A Generic Process to Identify Vulnerabilities and Design Weaknesses in iOS Healthcare Apps

Author

D´Orazio, Christian ; Choo, Kim-Kwang Raymond

Author_Institution

Inf. Assurance Res. Group, Univ. of South Australia, Adelaide, SA, Australia

fYear

2015

fDate

5-8 Jan. 2015

Firstpage

5175

Lastpage

5184

Abstract

Due to the capability of mobile applications (or apps, as they are commonly known) to access sensitive data and personally identifiable information (PII) such as medical history and electronic health transactions, they present a genuine security and privacy threat to their users. In this paper, we propose a generic process to identify vulnerabilities and design weaknesses in apps for iOS devices. We validate our process with a widely used Australian Government Healthcare app and revealed previously unknown / unpublished vulnerability that consequently exposes the user´s sensitive data and PII stored on the device. We then propose several recommendations with the hope that similar structural mistakes can be avoided in future app design.

Keywords

data privacy; electronic health records; health care; mobile computing; security of data; Australian Government Healthcare app; electronic health transactions; genuine security; iOS healthcare apps; medical history; mobile applications; personally identifiable information; privacy threat; sensitive data access; Cryptography; History; Medical services; Mobile communication; Mobile handsets; Object recognition; iOS app analysis; iOS healthcare apps; iOS security; iOS user privacy;

fLanguage

English

Publisher

ieee

Conference_Titel

System Sciences (HICSS), 2015 48th Hawaii International Conference on

Conference_Location

Kauai, HI

ISSN

1530-1605

Type

conf

DOI

10.1109/HICSS.2015.611

Filename

7070435