Quote:Some 23 million mobile health (mHealth) application users are exposed to application programming interface (API) attacks that could expose sensitive information, according to researchers.
Generally speaking, APIs are an intermediary between applications that defines how they can talk to one another and allowing them to swap information. Researcher Alissa Knight with Approov tried to break into the APIs of 30 different mHealth app vendors, with the agreement she wouldn’t ID the vulnerable ones. Turns out, they were all vulnerable to one degree or another.
The average number of downloads for each app tested was 772,619.
According to the resulting report from Approov, out of 30 popular mHealth apps analyzed, 77 percent of them contained hardcoded API keys, which would allow an attacker to intercept that exchange of information — some of which don’t expire. Seven percent of these belonged to third-party payment processors that explicitly warn against hard-coding their secret keys in plain text.
Read more: https://threatpost.com/mhealth-apps-mill...ks/163966/
![[-]](https://www.geeks.fyi/images/collapse.png)
