CVE-2022-41627

Name of the Vulnerable Software and Affected Versions KardiaMobile (affected versions not specified)

Description The physical IoT device of the AliveCor's KardiaMobile has no encryption for its data-over-sound protocols. This issue could allow an attacker to read patient EKG results or create a denial-of-service condition by emitting sounds at similar frequencies as the device, disrupting the smartphone microphone’s ability to accurately read the data. The attacker must be close (less than 5 feet) to pick up and emit sound waves.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.