Researcher Fixes Tampering of COVID19 Results

0
Ellume

Researcher, Gannon found tampering of results in Ellume’s COVID Antigen Test

Ellume’s COVID19 home test is a self-administered antigen test. Individuals can use it to check whether they have COVID19. Moreover, users will not need to submit their samples to testing facilities. They can collect a nasal swab sample using the testing kit’s equipment. After that, they can test the sample using the Bluetooth analyzer that comes with the kit. Then the user gets the result report through the analyzer. Furthermore, the health authorities get it through Ellume’s Android or iOS application.

Tampered Results

Ken Gannon who specializes in mobile security discovered that changing the test results is possible with the app. Users change the test results after passing them through the Bluetooth analyzer, before reporting to the Ellume app. Gannon along with his colleague was able to get proof of the observation certificate for a changed result. He did so through a third-party service.

Gannon said,

“Our research involved changing a negative test result to positive, but the process works both ways. Prior to Ellume’s fixes, highly skilled individuals or organisations with cybersecurity expertise trying to circumvent public health measures meant to curb COVID’s spread, could’ve done so by replicating our findings. Someone with the proper motivation and technical skills could’ve used these flaws to ensure they, or someone they’re working with, gets a negative result every time they’re tested.”

Prevention of Tampering of COVID19 Results

Gannon shared his COVID19 results tampering findings to Ellume after a thorough investigation, confirming the problem. Moreover, he implemented certain improvements to prevent tampering with results.

Head of information systems Ellume, Alan Fox said:

“Ellume has updated our system to detect and prevent the transmission of falsified results. In addition, we have analysed all results to-date and confirmed no other results were impacted. We will also deliver a verification portal to allow authorities – including health departments, employers, schools, event organisers and others – to verify the authenticity of the Ellume COVID-19 Home Test.”

Gannon further said,

“When security researchers look for problems in technology, we do it to challenge ourselves and the results are usually able to help other companies make their products safer to use. However, adversaries are also constantly looking for problems in technology that they can use to achieve other objectives. In this case, an adversary could’ve used these design flaws to circumvent public health measures intended to fight the COVID pandemic, so I’m happy that I was able to help Ellume improve the integrity of their tests.”

LEAVE A REPLY

Please enter your comment!
Please enter your name here