Analysis of Security Vulnerabilities for Mobile Health Applications

The availability to deploy mobile applications for health care is increasing daily thru different mobile app stores. But within these capabilities the number of hacking attacks has also increased, in particular into medical mobile applications. The security vulnerabilities in medical mobile apps can be triggered by errors in code, incorrect logic, poor design, among other parameters. This is usually used by malicious attackers to steal or modify the users’ information. The aim of this research is to analyze the vulnerabilities detected in mobile medical apps according to risk factor standards defined by OWASP in 2014.




References:
[1] Food and Drug Administration, et al. Mobile Medical Applications:
Guidance for Industry and Food and Drug Administration Staff. USA:
Food and Drug Administration, Tech. Rep, 2013.
[2] M, Aitken; C, Gauntlett “Patient Apps for Improved Healthcare from
Novelty to Mainstream”. IMS Institute for Healthcare Informatics Tech.
Rep, 2013, pp. 1-65. [3] Identity Theft Resource Center®, “ITRC Data Breaches Reports 2014”,
Tech. Rep, 2014. Retrieved from website: http://www.idtheftcenter.org/
ITRC-SurveysStudies/2014databreaches.html.
[4] Arxan IBM, “Arxan Application Protection with IBM Security Trusteer”
Tech. Rep, 2015. Retrieved from website: https://www.arxan.com/wpcontent/
uploads/assets1/pdf/Arxan_Application_Protection_with_IBM_
Trusteer_-_Solution_Brief.pdf.
[5] OWASP, Mobile Security Project Top 10 Mobile Risks. (Online), 2015
Retrieved from website: https://www.owasp.org/index.php/
OWASP_Mobile_Security_Project.
[6] KAY, Misha; SANTOS, Jonathan; TAKANE, Marina. "mHealth: New
Horizons for Health through Mobile Technologies." World Health
Organization, 2011, pp. 66-71.
[7] B, Hasan, B.; Dmitriyev, V.; Gomez, J.M.; Kurzhofer, J., "A Framework
Along with Guidelines for Designing Secure Mobile Enterprise
Applications," Security Technology (ICCST), 2014 International
Carnahan Conference on , vol., no., pp.1,6, 13-16 Oct. 2014.
[8] Copeland, W.; Chia-Chu Chiang, "Securing Enterprise Mobile
Information," Computer, Consumer and Control (IS3C), 2012
International Symposium on, vol., no., pp.80,83, 4-6 June 2012.
[9] Nicholas Penning, Michael Hoffman, Jason Nikolai, Yong Wang.
“Mobile Malware Security Challeges and Cloud-Based Detection”,
2014.
[10] Yonglin Sun, Yongjun Wang, Xiaobin Wang. “Mobile Security Apps:
Loyal Gaurds or Hypercritical Thieves?” 2014.
[11] Open Mobile Alliance, “'Wireless Application Protocol WAP 2.0” Tech.
Rep., 2002.
[12] H. Rutagemwa, “Performance Modeling, Design and Analysis of
Transport Mechanisms in Integrated heterogeneous Wireless Networks”,
Diss. University of Waterloo, 2007.
[13] DIERKS, T.; ALLEN, C. The TLS Protocol (rfc 2246). Internet
Engineering Task Force (IETF), 1999.
[14] R. J, Boncella. "Wireless Security: An Overview." Communications of
the Association for Information Systems, 2003, vol. 9, no 1, pp. 15.
[15] W, WSP, “Wireless Application Protocol”, Wireless Session Protocol
Specification, 1999, vol. 30, pp 84.
[16] A. S, Godbole; A.S.G.A. Kahate, Web Technologies: Tcp/ip to Internet
Application Architectures. Tata McGraw-Hill Education, 2002.
[17] V, Kumar; S, Parimi ; D.P, Agrawal,., "WAP: Present and Future,"
Pervasive Computing, IEEE , vol.2, no.1, pp.79,83, Jan-Mar 2003 doi:
10.1109/MPRV.2003.1186729.
[18] A. B. Bhavani. Cross-Site Scripting Attacks on Android Webview.
arXiv Preprint arXiv:1304.7451, 2013.
[19] T, Luo; H, Hao; W, Du; Y, Wang; Yin, H. “Attacks on WebView in the
Android System”. In Proceedings of the 27th Annual Computer Security
Applications Conference. ACM, 2011. pp. 343-352.
[20] K.Wei; M, Muthuprasanna; S, Kothari. “Preventing SQL Injection
Attacks in Stored Procedures”. In Software Engineering Conference,
2006. Australian. IEEE, 2006. pp. 8.
[21] E. Chin; A.P. Felt; K, Greenwood; D. Wagner. “Analyzing Inter-
Application Communication in Android”. In Proceedings of the 9th
International Conference on Mobile Systems, Applications, and
Services. ACM, 2011. pp. 239-252.
[22] H. Dwivedi. Mobile Application Security. Tata McGraw-Hill Education,
2010.
[23] United States Computer Emergency Readiness Team “FREAK SSL/TLS
Vulnerability”, (online). March 2015. Avalaible: https://www.uscert.
gov/ncas/current-activity/2015/03/06/FREAK-SSLTLSVulnerability.
[24] S. Gujrathi. “Heartbleed Bug: Anopenssl Heartbeat Vulnerability”.
International Journal of Computer Science and Engine ter Science and
Engineering, 2014, vol. 2, no 5, pp. 61-64.
[25] A. K. Jain; D. Shanbhag. “Addressing Security and Privacy Risks in
Mobile Applications”. IT Professional, 2012. no 5. pp. 28-33
[26] M. L. Das; N. Samdaria. “On the Security of SSL/TLS-Enabled
Applications”. Applied Computing and Informatics, 2014, vol. 10, no 1,
pp. 68-81.