Flaw in Bluetooth at-home COVID-19 test allows users to falsify results

A security researcher discovered a bug in Cue Health's Bluetooth-operated at-home COVID-19 testing kit that could allow users to falsify test results, TechCrunch reported April 21.

The kit tests for COVID-19 uses a nasal swab that is inserted into a single-use cartridge and analyzed by the battery-powered Cue Reader. This then transmits the result over Bluetooth to the Cue Health app on the test-taker's phone. But, Ken Gannon, a security consultant at WithSecure, found a flaw in the testing kit that could allow test results to be modified.

The vulnerability was found in how the Cue Reader communicates with the Cue Health app over Bluetooth using the Protobuf protocol, which presents the test data in an easily readable block of data. 

The block of data generated by the Reader ends in "10 02" for a positive COVID-19 test result, or "10 03" for a negative result. 

The researcher developed a script that enabled him to intercept and modify the data by manipulating these digits. 

By changing a single digit in the result, the researcher was able to change his negative result to a positive result, as well as to obtain a certificate verifying the results as valid.

"As of right now, the skill level required to flip those bits is somewhat high," Gannon said. "A person would need to have decent knowledge into hacking mobile applications and running custom code within Cue's application. However, one thing I’m always worried about with Android application hacking is the ability to customize the hack so that the average consumer can do the same hack. Because of this, I’m purposely disclosing technical details and custom code that only reverse engineers could understand and use."

Cue Health has since fixed the vulnerability. 

The company received emergency FDA approval for its portable COVID-19 testing kits June 21. 

 

Copyright © 2022 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars