A generic process to identify vulnerabilities and design weaknesses in iOS healthcare apps
Files
(Published version)
Date
2015
Authors
D'Orazio, C.
Choo, K.K.R.
Editors
Bui, T.X.
Sprague, R.H.
Sprague, R.H.
Advisors
Journal Title
Journal ISSN
Volume Title
Type:
Conference paper
Citation
Proceedings of the ... Annual Hawaii International Conference on System Sciences. Annual Hawaii International Conference on System Sciences, 2015 / Bui, T.X., Sprague, R.H. (ed./s), vol.2015-March, pp.5175-5184
Statement of Responsibility
Conference Name
48th Hawaii International Conference on System Sciences 2015 (5 Jan 2015 - 8 Jan 2015 : Hawaii)
Abstract
Due to the capability of mobile applications (or apps, as they are commonly known) to access sensitive data and personally identifiable information (PII) such as medical history and electronic health transactions, they present a genuine security and privacy threat to their users. In this paper, we propose a generic process to identify vulnerabilities and design weaknesses in apps for iOS devices. We validate our process with a widely used Australian Government Healthcare app and revealed previously unknown / unpublished vulnerability that consequently exposes the user's sensitive data and PII stored on the device. We then propose several recommendations with the hope that similar structural mistakes can be avoided in future app design.
School/Discipline
Dissertation Note
Provenance
Description
Access Status
Rights
Copyright 2015 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Access Condition Notes: Postprint available after 12 January 2015