The healthcare industry is increasingly becoming a promising domain for applications that can help provide better services to patients, while making the job considerably easier for healthcare providers.

A large number of applications utilize Wireless Medical Sensor Networks (WMSNs) for effective communication, efficient practices and patient mobility.

While the integration of WMSNs keeps growing every day in the healthcare sector, applications still face some security issues.

Here we discuss the 4 most prominent WMSN application security issues in the healthcare industry:

#1-Monitoring Patient Vital Signs

The most common application security threats that arise in the healthcare industry have a lot to do with patient confidentiality. If there are no appropriate security protocols in place, an adversary can snoop on patient vital signs through free communication channels. Similarly, if the individuals have a powerful antenna, they can easily pick up on the messages from the network.

#2-Routing Threats

In a multi-hop environment, data packets are forwarded to the base station through multi-hop routing procedures. This comes with its own set of security threats. A malicious code may refuse to forward certain information and it may simply be lost in transit. If the attacker is overtly included in the routing path, this threat could be stronger.

#3-Location Threats

Patient mobility is supported by medical sensor networks so that the location of patients can be identified to reach them on time. Typically, location features are based around radio frequency, received signal strength indicator or ultrasound. If adversaries constantly receive radio signals and are able to identify codes, they could gain direct information that may compromise a patient’s privacy. Of course, someone who is probing information to identify patient location could have even worse intents.

#4-Activity Tracking Threats

Those with malicious intent can also break into patient records when the patient is busy exercising in a health-club. Based on the wireless medical sensor data a hacker could precisely identify the present activity on the patient. Even worse, the hacker could even send over the wrong exercise tips or advise medication that could result in injuries and bodily harm.

As medical sensors are placed on a patient’s body to send over health data like location, heart rate and health feedback to a base station, it might very well be possible for a hacker to alter information which may raise erroneous concerns about the patient’s health.

A well-planned security mechanism with appropriate security testing services in place can help keep the risks of these threats to a minimum. Drop us an email at info@leansecurity.com.au to learn more about our services.

With more and more companies allowing employees to bring their own devices, the Bring Your Own Device (BYOD) trend is gaining traction. By allowing workforce mobility and flexibility, BYOD has had a significant impact on the traditional IT model.

Although BYOD has greatly improved workforce productivity, it has brought about various challenges to business data and IT security. This is especially true of small and medium enterprises that typically lack knowledge and resources to mitigate BYOD risks and make the most of the opportunities it brings.

Let’s take a look at some of the key challenges that you might be facing when implementing BYOD policy in your organization.

Software Issues

Mobile phones and tablets are the weakest links when it comes to data security. A study identifies that 97 percent of employee’s devices have privacy issues, while 75 percent of them lack appropriate encryption to keep business data secure. This, coupled with the fact that most of the devices lack anti-virus protection or contain outdated firewall protection, means that the company’s digital environment has become more prone to attacks, thus opening the floodgates of data leakage.

Gartner predicts that one in two companies will stop providing devices to their employees by 2017. Therefore, organizations are responsible to implement robust device management policies to keep devices secure so as to control the riskiness of the business environment.

A centralized system like Mobile Device Management (MDM) can be a good way to keep track of the operating systems within the environment to ensure that the entire system is upgraded and secure.

Malicious Attacks

One of the most serious concerns for BYOD-driven organizations is dealing with the challenges of storing personal and corporate data on the same device. When the employees use a single device for both personal and professional purposes, there is always a risk of data theft. Theft may result from malware or malicious programs that users may install unknowingly. With these malicious programs, hackers may acquire login credentials to have access to the business network. An effective way to overcome the challenge is to implement a multi-layered verification system to make sure that only authorized users are granted the access to the business network.

Untrustworthy Employees

BYOD can make it easier for people to steal company’s confidential data. While it’s not possible to obliterate the risk completely, businesses need to have a strong endpoint security to prevent data leakage. Besides, establish a stricter policy regarding data privacy and confidentiality to prevent people from exploiting corporate data.

Secure your IT environment by running a vulnerability scan with us. Along with vulnerability scanning service, we offer penetration testing, web service security testing, and mobile app security testing to make sure that your business environment remains safe and protected. Get a trial or contact us at +61 (0) 2 8231 6635 to learn more about our services.

A flaw in any system can eat the company from the inside without you even knowing and by the time signs appear, it’s too late. However, an authenticated vulnerability scan can help in the timely detection of flaws in the system, protecting businesses and organizations from internal and external threats. While the benefits are self evident, many company’s still fail to adopt this methodology; or those that do, don’t utilize its full potential.

Ignoring the former for now, we focus on certain steps security teams and practicing companies can take to get the most from authentic vulnerability scans.

Knowing your needs

You must know what systems you want to scan with authentication. These may include systems running on a particular operating system or a reserved set of computers. Furthermore, make sure you consider network hosts, databases, relevant web applications and more that require or allow authentication via different protocols like FTP, SSH, Telnet etc. Authenticated scanning is widely used by hackers and malicious users. Therefore, it is a must for you to use it as well.

Determining what levels are to be scanned

You can determine the different user level roles for scanning like basic, managerial, administrative level and more. While you can choose any, it is highly recommended that at a minimum you at least scan at the administrative and root level. Doing so, will help you identify most of the flaws. Of course, the more users you scan the more flaws are likely to appear. We suggest that you continue to a point where results no longer vary by permissions. But then again, it depends on your preferences and needs.

