Digital consumer protection Vulnerabilities in health apps
As of: 16.06.2021 1:53 p.m.
In the corona pandemic, health apps have gained many users. For some, however, there is a lack of data protection. This was the result of a study by the Federal Office for Information Security. The Federal Office for Information Security (BSI) found numerous security gaps in an investigation of health apps. According to a BSI report, six out of seven thoroughly tested apps transmitted passwords in clear text to authentication services. None of the apps fully met the security requirements of the BSI guidelines for health apps. The BSI did not provide the names of the apps examined.
Learning app “Anton” Massive security breach with school app Outsiders could have read out data or pretended to be teachers.
Personal data is not adequately protected
“From the point of view of technical IT security, this result must at least be rated as critical, especially in view of the fact that a significant proportion of the apps process sensitive and particularly sensitive data”, criticized the office for taking care of the data security of the federal government. “Because, according to the findings of the study, this does not adequately protect user data against attacks.” The BSI checked the health apps as part of the first report on digital consumer protection 2020, which, due to the corona pandemic, focused on digital health offers.
Digital Supply Act What changes for patients The Bundestag passed Minister Spahn’s Digital Supply Act.
damage “first of all manageable”
The BSI expert Nicolas Stöcker described the danger for users of the criticized apps when exploiting the identified loopholes as “first of all manageable”. If an attack took place, it would initially only affect a single person. “It would be worse if the backend, where the data is kept, were also insecure.” The authority has a corresponding further investigation for the future “on the screen”, says Stocker. However, BSI President Arne Schönbohm warned that the deficiencies found were also dangerous: “Every gap that is there, every weak point that is there has somehow been exploited at some point.” They are currently working with the app providers to close the gaps. “If we see that this is not fixed, then we reserve the right to issue a corresponding product warning”said Schönbohm.