Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 30132
Analysis of Security Vulnerabilities for Mobile Health Applications

Authors: Y. Cifuentes, L. Beltrán, L. Ramírez

Abstract:

The availability to deploy mobile applications for health care is increasing daily thru different mobile app stores. But within these capabilities the number of hacking attacks has also increased, in particular into medical mobile applications. The security vulnerabilities in medical mobile apps can be triggered by errors in code, incorrect logic, poor design, among other parameters. This is usually used by malicious attackers to steal or modify the users’ information. The aim of this research is to analyze the vulnerabilities detected in mobile medical apps according to risk factor standards defined by OWASP in 2014.

Keywords: mHealth apps, OWASP, protocols, security vulnerabilities, risk factors.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1108987

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 3341

References:


[1] Food and Drug Administration, et al. Mobile Medical Applications: Guidance for Industry and Food and Drug Administration Staff. USA: Food and Drug Administration, Tech. Rep, 2013.
[2] M, Aitken; C, Gauntlett “Patient Apps for Improved Healthcare from Novelty to Mainstream”. IMS Institute for Healthcare Informatics Tech. Rep, 2013, pp. 1-65.
[3] Identity Theft Resource Center®, “ITRC Data Breaches Reports 2014”, Tech. Rep, 2014. Retrieved from website: http://www.idtheftcenter.org/ ITRC-SurveysStudies/2014databreaches.html.
[4] Arxan IBM, “Arxan Application Protection with IBM Security Trusteer” Tech. Rep, 2015. Retrieved from website: https://www.arxan.com/wpcontent/ uploads/assets1/pdf/Arxan_Application_Protection_with_IBM_ Trusteer_-_Solution_Brief.pdf.
[5] OWASP, Mobile Security Project Top 10 Mobile Risks. (Online), 2015 Retrieved from website: https://www.owasp.org/index.php/ OWASP_Mobile_Security_Project.
[6] KAY, Misha; SANTOS, Jonathan; TAKANE, Marina. "mHealth: New Horizons for Health through Mobile Technologies." World Health Organization, 2011, pp. 66-71.
[7] B, Hasan, B.; Dmitriyev, V.; Gomez, J.M.; Kurzhofer, J., "A Framework Along with Guidelines for Designing Secure Mobile Enterprise Applications," Security Technology (ICCST), 2014 International Carnahan Conference on , vol., no., pp.1,6, 13-16 Oct. 2014.
[8] Copeland, W.; Chia-Chu Chiang, "Securing Enterprise Mobile Information," Computer, Consumer and Control (IS3C), 2012 International Symposium on, vol., no., pp.80,83, 4-6 June 2012.
[9] Nicholas Penning, Michael Hoffman, Jason Nikolai, Yong Wang. “Mobile Malware Security Challeges and Cloud-Based Detection”, 2014.
[10] Yonglin Sun, Yongjun Wang, Xiaobin Wang. “Mobile Security Apps: Loyal Gaurds or Hypercritical Thieves?” 2014.
[11] Open Mobile Alliance, “'Wireless Application Protocol WAP 2.0” Tech. Rep., 2002.
[12] H. Rutagemwa, “Performance Modeling, Design and Analysis of Transport Mechanisms in Integrated heterogeneous Wireless Networks”, Diss. University of Waterloo, 2007.
[13] DIERKS, T.; ALLEN, C. The TLS Protocol (rfc 2246). Internet Engineering Task Force (IETF), 1999.
[14] R. J, Boncella. "Wireless Security: An Overview." Communications of the Association for Information Systems, 2003, vol. 9, no 1, pp. 15.
[15] W, WSP, “Wireless Application Protocol”, Wireless Session Protocol Specification, 1999, vol. 30, pp 84.
[16] A. S, Godbole; A.S.G.A. Kahate, Web Technologies: Tcp/ip to Internet Application Architectures. Tata McGraw-Hill Education, 2002.
[17] V, Kumar; S, Parimi ; D.P, Agrawal,., "WAP: Present and Future," Pervasive Computing, IEEE , vol.2, no.1, pp.79,83, Jan-Mar 2003 doi: 10.1109/MPRV.2003.1186729.
[18] A. B. Bhavani. Cross-Site Scripting Attacks on Android Webview. arXiv Preprint arXiv:1304.7451, 2013.
[19] T, Luo; H, Hao; W, Du; Y, Wang; Yin, H. “Attacks on WebView in the Android System”. In Proceedings of the 27th Annual Computer Security Applications Conference. ACM, 2011. pp. 343-352.
[20] K.Wei; M, Muthuprasanna; S, Kothari. “Preventing SQL Injection Attacks in Stored Procedures”. In Software Engineering Conference, 2006. Australian. IEEE, 2006. pp. 8.
[21] E. Chin; A.P. Felt; K, Greenwood; D. Wagner. “Analyzing Inter- Application Communication in Android”. In Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services. ACM, 2011. pp. 239-252.
[22] H. Dwivedi. Mobile Application Security. Tata McGraw-Hill Education, 2010.
[23] United States Computer Emergency Readiness Team “FREAK SSL/TLS Vulnerability”, (online). March 2015. Avalaible: https://www.uscert. gov/ncas/current-activity/2015/03/06/FREAK-SSLTLSVulnerability.
[24] S. Gujrathi. “Heartbleed Bug: Anopenssl Heartbeat Vulnerability”. International Journal of Computer Science and Engine ter Science and Engineering, 2014, vol. 2, no 5, pp. 61-64.
[25] A. K. Jain; D. Shanbhag. “Addressing Security and Privacy Risks in Mobile Applications”. IT Professional, 2012. no 5. pp. 28-33
[26] M. L. Das; N. Samdaria. “On the Security of SSL/TLS-Enabled Applications”. Applied Computing and Informatics, 2014, vol. 10, no 1, pp. 68-81.