Test on a few systems before opting for enterprise wide scanning

Although authenticity scans of network hosts hardly pose any problems, the same cannot be said about production environments, especially in the case of web application scanning. Nonetheless, it is advised not to take risks no matter what you are scanning, and test out the scanning process on a few systems first. The reason being; at times you may experience certain side effects like user accounts may get locked out, databases may get filled up, CPU and disk consumption might increase and more. Testing before can help you evaluate the side effects that are likely to branch out to all systems once you start scanning all.

Setting up user accounts for scanning beforehand

This may not seem very important but it can save you a lot of time and unwanted hassle. If you do this beforehand, the scanner will easily log in without being prompted to change the password. On the other hand, if you don’t, the scanner will not be able to change the password on its own. As a result, the authentication will not work, and eventually, you’ll have to run the scan again.

If you are looking for vulnerability scanning services or have any general question and queries, feel free to contact us anytime.

It is only after a system has been breached and losses have been incurred that most companies realize the importance of web security. Soon afterwards, they go around looking for the best web security service providers without realizing that the most effective, and indeed the best approach, is one that is proactive and defensive.

Hackers are always on the lookout for vulnerable systems and if yours is one, sooner or later it will get attacked. While it is recommended to maintain full security at all times, here we list a few web security vulnerabilities and fixes so you can address them instantly.

Vulnerability-Injection flaws

This is one most common type of problems and results from the failure to filter un-trustworthy input. It happens when unfiltered data is passed to the SQL server, to the browser, to the LDAP server or someplace else. Hackers can inject commands to these entities the result of which is hijacked browsers and loss of valuable data

Solution- Fortunately the solution in this case is pretty straightforward; but has a few implications of its own. While you can simply filter out input data from un-trusted sources, you have to filter it all. In a system of let’s say 10,000 inputs, filtering 9,999 is not enough. Usually, your own framework’s filtering functions do the job just fine.

Vulnerability- Sensitive or valuable data exposure

Data, whether in transit or stored is always vulnerable and therefore must be properly encrypted at all time. Moreover, sensitive information like passwords, bank account or credit card numbers and more must be hashed. In any case the algorithm must be a strong one.

Solution- In the case of stored data, encryption or hashing is the key. Make sure all payments are made using secure payment processors and any unwanted sensitive data is shredded. For transit data, using secure connections-HTTPS- along with secure flags on cookies are the way to go.

Vulnerability- Web server and application mis-configuration

This includes very basic yet very common mistakes like using default passwords or unnecessary services on the machines, running obsolete and outdated softwares, application running with debug enabled protection, having directories that leak information and more.

Solution- Using any legitimate build and deploy script or process can help you tackle almost all of these issues. If it is automated, that’s even better.

These are just a few of the hundreds and thousands of vulnerabilities that pose a 24/7 threat to your systems and, in turn, the business.

If you are looking to make your systems more secure, you should contact us. We provide comprehensive web and mobile application security testing and IT solutions for all types of businesses at affordable prices.

According to a research by comScore, the number of mobile internet users outpaced desktop internet users in 2015. As smartphones become more powerful, user-friendly and fast, this trend will likely continue in the future. As a result businesses, big and small, have now started optimizing their offerings for a more mobile friendly experience with the development of exclusive applications and responsive designs.

Consequently, the demand for more secure mobile applications, payment procedure, credential protection and more has also increased. With this, a number of new developments are taking place and new trends are emerging. Here, we shed light on a few mobile security predictions for the year 2016.

Password theft or reuse attacks will decrease

Advancement is biometric technology, coupled with the fact that more new mobile phones have finger printing scanners as a standard feature, are going to play a major role in enhancing data protection and security. Furthermore, the development of advanced password management software and backup solutions has also made it easy to access password repository quickly and safely. As a result, password theft cases and reuse attacks have decreased and will further decline in the future.

Google will step in

According to a research by Alcatel-Lucent in 2014, 0.68% of all mobile devices were infected with malware of which 99% were running on Android; the most widely used mobile operating system in the world. Considering the growing insecurities and efforts to enhancing mobile security, Google has decided to step in. In the future, it is likely to address these issues by clamping down on third party application stores, restrict permission to applications that have not undergone the proper Google Play submission process, develop security standards for apps and more.

iOS will become the next target for hackers  

As the number of iPhone users in the market increases, malware author and hackers in the very close future will turn their attention towards iOS. According to experts, the previously discovered “XcodeGhost” malware in a number of App store applications was just the beginning of what will happen. The first wave of target for these attackers will be the already vulnerable jailbroken iOS devices.

Regulatory and compliance policies will encapsulate mobile devices

Data security compliance practices in the future will include mobile devices as well. While certain countries like Canada and Hong Kong have already taken initiatives, it won’t be long till other countries catch up. Again, this is important because of the ever increasing number of smartphone users, and the rising popularity of hybrid devices- laptop/tablet, phone/tablet.

The need for mobile application security testing services will increase

As security becomes an important concern, companies will outsource and utilize web and mobile application testing and security services in the future, more than ever before. There is no doubt that consumers are becoming more conscious about safety and security of their private data. Who knows, this might just become the decisive factor as to whether a potential customer chooses to use your application or that of your competitor’s.

If you are looking to proactively adapt to the changing trends by making your mobile application more secure, contact us now because it just so happens that we are specialists in doing that.