photo de l'application stop covid

COVID-19: Are tracking apps really safe?

In order to limit the spread of the epidemic, the government is now encouraging the public to use health applications. Covid-19 monitoring derived from Big Data. However, like all medical and healthcare applications, 71% of them have a security vulnerability. These tools, although very popular, therefore constitute easy prey for cybercriminals.

To produce this report, Intertrust analyzed more than 100 public-facing mHealth apps around the world. This large-scale operation made it possible to determine the vulnerability of the software as well as its threats. The study also focused on a large category of programs, including Covid -19 monitoring applications.

The main threats of mobile applications

The encryption system constitutes the main threat of healthcare applications. Indeed, with more than 100 applications studied, 91% of them failed cryptographic tests.

The report found that some tools use racial detection, while a small percentage feature string encryption. Finally, a minority includes emulator detection and encryption of resources or assets. Only one application received Intertrust accreditation after the test bench.

These results shed light on the cryptographic problems of mHealth. Software is easy prey for cybercriminals. Hackers can quickly break encryption and exploit confidential patient data to send illegitimate commands. They can also use the application for malicious purposes.

Strengthening security at the top of priorities

This is not mere speculation. The risks of data breaches are real, and the Intertrust report proves it. A study which should also encourage developers to review their security system.

A lire également  3 ways to secure a business

Indeed, for many, their main mission is to ensure that the tool works correctly within a certain time frame. Security comes only afterwards. A way of working which is at the origin of the antecedents of the vulnerabilities detected in several medical applications. Fortunately, according to Intertrust, these problems can be corrected by implementing protection systems such as code obfuscation, tamper detection and white-box cryptography.

Highlights of the report

In all, 100 iOS and Android applications passed into the hands of cybersecurity experts. They were analyzed using a range of static and dynamic analysis techniques in accordance with OWASP mobile security risks. The vulnerability study is carried out on the basis of the independent international threat classification system CVSS. Here’s what you need to remember from the report:

  • Every Android app tested and 72% of iOS apps contained four or more vulnerabilities, giving a very bleak picture of healthcare app security overall.
  • Cryptographic weaknesses and poor data storage protection are also the most widespread threats.
  • Mismanagement and encryption weaknesses affect 91% of applications. Which increases the risks of data breaches and intellectual property theft.
  • 34% of Android apps and 28% of iOS apps are vulnerable to encryption key extraction.
  • The majority of mobile health applications have security vulnerabilities related to data storage. 60% of Android apps analyzed stored information in SharedPreferences. Hackers or robots can therefore easily read and modify unencrypted data.
  • 85% of Covid tracking apps have been flagged for leaking user data.