security of diabetes monitoring apps
play

Security of diabetes monitoring apps Research project 1 Security - PowerPoint PPT Presentation

Jul 21, 2023 •346 likes •645 views

Security of diabetes monitoring apps Research project 1 Security and Network Engineering Edgar Bohte & Roy Vermeulen Why diabetes? 2 3 The upside 4 Smartphone app security 5 Health data confidentiality 6 Diabetes data integrity

  1. Security of diabetes monitoring apps Research project 1 Security and Network Engineering Edgar Bohte & Roy Vermeulen

  2. Why diabetes? 2

  3. 3

  4. The upside 4

  5. Smartphone app security 5

  6. Health data confidentiality 6

  7. Diabetes data integrity ● Hyperglycaemia ● Hypoglycaemia 7

  8. Research question ● What is the current state of security in diabetes blood glucose monitoring apps? 1. How can an unauthorized third party derive data from the glucose monitoring apps? 2. Which data can be derived from these apps by an unauthorized third party? 3. How can an unauthorized third party alter the data in these apps? 8

  9. Selecting apps ● 3 apps ● Only android apps ● Selected by popularity 9

  10. Emulation ● Genymotion a) ● Android 8.0 Oreo a) 10

  11. c) Tools b) k) d) e) f) 11

  12. OWASP framework o) 12

  13. M1: Improper Platform Usage M1: Improper Platform Usage App 1 App 2 Activities every app can call App 3 Activities every app can call 13

  14. M2: Insecure Data Storage M2: Insecure Data Storage App 1 Authentication is in logs App 2 Database not encrypted App 3 Glucose level in logs 14

  15. M3: Insecure Communication M3: Insecure Communication App 1 Uses HTTP connection App 2 App 3 15

  16. M4: Insecure Authentication M4: Insecure Authentication App 1 Authentication token duration valid App 2 Not able to log out App 3 Authentication token generation 16

  17. M5: Insufficient Cryptography 17

  18. M6: Insecure Authorization M6: Insecure Authorization App 1 Insecure link generation for sharing data App 2 App 3 Authorization check export archived data 18

  19. Link generation ● Character space a-z A-Z 0-9 ● 4 characters long ● http://example.link/ i1Db ● http://example.link/ j1Db . . . ● http://example.link/ 91Db ● http://example.link/ a2Db 19

  20. M6: Insecure Authorization M6: Insecure Authorization App 1 Insecure link generation for sharing data App 2 App 3 Authorization check export archived data 20

  21. M9: Reverse Engineering M9: Reverse Engineering App 1 App 2 App 3 21

  22. Scoring overview M1 M2 M3 M4 M6 M9 App 1 App 2 App 3 22

  23. App 1 exploit ● Authentication token in logs ● Duration Authentication token stays valid Access level Requirements malicious app or access physical read and write device 23

  24. App 2 exploit ● Get data via unencrypted database Access level Requirements read and write root 24

  25. App 3 exploit ● Get unencrypted email and password ● Use them to get authentication code Access level Requirements read and write root ● Get data via export archived data Access level Requirements read Connect to server and an account 25

  26. Conclusion ● What is the current state of security in diabetes blood glucose monitoring apps? ● Storage and authentication biggest problem ● Obtain medical data from all apps ● Modify medical data 2 out of 3 apps ● Most found vulnerabilities rely on physical access or malicious app 26

  27. Future work ● Other OS (iOS) ● More apps (paid for apps) ● Invasive server testing ● Apps connecting to sensor 27

  28. Thank you for your attention image sources: a) images by Genymotion (https://www.genymotion.com/) b) image from kali linux tutorials (https://kalilinuxtutorials.com/mobsf-mobile-security-framework/) c) image from android community (https://androidcommunity.com/how-to-getting-adb-on-your-pc-without-installing-full-android-sdk-20180307/) d) image by Qualys (https://community.qualys.com/community/ssllabs) e) image from effect hacking (http://www.effecthacking.com/2016/01/drozer-android-security-assessment-framework.html) f) image from ehacking.net (https://academy.ehacking.net/p/burp-suite-web-penetration-testing) 28

Recommend

DiaBeatIt An app to help prevent diabetes through healthy eating Maki Hirose The Problem &

DiaBeatIt An app to help prevent diabetes through healthy eating Maki Hirose The Problem &

DiaBeatIt An app to help prevent diabetes through healthy eating Maki Hirose The Problem & The Mission There are apps available for diabetes patients to keep track of their diabetes, but there are no apps to help prevent

594 views • 36 slides
New Larnaca Hospital Diabetes Clinic 2016 Diabetes Registry, Health Monitoring Unit, Ministry of

New Larnaca Hospital Diabetes Clinic 2016 Diabetes Registry, Health Monitoring Unit, Ministry of

New Larnaca Hospital Diabetes Clinic 2016 Diabetes Registry, Health Monitoring Unit, Ministry of Health 1 Demographic characteristics Diabetes Registry, Health Monitoring Unit, Ministry of Health 2 Diabetic Population: Age & sex

