usnistgov / mobile-threat-catalogue

NIST/NCCoE Mobile Threat Catalogue
https://pages.nist.gov/mobile-threat-catalogue
Other
143 stars 40 forks source link

New APP threat: Attacks on mobile health apps and medical devices #57

Open sdog-mitre opened 8 years ago

sdog-mitre commented 8 years ago

On behalf of Prashanth Thandavamurthy of Arxan Technologies, Inc.

New Threat

Threat Category: Application: Vulnerable Application

Threat: Attacks on mobile health apps and medical devices.

Threat Origin: None

Exploit Example: http://www.computerworld.com/article/2837413/security0/dhs-investigates-24-potentially-deadly-cyber-flaws-in-medical-devices.html

CVE Example: None

Possible Countermeasures:

  1. Follow secure coding guidelines for medical apps
  2. Protect apps from reverse-engineering and code tampering/modification attacks
  3. Use cryptographic key protection solution such as Whitebox Cryptography to ensure - a. Cryptographic keys/secrets are not discovered at any time, and are not present in static form or in runtime memory b. Data is protected at rest, in transit and in-use
  4. Leverage vulnerability/penetration testing and ensure that known risks – including those identified in the OWASP mobile top 10 list, in particular, are addressed

References: None

cjb9 commented 7 years ago

Appears to be a sector specific version of application threats.