FHIR Chat · Bad-hacking FHIR APIs · social

Stream: social

Topic: Bad-hacking FHIR APIs

view this post on Zulip Dave deBronkart (May 24 2021 at 21:31):

I'm surprised to find no Security stream here so I'll post this here.

I just ran into this February report, which, if valid, seems pretty appalling. I'm no security guru, but holy crap, hard-coding security keys?? And things like that. And a vulnerability where a hacker can just replay a FaceID session to reactivate the authentication and play around? Etc etc.

Or am I falling prey to a bogus press release? I know the project was funded by Approov, who makes a product that claims to remove the vulnerability; that's a separate question from: are these vulnerabilities truly there?

https://www.beckershospitalreview.com/cybersecurity/30-popular-mobile-health-apps-vulnerable-to-cyberattacks-phi-exposure.html

view this post on Zulip Gino Canessa (May 24 2021 at 21:35):

#Security and Privacy

view this post on Zulip Dave deBronkart (May 25 2021 at 01:15):

I wonder why that didn't show up when I used "search all streams" and entered security! Grazi.

view this post on Zulip John Moehrke (May 25 2021 at 10:10):

security is hard. These problems are as old as time, and will continue to happen well into the future. There are more tools, some that continuously watch code being written. But trying to be smarter than an idiot is hard.

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -