Security Vulnerabilities in Mobile Health Applications

April 13, 2018

A thesis, presented by Michael Black to the University Honors Program at the California State University in the spring of 2018.

"Only four of the applications (Health2Sync, MedM Health, Mob ECG, and SaniQ Asthma) received the ideal grade of A+."

"Only one of the applications (MedM Health) used no weak cipher suites."

"Only three of the application servers (MedM Health, MobECG, SaniQ Asthma) supported HSTS."

"Five applications (iHealth MyVitals, MedM Health, MobECG, Valedo, Heart Rate Monitor) were unaffected by a Man in the Middle attack using Fiddler."

"MedM’s support team replied to notify us that they are not required to be compliant because they only connect the user to services that handle PHI, but that they do implement most of the HIPAA requirements and explicitly mentioned how they do so."

https://scholarworks.calstate.edu/downloads/1544br65f

https://home.csulb.edu/~maliasga/papers/sec-vul-mhealth-AINS18.pdf

All publications