CVE-2022-41627

The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogram EKG has no encryption for its data-over-sound protocols. Exploiting this vulnerability could allow an attacker to read patient EKG results or create a denial-of-service condition by emitting soun...

Design/Logic Flaw

The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogram EKG has no encryption for its data-over-sound protocols. Exploiting this vulnerability could allow an attacker to read patient EKG results or create a denial-of-service condition by emitting soun...

CVE-2022-41627

The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogram EKG has no encryption for its data-over-sound protocols. Exploiting this vulnerability could allow an attacker to read patient EKG results or create a denial-of-service condition by emitting soun...

CVE-2022-41627

The CVE-2022-41627 issue affects AliveCor’s KardiaMobile IoT device: the data-over-sound channel has no encryption, enabling an attacker in close proximity (less than 5 feet) to read ECG results or trigger a DoS by emitting matching audio frequencies. The vulnerability is tied to the IoT device’s...

PT-2022-25992 · Alivecor · Kardiamobile

Name of the Vulnerable Software and Affected Versions: KardiaMobile affected versions not specified Description: The physical IoT device of the AliveCor's KardiaMobile has no encryption for its data-over-sound protocols. This issue could allow an attacker to read patient EKG results or create a...

AliveCor KardiaMobile

1. EXECUTIVE SUMMARY CVSS v3 5.2 ATTENTION: Public exploits are available, low attack complexity Vendor: AliveCor Equipment: KardiaMobile Vulnerabilities: Authentication Bypass by Assumed-immutable Data, Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of these...