Mendi Neurofeedback Headset V4 Bluetooth Low Energy Cleartext Transmission Vulnerability

A vulnerability exists in the Mendi Neurofeedback Headset V4, specifically within the Bluetooth Low Energy (BLE) Handler component. This vulnerability allows for the unauthorized interception of functional near-infrared spectroscopy (fNIRS) sensor data, which is transmitted in cleartext without any encryption. The issue arises from the failure to implement secure BLE pairing mechanisms or application-layer encryption for fNIRS data transmission. As a result, an attacker within BLE radio range can passively capture data streams using common wireless analysis tools, such as the Nordic nRF Sniffer or a modified smartphone. The intercepted data can be decoded to reveal real-time prefrontal cortex activity, all without the user's knowledge or consent. This exploitation leaves no detectable traces on the device or its software.

Impact

Exploitation of this vulnerability allows for the passive interception of sensitive neural activity data, transmitted unencrypted over Bluetooth. This data can be used to reconstruct and visualize a user's brain activity in real time, without their consent.