Remote access to patient records and security of android apps

Michael Simpson mikie.simpson at gmail.com
Fri Feb 17 11:35:55 GMT 2012


On 14 January 2012 09:30, Arthur Clune <arthur at clune.org> wrote:
> Instead of using a directly connected snartcard, the app could use a token
> based system like rsa keyfobs. That would satisfy the two factor
> authentication requirement and would work with any hardware including
> phones.
>

My worry would be the effortless manner in which one can root Android.
There isn't the same degree of protection that one has on iOS with its
app signage/walled garden/sandbox approach.
The increase in Android malware is a worrying trend. -Zeus/SpyEye &c

I 'm not stating that iOS is invulnerable or that the manner in which
it is policed is unobjectionable but at the present time Android is
being actively exploited.

wrt the connectivity presumably a VPN client could be used to secure
the connection over public networks.

As an aside, data sent across the N3 network isn't usually encrypted
unless you pay (lots) for it to be so

http://www.n3.nhs.uk/TechnicalInformation/N3NetworkSecurity.cfm

and conducting traceroutes from N3 sites shows an awful lot of public
router traversal prior to re-entry into "private" N3 space. This
combined with the recent CA problems and the acknowledment by
trustwave that skeleton SSL keys get handed out gives me pause for
thought.

mike



More information about the ukcrypto mailing list