Smartphone worm could put LTC facilities' data at risk

Share this content:
A worm infiltrated a healthcare app.
A worm infiltrated a healthcare app.

The proliferation of wireless devices and seemingly limitless supply of apps have advanced communications capabilities to wondrous new heights. But there is a dark side as well, typified by the vulnerabilities to cyber-attack and having vital information stolen by hackers that a research team at Syracuse University has found.

“The first vulnerable app we found is indeed a healthcare app with one million downloads,” said professor Kevin Du,  Ph.D., leader of the research team at the Syracuse College of Engineering and Computer Science. “The current version of the app is now secure after we informed them of the attack.”

Du warned that the “smartphone worm” can infiltrate wireless devices through apps designed in a specific computer code known as HTML5. Once it invades, it can steal the device owner's personal information and spread to everyone on the contact list, including healthcare facilities. 

The explosion of apps for public consumption has raised concerns from healthcare security officials over the type of threat wireless devices have on HIPAA-protected patient information. Du said those fears are warranted.

“This worm could definitely get that information,” he said. “This is a new type of attack and a serious risk not many people know about.”

Users scanning ubiquitous bar codes for discounts, prizes and products are the main pathway for the worm to find its way inside a smartphone, but not the only way, Du said. Searching for free Wi-Fi in public places such as airports is another trigger, he noted.

The average smartphone contains between 30 and 40 apps, and Du's team so far has identified 500 out of approximately 15,000 HTML5-based apps that are vulnerable. Developers of those vulnerable apps have been informed and in an effort to give them time to fix the problem, researchers have decided not to disclose the names.