Title :
A Generic Process to Identify Vulnerabilities and Design Weaknesses in iOS Healthcare Apps
Author :
D´Orazio, Christian ; Choo, Kim-Kwang Raymond
Author_Institution :
Inf. Assurance Res. Group, Univ. of South Australia, Adelaide, SA, Australia
Abstract :
Due to the capability of mobile applications (or apps, as they are commonly known) to access sensitive data and personally identifiable information (PII) such as medical history and electronic health transactions, they present a genuine security and privacy threat to their users. In this paper, we propose a generic process to identify vulnerabilities and design weaknesses in apps for iOS devices. We validate our process with a widely used Australian Government Healthcare app and revealed previously unknown / unpublished vulnerability that consequently exposes the user´s sensitive data and PII stored on the device. We then propose several recommendations with the hope that similar structural mistakes can be avoided in future app design.
Keywords :
data privacy; electronic health records; health care; mobile computing; security of data; Australian Government Healthcare app; electronic health transactions; genuine security; iOS healthcare apps; medical history; mobile applications; personally identifiable information; privacy threat; sensitive data access; Cryptography; History; Medical services; Mobile communication; Mobile handsets; Object recognition; iOS app analysis; iOS healthcare apps; iOS security; iOS user privacy;
Conference_Titel :
System Sciences (HICSS), 2015 48th Hawaii International Conference on
Conference_Location :
Kauai, HI
DOI :
10.1109/HICSS.2015.611
