The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogram (EKG) has no encryption for its data-over-sound protocols. Exploiting this vulnerability could allow an attacker to read patient EKG results or create a denial-of-service condition by emitting sounds at similar frequencies as the device, disrupting the smartphone microphone’s ability to accurately read the data. To carry out this attack, the attacker must be close (less than 5 feet) to pick up and emit sound waves.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsma-22-298-01 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2022-10-27T20:04:06.498Z
Updated: 2022-11-01T15:57:59.910Z
Reserved: 2022-09-29T14:09:27.495Z
Link: CVE-2022-41627
JSON object: View
NVD Information
Status : Modified
Published: 2022-10-27T21:15:15.573
Modified: 2023-11-07T03:52:51.250
Link: CVE-2022-41627
JSON object: View
Redhat Information
No data.