Share

Related Links

Related Stories

  • Popularity breeds malware for Android
    The recent explosion in Android malware is due to the popularity of the mobile operating system and the shift in malware distribution methods from worms to applications, according to a recent white paper by security firm McAfee.
  • All in the Family: Android sees 90% jump in malware families this year
    There has been a 90% increase in Android malware families in 2011 compared to 2010, while malicious iOS families only increased by 25%, according to FortiGuard Labs.
  • Bruce Schneier: “the Android platform is where the malware action is”
    After some research and analysis on the subject of Android malware, Bruce Schneier, the chief security technology officer with BT, has come to a conclusion, namely that Android is where the malware action is.
  • Android malware levels steadily increasing
    A researcher with ESET says that his firm has identified that the volume and incidence of malware seen on the Android smartphone and tablet platform are increasing. Cameron Camp, from the East European IT security vendor, says malware authors are ramping up their output to account for the take-up of Android devices amongst end users.
  • "Android is terrifying" says ESET's David Harley
    David Harley, ESET's senior researcher fellow, is hosting a presentation on the mysteries of the Stuxnet malware on day one of the Infosecurity Europe show next month, and Infosecurity got a chance to talk to him about the latest trends in malware.

Top 5 Stories

News

Health Software firm develops Android app while NHS warns on tablet security

15 January 2012

NHS Connecting for Health has issued ‘good practice guidance’ on the use of tablets within the Health Service. It stresses that tablets are less secure than traditional devices, and should not be deployed ‘out of the box’.

The advice is timely given the growing use of tablets and increasing malware aimed at them. TPP, the company behind the SystmOne health records system, announced last week that it is developing an Android app. “The solution will allow SystmOne users to access and update patient records whilst working at home or out in the community,” suggests the company.

SystmOne is a Single Shared Electronic Patient Record system designed to be the record of prime entry for GP practices and other primary care organizations. The Android app will allow doctors to access and update patients’ sensitive health data while away from their surgeries; and the advantages to medical professionals are clear.

Security, however, so far seems to be minimal. “Access to the app would be through the user’s usual username and password meaning no-one could use the app unless they were already a SystmOne user,” writes TPP. 

Security expert and ESET senior research fellow David Harley has specific concerns about this. “Even assuming that the passwords are managed rigorously – with the enforcement of sound password selection, password aging, and restricted login attempts – TPP’s announcement suggests clearly that this is an app that could be used on any suitable device. The definition of ‘suitable’ is presumably left to the customer. I see no reason to assume that the customer’s choice will include securing the device both locally with PIN/password and centrally within the healthcare organization.”

Harley points to some of the existing security problems with Android apps: the apps are only audited for malicious intent after problems are reported by customers; they can be sourced from unregulated repositories; and there is “a consequent plethora of malware that already includes keyloggers.”

Users will consequently need to take additional and separate measures to secure their tablets in order to meet the Connecting for Health guidelines. But “I’d have thought a safer platform and two- or three-factor authentication would be far more appropriate in UK healthcare, which is expected to conform to high standards of privacy and data protection,” says Harley.

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security  •  Public Sector  •  Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×