The threat to APIs is real as Gartner predicts that by 2022 API attacks will no longer be infrequent but will become the most frequent attack vector for application breaches. (Pinkypills/Getty Images)
“Recovering hacker” Alissa Knight calls personal health information the most valuable data on the dark web. The Knight Ink cybersecurity researcher says, “It's 10 times more the price of a credit card for a single PHI record.”
Knight partnered with mobile security company Approov to hack 30 mobile health apps to highlight the threats they face through application program interfaces (APIs). The findings were published in a recent report, “All That We Let In.”
All of the apps were found to be vulnerable to API attacks, and some allowed access to electronic health records (EHRs). The 30 apps collectively expose 23 million mobile health users to attacks, Knight reported. Of the 30 apps tests, 77% contained hardcoded API keys, of which some do not expire, according to the report, and 7% had hardcoded usernames and passwords.
Ben Denkers, Senior Vice president, Security and Privacy Services at of CynergisTek provided commentary for this piece, focused on a recent report from cybersecurity researcher Alissa Knight and mobile security company Approov, which hacked 30 mobile health apps to highlight the threats they face through APIs. The findings were published in a recent report, “All That We Let In.”
Click here to read the full story.