security of diabetes monitoring apps
play

Security of diabetes monitoring apps Research project 1 Security - PowerPoint PPT Presentation

Jul 21, 2023 •346 likes •645 views

Security of diabetes monitoring apps Research project 1 Security and Network Engineering Edgar Bohte & Roy Vermeulen Why diabetes? 2 3 The upside 4 Smartphone app security 5 Health data confidentiality 6 Diabetes data integrity

  1. Security of diabetes monitoring apps Research project 1 Security and Network Engineering Edgar Bohte & Roy Vermeulen

  2. Why diabetes? 2

  3. 3

  4. The upside 4

  5. Smartphone app security 5

  6. Health data confidentiality 6

  7. Diabetes data integrity ● Hyperglycaemia ● Hypoglycaemia 7

  8. Research question ● What is the current state of security in diabetes blood glucose monitoring apps? 1. How can an unauthorized third party derive data from the glucose monitoring apps? 2. Which data can be derived from these apps by an unauthorized third party? 3. How can an unauthorized third party alter the data in these apps? 8

  9. Selecting apps ● 3 apps ● Only android apps ● Selected by popularity 9

  10. Emulation ● Genymotion a) ● Android 8.0 Oreo a) 10

  11. c) Tools b) k) d) e) f) 11

  12. OWASP framework o) 12

  13. M1: Improper Platform Usage M1: Improper Platform Usage App 1 App 2 Activities every app can call App 3 Activities every app can call 13

  14. M2: Insecure Data Storage M2: Insecure Data Storage App 1 Authentication is in logs App 2 Database not encrypted App 3 Glucose level in logs 14

  15. M3: Insecure Communication M3: Insecure Communication App 1 Uses HTTP connection App 2 App 3 15

  16. M4: Insecure Authentication M4: Insecure Authentication App 1 Authentication token duration valid App 2 Not able to log out App 3 Authentication token generation 16

  17. M5: Insufficient Cryptography 17

  18. M6: Insecure Authorization M6: Insecure Authorization App 1 Insecure link generation for sharing data App 2 App 3 Authorization check export archived data 18

  19. Link generation ● Character space a-z A-Z 0-9 ● 4 characters long ● http://example.link/ i1Db ● http://example.link/ j1Db . . . ● http://example.link/ 91Db ● http://example.link/ a2Db 19

  20. M6: Insecure Authorization M6: Insecure Authorization App 1 Insecure link generation for sharing data App 2 App 3 Authorization check export archived data 20

  21. M9: Reverse Engineering M9: Reverse Engineering App 1 App 2 App 3 21

  22. Scoring overview M1 M2 M3 M4 M6 M9 App 1 App 2 App 3 22

  23. App 1 exploit ● Authentication token in logs ● Duration Authentication token stays valid Access level Requirements malicious app or access physical read and write device 23

  24. App 2 exploit ● Get data via unencrypted database Access level Requirements read and write root 24

  25. App 3 exploit ● Get unencrypted email and password ● Use them to get authentication code Access level Requirements read and write root ● Get data via export archived data Access level Requirements read Connect to server and an account 25

  26. Conclusion ● What is the current state of security in diabetes blood glucose monitoring apps? ● Storage and authentication biggest problem ● Obtain medical data from all apps ● Modify medical data 2 out of 3 apps ● Most found vulnerabilities rely on physical access or malicious app 26

  27. Future work ● Other OS (iOS) ● More apps (paid for apps) ● Invasive server testing ● Apps connecting to sensor 27

  28. Thank you for your attention image sources: a) images by Genymotion (https://www.genymotion.com/) b) image from kali linux tutorials (https://kalilinuxtutorials.com/mobsf-mobile-security-framework/) c) image from android community (https://androidcommunity.com/how-to-getting-adb-on-your-pc-without-installing-full-android-sdk-20180307/) d) image by Qualys (https://community.qualys.com/community/ssllabs) e) image from effect hacking (http://www.effecthacking.com/2016/01/drozer-android-security-assessment-framework.html) f) image from ehacking.net (https://academy.ehacking.net/p/burp-suite-web-penetration-testing) 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DiaBeatIt An app to help prevent diabetes through healthy eating Maki Hirose The Problem &

DiaBeatIt An app to help prevent diabetes through healthy eating Maki Hirose The Problem &

DiaBeatIt An app to help prevent diabetes through healthy eating Maki Hirose The Problem & The Mission There are apps available for diabetes patients to keep track of their diabetes, but there are no apps to help prevent

594 views • 36 slides
New Larnaca Hospital Diabetes Clinic 2016 Diabetes Registry, Health Monitoring Unit, Ministry of

New Larnaca Hospital Diabetes Clinic 2016 Diabetes Registry, Health Monitoring Unit, Ministry of

New Larnaca Hospital Diabetes Clinic 2016 Diabetes Registry, Health Monitoring Unit, Ministry of Health 1 Demographic characteristics Diabetes Registry, Health Monitoring Unit, Ministry of Health 2 Diabetic Population: Age & sex

