Machine-generated analysis · WAYSCloud LLM
The advisory states that unauthenticated BLE access allows read/write of critical GATT characteristics, and the mobile app does not authenticate the connected device, enabling spoofing and data injection.
Context
The affected product is the Fourth Frontier Frontier X Mobile Application and Frontier X2 wearable device, used in healthcare for monitoring clinical readings. The advisory states that the device lacks authentication for BLE access to critical functions, and the mobile app trusts any device advertising as a legitimate Frontier X2. This could allow attackers within range to manipulate device controls and inject false health data. Worth noting is that all versions of the Frontier X2 device are affected, regardless of firmware version.
Operator considerations
Log: monitor for unexpected BLE connections or anomalous health data entries in the mobile application.
Successful exploitation of this vulnerability could allow an attacker to read and write arbitrary handle values and change clinical readings, which could result in taking control of the device and lead to patient harm.
Read the full advisory on CISA →