Remote access to patient records and security of android apps
Tony Naggs
tony.naggs at googlemail.com
Fri Jan 13 12:12:34 GMT 2012
On 13 January 2012 10:21, Roland Perry <lists at internetpolicyagency.com>wrote:
> In article <CAK0b=2e9KsiPJi4CD_**tH0FdxqUH7rO0oN278AsOW3yzSDG6Y**
> wQ at mail.gmail.com<2e9KsiPJi4CD_tH0FdxqUH7rO0oN278AsOW3yzSDG6YwQ at mail.gmail.com>>,
> Tony Naggs <tony.naggs at googlemail.com> writes
>
> In principle an Android tablet could access a smartcard, as the SIM card
>> in an Android phone is a form of Smartcard - but I have not noticed any
>> tablet computers advertised with Smartcard slot.
>>
>
> Many tablets have a SIM socket (for data access). But what credentials
> from the SIM might a application be looking for, and why couldn't a patched
> copy of Android spoof it?
>
Security oriented smartcards often have onboard crypto and could
authenticate the user to the NHS system, and/or validate the NHS system
credentials to the app. (Speculation as I am not familiar with how the NHS
use their smartcards.)
> I am also concerned about how whether the data is securely encrypted when
>> sent over the the WiFi or 3G data network.
>>
>
> Couldn't the Android App have its own encryption layer?
>
Of course it can, but will it do it correctly? For instance El Reg recently
reported on electricity meters that failed to use SSL encryption correctly
- http://www.theregister.co.uk/2012/01/09/smart_meter_privacy_oops/
ttfn,
Tony
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20120113/dc7fc608/attachment.html>
More information about the ukcrypto
mailing list