The security provider F-Secure falsified the COVID test results in a Bluetooth-equipped home COVID test. Thankfully, the supplier has repaired the device.
The company tested Ellum COVID-19 home test, The device specially selected because it uses the “Bluetooth connection analyzer used with the application on the phone”.
When F-Secure probed the device and its supporting applications, its researchers found an unexported activity called com.ellumehealth.homecovid.android/com.gsk.itreat.activities.BluetoothDebugActivity F-Secure found that users with root-level access to Android machines can initiate the activity to “help interact with the analyzer via Bluetooth.”
Further research found two types of Bluetooth traffic related to the communication test results. F-Secure researchers can solve these problems as follows:
To make matters worse: the falsified data generated by the Ellume department was happily ingested by an agency called Azova, which can certify the results of the COVID test so that travelers can enter the United States. F-Secure’s post details a test in which an employee used an Ellume device to test for COVID, which produced a negative result, but used the above method to falsify the result.
The security company explained its work to Ellume and suggested some changes. The F-Secure post stated that Ellume followed these recommendations and implemented:
- Analyze the results further to flag fraudulent data
- Other confusion and operating system checks in Android applications
F-Secure shared its work On GitHub.
Alan Fox, Ellume’s information system manager, sent the following statement to Register:
“Ellume has updated our system to detect and prevent the spread of falsified results. In addition, we have analyzed all the results so far and confirmed that no other results have been affected. We will also provide a verification portal to allow the authorities to— Include health departments, employers, schools, event organizers and others-to verify the authenticity of the Ellume COVID-19 home test.”
“Our test is already one of the safest on the market, and thanks to F-Secure’s insight, our ECHT is now safer-especially when compared to the non-digital tests currently available, just add soda You can easily forge the test without any professional skills. Ellume is full of confidence in the reliability of our ECHT test results. We would like to thank F-Secure for drawing our attention to this issue and their daily efforts to protect consumers, businesses, and consumers around the world. The work done by the organization.” ®