457 views • 45 slides
What is Diabetes? Whistle stop tour Living With Monitoring Complications Type 1

What is Diabetes? Whistle stop tour Living With Monitoring Complications Type 1

What is Diabetes? Whistle stop tour Living With Monitoring Complications Type 1 diabetes This is where the amount of glucose (sugar) in the blood is too high because the body cannot use it properly. This is because the

631 views • 24 slides
INJECTING SECURITY INTO WEB APPS AT RUNTIME AJIN ABRAHAM SECURITY ENGINEER #WHOAMI

INJECTING SECURITY INTO WEB APPS AT RUNTIME AJIN ABRAHAM SECURITY ENGINEER #WHOAMI

INJECTING SECURITY INTO WEB APPS AT RUNTIME AJIN ABRAHAM SECURITY ENGINEER #WHOAMI Security Engineering @ Research on Runtime Application Self Defence Authored MobSF, Xenotix and NodeJSScan Teach Security: opsecx.com

906 views • 55 slides
All Your Cluster-Grids Are Belong to Us: Monitoring the (in)Security of Infrastructure Monitoring

All Your Cluster-Grids Are Belong to Us: Monitoring the (in)Security of Infrastructure Monitoring

All Your Cluster-Grids Are Belong to Us: Monitoring the (in)Security of Infrastructure Monitoring Systems Andrei Costin EURECOM, France 1 st Workshop on Security & Privacy in the Cloud (SPC) 30 Sep 2015, Florence Italy Agenda

640 views • 63 slides
Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of

Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of

WELCOME Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of information An App is a piece of so ware (a program) that needs to be installed on Mobile Apps are device specific, meaning that an App that runs

268 views • 12 slides
Why should we monitor glucose? 2 1 2/28/2020 American Diabetes Association Recommendations for

Why should we monitor glucose? 2 1 2/28/2020 American Diabetes Association Recommendations for

2/28/2020 Type 2 Topics: Monitoring Your Glucose with CGMs: To Poke or Not to Poke? Kevin Kam, RPh, CDCES inControl Diabetes Center WWW.TCOYD.ORG WWW.TCOYD.ORG Taking Control Of Your Diabetes, 501(c)3 is a not-for-profit educational

693 views • 18 slides
Telemedicine Medication/ Wearable Central Automation Monitoring Apps insulin Devices

Telemedicine Medication/ Wearable Central Automation Monitoring Apps insulin Devices

10/10/2018 Smart Technologies to Disclosures Enhance Diabetes Management and Communication None Robert J. Rushakoff, MD Professor of Medicine University of California, San Francisco robert.Rushakoff@ucsf.edu Telemedicine Medication/

341 views • 18 slides
Security Monitoring and Enforcement for the Cloud Model Aryan TaheriMonfared

Security Monitoring and Enforcement for the Cloud Model Aryan TaheriMonfared

Infrastructure Architecture for a Cloud IaaS Provider Software Defined Networking and Network Virtualization Network Monitoring Security Enforcement Inter-Domain Routing for Virtualized Networks Security Monitoring and Enforcement for the

795 views • 42 slides
How is the Quality of PatientGenerated Health Data Managed in Diabetes Remote Monitoring?

How is the Quality of PatientGenerated Health Data Managed in Diabetes Remote Monitoring?

How is the Quality of PatientGenerated Health Data Managed in Diabetes Remote Monitoring? Robab Abdolkhani Kathleen Gray Ann Borda Ruth DeSouza Health and Biomedical Informatics Centre (HaBIC), The University of Melbourne 05 February

259 views • 24 slides
Recommendations BURDEN OF DIABETES Diabetes is a serious, chronic disease

Recommendations BURDEN OF DIABETES Diabetes is a serious, chronic disease

Scope of the report Burden of diabetes Preventing diabetes Managing diabetes National response Recommendations BURDEN OF DIABETES Diabetes is a serious, chronic disease characterized by elevated blood glucose

1.01k views • 32 slides
Roadmap to an open source artificial pancreas & diabetes monitoring with Flask

Roadmap to an open source artificial pancreas & diabetes monitoring with Flask

Roadmap to an open source artificial pancreas & diabetes monitoring with Flask #WeAreNotWaiting $whoami Diana Rodrguez Google Developer Expert Auth0 Ambassador Microsoft MVP Developer Advocate @ Vonage GDG Durham Organiser @

923 views • 66 slides
Your Diabetes Seem Like a Puzzle? Your Team at the Diabetes Centre can help! Your Diabetes

Your Diabetes Seem Like a Puzzle? Your Team at the Diabetes Centre can help! Your Diabetes

Does Managing Your Diabetes Seem Like a Puzzle? Your Team at the Diabetes Centre can help! Your Diabetes Management Team! You Nu Nurses Dietit etitia ians Soc ocial ial Pharma macist ist Worker er Endoc docrinolo inologist

439 views • 9 slides
Boxing them in Buggy apps can crash other apps The Kernel App 1 App 2 App 3 Buggy apps can

Boxing them in Buggy apps can crash other apps The Kernel App 1 App 2 App 3 Buggy apps can

