At-home COVID-19 tests may not be as trustworthy as you would like — not in the hands of a committed hacker, at least. as the edge Ken Gannon, a researcher at F-Secure, notes a security flaw that has since been corrected in Ellume’s Bluetooth-connected nasal swab test that allowed him to alter reported results. The vulnerabilities were complex, but still worrisome.
Gannon used a rooted Android device to check the Bluetooth traffic that the Ellume lateral flow tester was sending to the company’s mobile app. The researcher identified the traffic used to indicate the test results, and wrote scripts to change the result. Alexandra Renheimer, director of marketing for F-Secure, managed to fool Azova, a company that issues certificates for US entrance exams, when she supervised the test.
Ellume made it difficult to study and modify the data, and it’s not clear that iPhone or iPad users can repeat the same feat. The company is also building a portal to help administrators verify tests at home, and has determined that all previous tests were authentic.
However, the results raise concerns about people using other flaws (including other tests) to falsify COVID-19 results. Anyone with sufficient knowledge can overturn the negative consequences of re-entering the United States or a particular workplace during an injury. Although the effort currently underway makes this fraud widely improbable, it wouldn’t take much bogus results to trigger an outbreak.
All products recommended by Engadget are handpicked by our editorial team, independently of the parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.