Cue Health announced Friday a patch for unsecured Bluetooth communications in its smart Cue Health Home COVID-19 Test that allowed the user or another attacker to change the results of the test. It is the second manufacturer of smart COVID-19 tests to patch this type of vulnerability after Ellume in December.
Both the Cue and Ellume vulnerabilities were discovered by Ken Gannon, a researcher with WithSecure (formerly F-Secure Business).
“As I was closing up the previous findings, I got an ad for another COVID test,” Gannon told SC Media. “And I was like, ‘Wow, that looks expensive. I want to buy it, see what I can do with it.’ And here we are a few months later again, going through the same thing.”