457 views • 45 slides
What is Diabetes? Whistle stop tour Living With Monitoring Complications Type 1

What is Diabetes? Whistle stop tour Living With Monitoring Complications Type 1

What is Diabetes? Whistle stop tour Living With Monitoring Complications Type 1 diabetes This is where the amount of glucose (sugar) in the blood is too high because the body cannot use it properly. This is because the

631 views • 24 slides
INJECTING SECURITY INTO WEB APPS AT RUNTIME AJIN ABRAHAM SECURITY ENGINEER #WHOAMI

INJECTING SECURITY INTO WEB APPS AT RUNTIME AJIN ABRAHAM SECURITY ENGINEER #WHOAMI

INJECTING SECURITY INTO WEB APPS AT RUNTIME AJIN ABRAHAM SECURITY ENGINEER #WHOAMI Security Engineering @ Research on Runtime Application Self Defence Authored MobSF, Xenotix and NodeJSScan Teach Security: opsecx.com

906 views • 55 slides
All Your Cluster-Grids Are Belong to Us: Monitoring the (in)Security of Infrastructure Monitoring

All Your Cluster-Grids Are Belong to Us: Monitoring the (in)Security of Infrastructure Monitoring

All Your Cluster-Grids Are Belong to Us: Monitoring the (in)Security of Infrastructure Monitoring Systems Andrei Costin EURECOM, France 1 st Workshop on Security & Privacy in the Cloud (SPC) 30 Sep 2015, Florence Italy Agenda

640 views • 63 slides
Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of

Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of

WELCOME Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of information An App is a piece of so ware (a program) that needs to be installed on Mobile Apps are device specific, meaning that an App that runs

268 views • 12 slides
Why should we monitor glucose? 2 1 2/28/2020 American Diabetes Association Recommendations for

Why should we monitor glucose? 2 1 2/28/2020 American Diabetes Association Recommendations for

2/28/2020 Type 2 Topics: Monitoring Your Glucose with CGMs: To Poke or Not to Poke? Kevin Kam, RPh, CDCES inControl Diabetes Center WWW.TCOYD.ORG WWW.TCOYD.ORG Taking Control Of Your Diabetes, 501(c)3 is a not-for-profit educational

693 views • 18 slides
Telemedicine Medication/ Wearable Central Automation Monitoring Apps insulin Devices

Telemedicine Medication/ Wearable Central Automation Monitoring Apps insulin Devices

10/10/2018 Smart Technologies to Disclosures Enhance Diabetes Management and Communication None Robert J. Rushakoff, MD Professor of Medicine University of California, San Francisco robert.Rushakoff@ucsf.edu Telemedicine Medication/

341 views • 18 slides
Security Monitoring and Enforcement for the Cloud Model Aryan TaheriMonfared

Security Monitoring and Enforcement for the Cloud Model Aryan TaheriMonfared

Infrastructure Architecture for a Cloud IaaS Provider Software Defined Networking and Network Virtualization Network Monitoring Security Enforcement Inter-Domain Routing for Virtualized Networks Security Monitoring and Enforcement for the

795 views • 42 slides
How is the Quality of PatientGenerated Health Data Managed in Diabetes Remote Monitoring?

How is the Quality of PatientGenerated Health Data Managed in Diabetes Remote Monitoring?

How is the Quality of PatientGenerated Health Data Managed in Diabetes Remote Monitoring? Robab Abdolkhani Kathleen Gray Ann Borda Ruth DeSouza Health and Biomedical Informatics Centre (HaBIC), The University of Melbourne 05 February

259 views • 24 slides
Recommendations BURDEN OF DIABETES Diabetes is a serious, chronic disease

Recommendations BURDEN OF DIABETES Diabetes is a serious, chronic disease

Scope of the report Burden of diabetes Preventing diabetes Managing diabetes National response Recommendations BURDEN OF DIABETES Diabetes is a serious, chronic disease characterized by elevated blood glucose

1.01k views • 32 slides
Roadmap to an open source artificial pancreas & diabetes monitoring with Flask

Roadmap to an open source artificial pancreas & diabetes monitoring with Flask

Roadmap to an open source artificial pancreas & diabetes monitoring with Flask #WeAreNotWaiting $whoami Diana Rodrguez Google Developer Expert Auth0 Ambassador Microsoft MVP Developer Advocate @ Vonage GDG Durham Organiser @

923 views • 66 slides
Your Diabetes Seem Like a Puzzle? Your Team at the Diabetes Centre can help! Your Diabetes

Your Diabetes Seem Like a Puzzle? Your Team at the Diabetes Centre can help! Your Diabetes

Does Managing Your Diabetes Seem Like a Puzzle? Your Team at the Diabetes Centre can help! Your Diabetes Management Team! You Nu Nurses Dietit etitia ians Soc ocial ial Pharma macist ist Worker er Endoc docrinolo inologist

