Security News > 2021 > February > mHealth Apps Expose Millions to Cyberattacks

Researcher Alissa Knight with Approov tried to break into the APIs of 30 different mHealth app vendors, with the agreement she wouldn't ID the vulnerable ones.

According to the resulting report from Approov, out of 30 popular mHealth apps analyzed, 77 percent of them contained hardcoded API keys, which would allow an attacker to intercept that exchange of information - some of which don't expire.

Threat actors meanwhile have a big financial incentive to target these mHealth APIs.

What is the Top mHealth App Threat? BOLA is the most common abuse vector for mHealth APIs, Knight said, pointing out it's no coincidence that OWASP's recently published list of top API threats put these types of vulns at the top.

Half of the mHealth APIs she tested for this report didn't authenticate requests with tokens.

"The fact is that leading developers and their corporate and organizational customers consistently fail to recognize that APIs servicing remote clients such as mobile apps need a new and dedicated security paradigm."

News URL

https://threatpost.com/mhealth-apps-millions-cyberattacks/163966/