Design/Logic Flaw

2020-08-2616:15:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.8%

JSON

An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because the Bluetooth LE support is implemented without a requirement for pairing or security, any attacker can access the GATT server of the device and can sniff the data being broadcasted while a measurement is being done. Also, saved data can also be extracted over a Bluetooth connection. In addition, an attacker can launch a man-in-the-middle attack against data integrity.

CPENameOperatorVersion
electrocardiogram_pen_firmwareeq2.00.08

CPE	Name	Operator	Version
	electrocardiogram_pen_firmware	eq	2.00.08

References

payatu.com/advisory/lack-of-bluetooth-le-encryption-and-access-control-in-dr-trust-ecg-or-ekg-pen