1

Excuse the naive question but I'm trying to understand a bit about security in home health and medial devices and a recent report about how home Covid test results can be altered has left me a bit confused about how security in Bluetooth and apps works.

Two things in particular surprise me (again naive):

  1. it is possible to easily examine the content of Bluetooth communications between a medical device and an app, and
  2. it is possible to examine the code for an app in sufficient detail to decipher the content of those communications.

I would have thought (naively) that neither of these things would have been possible, at least not for a medical device; which leads to my questions:

  1. Shouldn't all communication over Bluetooth be encrypted so that it cannot be intercepted and altered or deciphered? Did CUE simply fail to do this, or is not actually not possible to do?
  2. Is it really possible to acquire human readable code (e.g., JavaScript) from the app binary on an iOS or Android device? If so, what tools are used to do so?
orome
  • 323
  • 2
  • 9

1 Answers1

1

Bluetooth is what one's engineering department makes of it. Marble can be made a statue or a pebble in one's shoe.

Shouldn't all communication over Bluetooth be encrypted so that it cannot be intercepted and altered or deciphered?

Ideally. But this is not the default for bluetooth.

Did CUE simply fail to do this, or is not actually not possible to do?

It is possible, but it takes work. If one's engineering departments see the information as "not that sensitive" they may not advise the engineering time to ensure secrecy or authenticity of the data in transit. Whether or not they are wrong is decided in the court of public or regulatory opinion.

Is it really possible to acquire human readable code (e.g., JavaScript) from the app binary on an iOS or Android device?

Yes, again, unless engineering has taken efforts to mitigate this. But this often comes in the form of obfuscation rather than complete inability to read.

If so, what tools are used to do so?

Adb to grab the app from the phone and something to unzip the app into it's components. I'm sure there's a tutorial or two about doing this to non-obfusicated apps.

foreverska
  • 1,115
  • 11
  • So this basically boils down to failures (or omissions or whatever) on CUE's part. They could have (1) successfully encrypted the communication with their peripheral, and even (2; perhaps not as plausibly) gone to the trouble of obfuscating their code (though that's pretty much the limit of what they would have done)? – orome Apr 22 '22 at 15:41
  • 1
    Yes on both parts. Fully confidential and authenticated Bluetooth is not trivial but it is doable by a senior engineer in the span of weeks. Obfuscating one's app, there's automated tooling. – foreverska Apr 22 '22 at 16:08