Technical
Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

...
...

Lack of Medical data encryption in Dr.Trust ECG/EKG Pen

Vulnerability

Lack of Medical data encryption in Dr.Trust ECG/EKG Pen.

Vulnerability Description

An issue was discovered on Dr.Trust ECG/EKG Pen. The onboard Flash memory stores ECG/EKG data in cleartext, without integrity protection against tampering. Attacker can remove the Flash chip and tamper with the ECG data.

CVE-ID

CVE-2020-15485

Vendor

Dr.Trust

Product

ECG EKG Electrocardiogram Pen

Disclosure Timeline

22 June 2020 reported to the vendor

22 July 2020 No response from the vendor and Public disclosure.

Credit

Arun Magesh