Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogram (EKG) has no encryption for its data-over-sound protocols. Exploiting this vulnerability could allow an attacker to read patient EKG results or create a denial-of-service condition by emitting sounds at similar frequencies as the device, disrupting the smartphone microphone’s ability to accurately read the data. To carry out this attack, the attacker must be close (less than 5 feet) to pick up and emit sound waves.
CVSS Information
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Vulnerability Type
敏感数据加密缺失
Vulnerability Title
AliveCor KardiaMobile 安全漏洞
Vulnerability Description
AliveCor KardiaMobile是美国AliveCor公司的一个个人心电图仪。 AliveCor KardiaMobile存在安全漏洞,该漏洞源于没有对其声音数据协议进行加密,利用此漏洞可能允许攻击者读取患者心电图结果或通过发出与设备相似频率的声音来创建拒绝服务条件,从而破坏麦克风准确读取数据的能力。
CVSS Information
N/A
Vulnerability Type
N/A