-

Approov Announces Follow-on Research into Security of mHealth apps use of SMART and FHIR with a Call to Participate

Approov Sponsors New Research Following the widely-reported Knight Ink Research Report that revealed how API-Focused Attacks Exploit Vulnerabilities in mHealth Apps, Exposing Data of Millions of Patients; Schedules Webinar for March 4

SAN JOSE, Calif. & EDINBURGH, Scotland--(BUSINESS WIRE)--Approov, creators of advanced API threat protection for mobile applications, today announced a March 4 Webinar that presents new data from research into API-focused Mobile Attacks and sponsorship of the next phase of research into this topic with a call for developers to participate.

The first report, which can be downloaded at https://approov.io/mhealth/hacking/, revealed that fully 100 percent of the 30 popular mHealth apps analyzed by Alissa Knight, partner at Knight Ink, are vulnerable to API attacks that can allow unauthorized access to full patient records including protected health information (PHI) and personally identifiable information (PII). The study underscores the API shielding actions now urgently required to protect mHealth apps from API abuse.

“The report downloads have been strong and initial findings have demonstrated a need to look deeper into security best practices for SMART and FHIR. Compliance may not be enough, which is why we are sponsoring this research,” said Approov CEO and co-founder David Stewart. “Knight Ink will do the research during March 2021. Apps tested won’t be identified in the report and Alissa Knight is actively seeking participants in the study. This gives developers an opportunity to have their mobile healthcare apps and APIs pen-tested confidentially by an industry leading API security expert for free.”

This research is critical and timely because use of FHIR has been mandated by the ONS to drive interoperability and empower patients to access and manage their own healthcare data. Data from ONC shows that 85% of providers have FHIR in their information systems. The standard is evolving, but has been mandated in a number of regulations. FHIR is already in use for medical record exchange. You can use it to send and receive lab results, prescriptions, and medications. It is used already by patients who access their health data, for example via Apple’s Health Record app. SMART defines a framework for mobile apps to access FHIR APIs.

The new research will test current apps against the standards and recommended security practices, and will make recommendations based on the research. If you are implementing SMART apps using FHIR APIs we invite you to participate. Interested developers should contact Knight Ink directly to sign up at ak@knightinkmedia.com

Approov will host a live webinar for March 4, 2021 at 1:00 p.m. EST. The webinar will be co-hosted by independent security researcher Alissa Knight, partner, Knight Ink, and Skip Hovsmith, principal engineer and VP Americas for Approov. The webinar will cover -- in depth -- the mHealth applications tested, the tools and techniques that were used to expose vulnerabilities in apps and APIs, and the types of issues which were exposed. Next steps in the research will also be covered. A live demonstration will be provided to show how to address the issues highlighted in the report.

Knight has 20 years of experience in cybersecurity as a penetration tester and vulnerability researcher. She is an industry influencer, content creator, and partner at Knight Ink. Knight is a recognized author. She recently published a book on hacking connected cars and reports on vulnerabilities in Fintech and mHealth apps. Hovsmith heads Approov’s US team, and is based in California. His focus is on helping customers secure API usage between mobile apps and their backend services. He has deep experience in accelerating mobile and embedded software running on multicore and custom coprocessor platforms. He is a frequent speaker at conferences on mobile apps, APIs and cybersecurity.

To Register for the March 4 webinar, go to https://us02web.zoom.us/webinar/register/WN_gVmmKhQPTZqKM-p0td0NQg

About Approov

Approov solutions help stop API abuse at the edge, and prevent security breaches in mobile channels. With more businesses moving to digitalization and future-ready services that use mobile API connections, securing those connections properly can get overlooked or not fully implemented for all possible threats, exposing organizations and their users to breaches, fraud, denial of service, and other forms of API abuse. Knight Ink found that the Approov solution was effective in preventing 100 percent of the unauthorized API requests described in the report.

Approov API Threat Protection provides a multi-factor, end-to-end mobile API security solution that complements identity management, endpoint, and device protection to lock-down proper API usage. It ensures that only safe and approved apps running in safe environments can successfully and securely access an organization’s APIs, and turns away unauthorized accesses by attacker scripting, bots and fake or tampered apps. https://www.approov.io/

Additional Resources:

Research Report - All That We Let In: https://approov.io/mhealth/hacking/
Infographic – All That We Let In: https://approov.io/download/all-that-we-let-in-hacking-mhealth-apps-and-apis-infographics.pdf (Facts on Vulnerabilities in Mobile Health Apps and APIs)
Approov mHealth blog - Exposing Vulnerabilities in mHealth Apps and APIs: https://blog.approov.io/exposing-vulnerabilities-in-mhealth-apps-and-apis
Approov healthcare case study - How MV Healthcare Uses Approov to Give Flexibility to Physicians while Protecting Patient Data: https://www.approov.io/customer/mv/
Knight Ink: https://www.knightinkmedia.com
Approov: https://approov.io/

Contacts

Media Contact:
Dan Chmielewski
Madison Alexander PR, Inc.
714-832-8716
C: 949-231-2965
dchm@madisonalexanderpr.com

Approov


Release Summary
Approov Announces Follow-on Research into Security of mHealth apps use of SMART and FHIR with a Call to Participate; Webinar set for March 4, 1PM EST
Release Versions

Contacts

Media Contact:
Dan Chmielewski
Madison Alexander PR, Inc.
714-832-8716
C: 949-231-2965
dchm@madisonalexanderpr.com

More News From Approov

95% of Fintech Apps Across Africa Immediately Expose Valuable, Exploitable Secrets

PALO ALTO, Calif.--(BUSINESS WIRE)--Approov, the end-to-end mobile security provider, released a report today showing that 95 percent of the most popular African banking and financial services apps contain easy-to-extract secrets, which could be used in scripts and bots to attack application programming interfaces (APIs) and steal data, devastating consumers and the institutions they trust. This report describes research by a team from the CyLab-Africa and Upanzi Open Digital Technologies Netwo...

Approov Launches Global Partner Program for Easy Access to Mobile Security with Comprehensive Support

PALO ALTO, Calif.--(BUSINESS WIRE)--Approov, the end-to-end mobile app security provider, today launched a comprehensive global partner program dedicated to ensuring qualified business, reseller and technology leaders have access to its proven mobile security and comprehensive support, building on the large a number of existing Approov technology partnerships. Qualified participants can sell, integrate and support cutting-edge mobile security solutions from Approov in order to safeguard mobile...

Securing Genopets: Approov Prevents Cheaters from Ruining the Game

PALO ALTO, Calif.--(BUSINESS WIRE)--Approov, the end-to-end mobile app security provider, today added Genopets, developer of a free-to-play mobile pet care game, to its growing user base while stopping cheaters from spoiling the fun. The Genopets mobile pet care game lets players care for their digital pet while caring for themselves. The game uses step data from a player’s mobile device to power their journey in the game as they explore, battle, and evolve their Genopets — earning crypto while...
Back to Newsroom