SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
19 Jan 2016

Many health and fitness apps remain vulnerable

It seems little has changed over the last several years when it comes to how health and fitness apps go about securing user information.

According to a survey carried out by the firm Arxan last fall, 86 percent of health apps it reviewed at had at least two critical vulnerabilities and 55 percent of users it talked to expected their apps to be hacked in the next six months.

Apps that specialize in fitness have been a common mark for attackers in the last few years as many encourage users to enter personal information. A bug surfaced in MyFitnessPal a few years ago that made it easy for an attacker to pull the profile information of users. That bug has since been patched, but the attack vector remains viable for many apps. Arxan, a Maryland-based tech firm, looked at 71 apps from the U.S., U.K., Germany, and Japan measured up against the Open Web Application Security Project’s (OWASP) top 10 mobile risks.

Separately, the firm interviewed 1,083 individuals, both health app users, and IT decision makers, who produce health apps. The firm released its findings this week via the healthcare edition of its annual State of Application Security Report (PDF). The firm found a whopping 97 percent of apps lacked binary protection, 79 percent of apps had insufficient transport layer protection, and 56 percent of apps experienced unintended data leakage. Many of the bugs open the apps to tampering, something that makes it easier to attackers to potentially reverse engineer apps or leak users’ personal information, according to the firm.

When it came to other outcomes, Sam Rehman, the company’s CTO painted a grave picture. “Imagine having your mobile health app leak your personal health information or your app reprogrammed to instruct you to deliver a lethal dose of medication,” Rehman said of the survey’s findings. The report didn’t specify which apps it screened but did note that among the apps were 19 approved by the U.S. Food and Drug Adminstration and 15 approved by the U.K.’s National Health Service.

In response to the burgeoning wearables market, the Federal Trade Commission conducted a study nearly two years ago and looked at 12 mobile health apps. The apps were ultimately found sending user information to 76 different third parties. Some sent sleeping patterns, eating habits, even GPS-based running routes. Four of the apps didn’t even bother to anonymize the information.

As the privacy and security implications continue to swirl around these types of apps, they remain a focus for the FTC, which has settled a handful of allegations against companies over the last several years. With Gartner predicting that roughly 1.4 billion health and fitness units will ship by 2020 – an increase from the 300 million last year – it’s safe to assume those allegations will rise.

Tags:
information leaks
Source:
Threatpost
1741
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015