that might allow it to run. A study with emergency use authorization in the United States. A variety of at-home Covid-19 tests are currently available, but Elume offers a self-administered antigen test that can be used to see if an individual has the virus. Rather than sending it to the company, the company’s test kit allows users to collect a sample of their nose and test it with the included Bluetooth analyzer.
Highlights
-
“Our research involved changing a negative test result to positive, but the process works both ways. Prior to Ellume`s fixes, highly skilled individuals or organizations with cyber security expertise trying to circumvent public health measures meant to curb COVID`s spread, could`ve done so by replicating our findings. Someone with the proper motivation and technical skills could`ve used these flaws to ensure they, or someone they`re working with, gets a negative result every time they`re tested.”
-
Falsifying Covid test results
After discovering that he could falsify the results of Ellume’s at-home Covid tests, Gannon shared his findings with the company which launched an investigation, confirmed the problem and implemented several improvements to its tests to prevent users from tampering with their results. Gannon provided further insight on his discovery and how it could be abused by those looking to secure a negative Covid test every time in a press release, saying:
Although Gannon first decided to investigate the Bluetooth analyzer used in Ellume’s at-home Covid test out of curiosity, he pointed out that other individuals or organizations can leverage similar security flaws to circumvent public health measures. Thankfully, thanks to Gannon’s discovery and the fact that he responsibly disclosed the results to the company, Eludme’s at-home Covid testing is now even safer.