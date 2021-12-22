An investigation by cybersecurity provider F-Secure has found and helped correct design flaws in a home antigen test for Ellume brand COVID-19. The flaws discovered would have allowed an individual to falsify a certifiable test result via Bluetooth. Ellume has the authorization to be used in an emergency in the United States to diagnose coronavirus.

Ellume’s COVID-19 home test is a self-diagnostic antigen test, which people can use to check for COVID-19. Users collect a nasal sample on their own using the included kit, and then they analyze the sample using the included Bluetooth analyzer. The analyzer then communicates the result to the user and to the health authorities in the United States through the Ellume Android or iOS application.

Security analyst Ken Gannon, who specializes in mobile security, discovered that it was Possible to change the results after the Bluetooth analyzer performed the test, but before the app communicated them. He was even able to obtain a certificate proving his results even though they were modified.

It should be said that the researcher says that experts in cybersecurity are needed, that is, not everyone can modify these results without knowing about computing. Gannon shared his findings with Ellume, who investigated and confirmed the problem and implemented several improvements to avoid manipulation of the results Of the tests.

You can even get a certificate from a forged test





This certificate allows certain activities to be carried out in the United States, one of them to enter the country, similar to the Covid passport of Europe that helps you have more mobility through the EU accompanied by a locator certificate.

“Our research consisted of changing a negative test result to positive, but the process works both ways,” explains the researcher. According to him, highly qualified individuals or organizations with experience in cybersecurity who will try to circumvent public health measures aimed at curbing the spread of COVID, they could have modified positive results and sent them to the authorities and the device application as negatives.

Alan Fox, Head of Information Systems at Ellume has confirmed the finding of security experts. However, he says they have found no evidence that anyone other than this researcher modified the results.

Ellume believes its self-test is still safer than non-digitized ones that can be faked “easily just by putting soda or water on the test without the need for specialist knowledge.” In the month of November, this brand recalled more than 2 million covid-19 home tests for false positives

Cover photo VIA | Dailypharma