439 views • 9 slides
Boxing them in Buggy apps can crash other apps The Kernel App 1 App 2 App 3 Buggy apps can

Boxing them in Buggy apps can crash other apps The Kernel App 1 App 2 App 3 Buggy apps can

Boxing them in Buggy apps can crash other apps The Kernel App 1 App 2 App 3 Buggy apps can crash OS wants to be your friend Buggy apps can hog all resources Operating System Malicious apps can violate Reading and writing memory, privacy

548 views • 17 slides
The Age of Healthcare Consumerisation : Wearables, Health Apps, Remote Patient Monitoring and

The Age of Healthcare Consumerisation : Wearables, Health Apps, Remote Patient Monitoring and

IAPP Data Protection Intensive London 15 April 2015 The Age of Healthcare Consumerisation : Wearables, Health Apps, Remote Patient Monitoring and Health Data Presented By: Ryan P. Blaney, Esq. Washington, DC rblaney@cozen.com Agenda

962 views • 56 slides
Just keep functioning Testing, monitoring, and debugging FaaS apps Ace Nassri Developer

Just keep functioning Testing, monitoring, and debugging FaaS apps Ace Nassri Developer

Just keep functioning Testing, monitoring, and debugging FaaS apps Ace Nassri Developer Programs Engineer @ Google October 4th, 2018 Agenda Ops CI/CD Serverless Testing 1 Testing: a background An overview of testing strategies

483 views • 32 slides
Medication Therapy Management Dr. Kimberly Robbins, R.Ph. Patients are overwhelmed Too many

Medication Therapy Management Dr. Kimberly Robbins, R.Ph. Patients are overwhelmed Too many

Medication Therapy Management Dr. Kimberly Robbins, R.Ph. Patients are overwhelmed Too many medications? Too expensive? Too many times a day? Addition of OTCs? Side effects? Pha Pharmacists are the he Med Medication E Exp

476 views • 11 slides
EnprEMA Diabetes and Endocrinology Network Meetings: Webpage www.eucadet.org under

EnprEMA Diabetes and Endocrinology Network Meetings: Webpage www.eucadet.org under

EnprEMA Diabetes and Endocrinology Network Meetings: Webpage www.eucadet.org under construction National Associations elect steering committee Formal inaugural meeting ESPE 2014 EnprEMA Diabetes and Endocrinology Network

161 views • 4 slides
SPECIAL THANKS OBJECTIVES Describe faculty project sponsored by Walter Rand Institute

SPECIAL THANKS OBJECTIVES Describe faculty project sponsored by Walter Rand Institute

SPECIAL THANKS OBJECTIVES Describe faculty project sponsored by Walter Rand Institute Provide background on state of chronic illness in United States Describe current realities about Type 2 Diabetes Mellitus in the United States,

512 views • 48 slides
DIABETIC EYE SCREENING What is Diabetic Eye Screening? Diabetic eye screening means taking a

DIABETIC EYE SCREENING What is Diabetic Eye Screening? Diabetic eye screening means taking a

DIABETIC EYE SCREENING What is Diabetic Eye Screening? Diabetic eye screening means taking a photograph of the inside of your eyes with a special camera. People with diabetes have too much sugar in their blood. Eye screening can help to

284 views • 4 slides
Diabetes Basics Key Points That All Personnel Need To Know

Diabetes Basics Key Points That All Personnel Need To Know

Diabetes Basics Key Points That All Personnel Need To Know Learning Objectives Participants will be able to understand: What is diabetes? Why care at school is required? Basic

714 views • 29 slides
Dental Health & Diabetes Dental Health Is Important for Everyone! Why is Dental Health so

Dental Health & Diabetes Dental Health Is Important for Everyone! Why is Dental Health so

Dental Health & Diabetes Dental Health Is Important for Everyone! Why is Dental Health so Important? A healthy mouth is an important part of a healthy body People with diabetes have a higher risk for mouth infections Mouth

814 views • 21 slides
LabStyle Innovations Corp. (OTCQB:DRIO) Disclaimer Regarding Forward-Looking Statements This

LabStyle Innovations Corp. (OTCQB:DRIO) Disclaimer Regarding Forward-Looking Statements This

Thriving with Diabetes In the mHealth Era LabStyle Innovations Corp. (OTCQB:DRIO) Disclaimer Regarding Forward-Looking Statements This presentation of LabStyle Innovations Corp. (the Company ) and statements of the Company s management

806 views • 25 slides
Case #1 Case #1 Endocrine Emergencies Endocrine Emergencies 21-year old WF presents with

Case #1 Case #1 Endocrine Emergencies Endocrine Emergencies 21-year old WF presents with

Case #1 Case #1 Endocrine Emergencies Endocrine Emergencies 21-year old WF presents with dyspnea and abdominal pain. She has been complaining of thirst, polyuria, and blurred vision for a week while studying for final exams. She had a

612 views • 16 slides

More recommend