The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogram (EKG) has no encryption for its data-over-sound protocols. Exploiting this vulnerability could allow an malicious user to read patient EKG results or create a denial-of-service condition by emitting sounds at similar frequencies as the device, disrupting the smartphone microphone’s ability to accurately read the data. To carry out this attack, the attacker must be close (less than 5 feet) to pick up and emit sound waves.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
alivecor kardiamobile_firmware - |
||
alivecor kardiamobile_6l_firmware - |
||
alivecor kardiamobile_card_firmware - |