New APP threat: Attacks on mobile health apps and medical devices

[sdog-mitre]

On behalf of Prashanth Thandavamurthy of Arxan Technologies, Inc.

New Threat

Threat Category: Application: Vulnerable Application

Threat: Attacks on mobile health apps and medical devices.

Threat Origin: None

Exploit Example: http://www.computerworld.com/article/2837413/security0/dhs-investigates-24-potentially-deadly-cyber-flaws-in-medical-devices.html

CVE Example: None

Possible Countermeasures:

1. Follow secure coding guidelines for medical apps
2. Protect apps from reverse-engineering and code tampering/modification attacks
3. Use cryptographic key protection solution such as Whitebox Cryptography to ensure - a. Cryptographic keys/secrets are not discovered at any time, and are not present in static form or in runtime memory b. Data is protected at rest, in transit and in-use
4. Leverage vulnerability/penetration testing and ensure that known risks – including those identified in the OWASP mobile top 10 list, in particular, are addressed

References: None

[cjb9]

Appears to be a sector specific version of application threats.