Qardio Bluetooth Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Qardio Heart Health iOS and Android applications, as well as the QardioARM A100 device. The issue arises from the applications and device accepting continuous startMeasurement commands over an unencrypted Bluetooth connection. This flood of requests can disrupt the device's ability to connect with a clinician's app for patient readings, creating a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the affected device to become unresponsive to legitimate connection requests from clinician applications.

Remediation

Users are advised to disable Bluetooth when not in use and to avoid using the device in public or within Bluetooth range of potential threats. Only trusted mobile applications from reliable providers should be used. For additional information, contact Qardio customer support.