Boxing them in Buggy apps can crash other apps The Kernel App 1 App 2 App 3 Buggy apps can crash OS wants to be your friend Buggy apps can hog all resources Operating System Malicious apps can violate Reading and writing memory, privacy

548 views • 17 slides
The Age of Healthcare Consumerisation : Wearables, Health Apps, Remote Patient Monitoring and

The Age of Healthcare Consumerisation : Wearables, Health Apps, Remote Patient Monitoring and

IAPP Data Protection Intensive London 15 April 2015 The Age of Healthcare Consumerisation : Wearables, Health Apps, Remote Patient Monitoring and Health Data Presented By: Ryan P. Blaney, Esq. Washington, DC rblaney@cozen.com Agenda

962 views • 56 slides
Just keep functioning Testing, monitoring, and debugging FaaS apps Ace Nassri Developer

Just keep functioning Testing, monitoring, and debugging FaaS apps Ace Nassri Developer

Just keep functioning Testing, monitoring, and debugging FaaS apps Ace Nassri Developer Programs Engineer @ Google October 4th, 2018 Agenda Ops CI/CD Serverless Testing 1 Testing: a background An overview of testing strategies

483 views • 32 slides
secmon Basic Oracle Security Monitoring Basic Oracle Security Monitoring motivation & start

secmon Basic Oracle Security Monitoring Basic Oracle Security Monitoring motivation & start

secmon Basic Oracle Security Monitoring Basic Oracle Security Monitoring motivation & start motivation & start internet security evaluate password cracker to check security of passwords passwords problems problems default

703 views • 27 slides
Diabetes Prevention Programme Website: www.preventing-diabetes.co.uk Diabetes prevalence It

Diabetes Prevention Programme Website: www.preventing-diabetes.co.uk Diabetes prevalence It

Diabetes Prevention Programme Website: www.preventing-diabetes.co.uk Diabetes prevalence It is estimated that over 5 million people in England are at risk of developing Type 2 diabetes If current trends persist, one in ten people will

613 views • 12 slides
1 Current Security Monitoring Current Network Monitoring Visualization Humans learn visually

1 Current Security Monitoring Current Network Monitoring Visualization Humans learn visually

Overview The Thin Blue Line: Security SysAdmins Current state of Internet Security Better Tools for System Administration: all metrics show bad -> worse unpatched software vulnerabilities Enhancing the Human-Computer

583 views • 6 slides
STROLLING INTO RING-0 via i/o kit drivers @patrickwardle WHOIS security for the 21st century

STROLLING INTO RING-0 via i/o kit drivers @patrickwardle WHOIS security for the 21st century

STROLLING INTO RING-0 via i/o kit drivers @patrickwardle WHOIS security for the 21st century leverages the best combination of humans and technology to discover security vulnerabilities in our customers web apps, mobile apps, IoT

648 views • 47 slides
Mo(bile) Money, Mo(bile) Problems: Security Analysis of Branchless Banking Apps in the Developing

Mo(bile) Money, Mo(bile) Problems: Security Analysis of Branchless Banking Apps in the Developing

Mo(bile) Money, Mo(bile) Problems: Security Analysis of Branchless Banking Apps in the Developing World Bradly Reaves, Nolen Scaife, Adam Bates, Patrick Traynor, Kevin Butler University of Florida Published at USENIX Security 2015 Based on

444 views • 19 slides
F ROM WEBSITES TO APPS , AND NOW FROM APPS TO CHATBOTS ? A NTNIO B RANCO FROM APPS TO CHATBOTS

F ROM WEBSITES TO APPS , AND NOW FROM APPS TO CHATBOTS ? A NTNIO B RANCO FROM APPS TO CHATBOTS

F ROM WEBSITES TO APPS , AND NOW FROM APPS TO CHATBOTS ? A NTNIO B RANCO FROM APPS TO CHATBOTS CEO of large social network in annual development conference 2 months ago Shared vision for next 2 decades: past : with advent of PCs, companies

498 views • 14 slides
OAuth 2.0 for Browser Based Apps OAuth Security Workshop 2019 David Waite, Principal Technical

OAuth 2.0 for Browser Based Apps OAuth Security Workshop 2019 David Waite, Principal Technical

OAuth 2.0 for Browser Based Apps OAuth Security Workshop 2019 David Waite, Principal Technical Architect, Ping Identity Purpose Best Current Practices Document Builds mostly on RFC 8252 - OAuth 2.0 for Native Apps I-D

386 views • 10 slides
pregnancy Fiona McKeeman-Credentialled Diabetes Educator 1 Diabetes In Pregnancy Gestational

pregnancy Fiona McKeeman-Credentialled Diabetes Educator 1 Diabetes In Pregnancy Gestational

Diabetes in pregnancy Fiona McKeeman-Credentialled Diabetes Educator 1 Diabetes In Pregnancy Gestational Diabetes Pre-Existing Diabetes- Type 1 Diabetes Type 2 Diabetes The Endocrine Unit The advanced trainee/ Reg Pager

872 views • 30 slides

More recommend