At-Home COVID Test Can Be Tricked For Fake Results, Researchers Discover

Image via Ellume


As at-home COVID tests become more common, a security researcher has discovered that a Bluetooth vulnerability in a popular kit allowed him to fake the test’s results.


Ken Gannon, a researcher at F-Secure, was the one who found the loophole in the Ellume COVID-19 Home Test, which has since been fixed by the brand. The kit uses a Bluetooth analyzer to test a user’s sample, before reporting the results via its mobile app. 


However, Gannon uncovered that the Bluetooth analyzer could be used to falsify the result before the app would process the data. According to TechCrunch, the researcher first used a rooted Android device to look into the backend of the data that the test was sending to the app. 

Through that, he was able to identify two different Bluetooth traffic signals that told the app if a user’s test results were positive or negative. He then wrote two new scripts that allowed him to change a negative result to one that would show up as positive on the app. 

When Gannon received the results via email, it incorrectly displayed that he had tested positive, just as he predicted. He even obtained a certified copy of the false test result from Azova, a telehealth provider partnered with Ellume.

“Someone with the proper motivation and technical skills could’ve used these flaws to ensure they, or someone they’re working with, gets a negative test result every time they’re tested,” Gannon said. 

In response, Ellume has updated its system to prevent the Bluetooth loophole from being exploited. Alan Fox, the firm’s Head of Information Systems, said: “We will also deliver a verification portal to allow authorities—including health departments, employers, schools, event organizers, and others—to verify the authenticity of the Ellume COVID-19 Home Test.” 

“Ellume is confident in the reliability of our ECHT test result, and we would like to thank F-Secure for bringing this issue to our attention and for the work they do every day to protect consumers, businesses, and organizations around the globe.”




[via Techcrunch, cover image via Ellume]

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow Me

This site uses Akismet to reduce spam. Learn how your comment data is processed.