An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because the Bluetooth LE support is implemented without a requirement for pairing or security, any attacker can access the GATT server of the device and can sniff the data being broadcasted while a measurement is being done. Also, saved data can also be extracted over a Bluetooth connection. In addition, an attacker can launch a man-in-the-middle attack against data integrity.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Electrocardiogram_pen_firmware | Drtrust | 2.00.08 (including) | 2.00.08 (including) |