Skip to main content

Advertisement

Springer Nature Link
Log in

Sickly Apps: A Forensic Analysis of Medical Device Smartphone Applications on Android and iOS Devices

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

Smartphone devices are increasingly being integrated into a variety of medical settings. An emerging trend is the development of smartphone applications that interact with medical devices connected to the Internet. While this fusion of technology can provide various benefits for both patients and medical professionals, there are concerns that these devices could become targets for cybercriminals. Therefore, a digital forensic investigation of these medical devices could be needed. However, researchers have suggested that the investigation of medical devices is unlikely to be straightforward, and that conventional forensic evidence acquisition might not be possible. Hence, this paper proposes that smartphone applications, which interact with medical devices, could provide an alternative source of digital evidence when investigating the device itself. The research contribution is twofold. First, the paper presents an empirical investigation to using residual data recovered from medical smartphone applications, as a means for forensically examining medical devices. Second, the paper documents the forensic artifacts that are generated by specific medical device smartphone applications on Android and iOS smartphones.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. AliveCor (2021) Kardiamobile. Available online: https://store.kardia.com/products/kardiamobile

  2. Alyahya T, Kausar F (2017) Snapchat analysis to discover digital forensic artifacts on android smartphone. Proc Comp Sci 109:1035–1040

    Article  Google Scholar 

  3. American Medical Association (2020) Physicians’ motivations and requirements for adopting digital health adoption and attitudinal shifts from 2016 to 2019. Available Online: https://www.ama-assn.org/system/files/2020-02/ama-digital-health-study. pdf

  4. Australian Government (2021) Medical device cyber security guidance for industry. Available Online: https://www.tga.gov.au/node/874778

  5. Baumgart DC (2020) Digital advantage in the covid-19 response: perspective from Canada’s largest integrated digitalized healthcare system. NPJ Digit Med 3(1):1–4

    Article  MathSciNet  Google Scholar 

  6. Chernyshev M, Zeadally S, Baig Z (2019) Healthcare data breaches: Implications for digital forensic readiness. J Med Syst 43(1):1–12

    Article  Google Scholar 

  7. Cusack B, Kyaw AK (2012) Forensic readiness for wireless medical devices. In: 10th Australian digital forensics conference. p 21

  8. Dargahi T, Dehghantanha A, Conti M (2017) Forensics analysis of android mobile voip apps. In: Contemporary digital forensic investigations of cloud and mobile applications. Elsevier, pp 7–20

  9. Ellouze N, Rekhis S, Boudriga N (2016) Forensic investigation of digital crimes in healthcare applications. In: Data mining trends and applications in criminal science and investigations. IGI Global, pp 169–210

  10. Ellouze N, Rekhis S, Boudriga N, Allouche M (2017) Cardiac implantable medical devices forensics: Postmortem analysis of lethal attacks scenarios. Digit Investig 21:11–30

    Article  Google Scholar 

  11. European Union Agency for Network and Information Security (2017) Privacy and data protection in mobile applications: a study on the app development ecosystem and the technical implementation of GDPR. Available from https://data.europa.eu/doi/10.2824/114584. Accessed 10 Oct 2021

  12. Flynn T, Grispos G, Glisson W, Mahoney W (2020) Knock! knock! who is there? investigating data leakage from a medical internet of things hijacking attack. In: 53rd Hawaii International Conference on System Sciences. Maui, Hi, USA, pp 1–10

  13. Fowler J (2021) Report: Fitness tracker data breach exposed 61 million records and user data online. Available online: https://www.websiteplanet.com/blog/gethealth-leak-report/

  14. Freiling F, Schwittay B (2007) A common process model for incident response and digital forensics. Proceedings of the 3rd International Conference on IT Incident Management and IT Forensics (IMF 2007), Stuttgart, Germany

  15. Grispos G, Bastola K (2020) Cyber autopsies: The integration of digital forensics into medical contexts. In: 33rd international symposium on computer based medical systems (CBMS 2020). IEEE, pp. 1–4

  16. Grispos G, Flynn T, Glisson W, Choo KKR (2021) Investigating protected health information leakage from android medical applications. In: 5th EAI international conference on future access enablers of ubiquitous and intelligent infrastructures (FABULOUS 2021)

  17. Grispos G, Glisson W, Cooper P (2019) A bleeding digital heart: identifying residual data generation from smartphone applications interacting with medical devices. Proceedings of the 52nd Hawaii international conference on system sciences (HICSS-52), Maui, HI, USA

  18. Grispos G, Glisson WB, Choo KKR (2017) Medical cyber-physical systems development: A forensics-driven approach. In: Proceedings of the Second IEEE/ACM international conference on connected health: Applications, systems and engineering technologies. IEEE, pp 108–114

  19. Grispos G, Glisson WB, Storer T (2013) Using smartphones as a proxy for forensic evidence contained in cloud storage services. In: 2013 46th Hawaii international conference on system sciences. IEEE, pp. 4910–4919

  20. Grispos G, Glisson WB, Storer T (2015) Recovering residual forensic data from smartphone interactions with cloud storage providers. In: The Cloud Security Ecosystem – Technical, Legal, Business and Management Issues, chap.16. Syngress, pp 347–382

  21. Grispos G, Tursi F, Choo R, Mahoney W, Glisson WB (2021) A digital forensics investigation of a smart scale iot ecosystem. Proceedings of the 20th IEEE international conference on trust, security and privacy in computing and communications (IEEE TrustCom), Online, China.

  22. Hoog A (2011) Android forensics: investigation, analysis and mobile security for Google Android. 1st Ed. Syngress, Waltham, MA, USA

  23. Hoog A, Strzempka K (2011) iPhone and iOS forensics: investigation, analysis and mobile security for Apple iPhone, iPad and iOS devices. 1st Ed. Syngress, Waltham, MA, USA

  24. Jahankhani H, Ibarra J (2019) Digital forensic investigation for the Internet of medical things (IoMT). J Foren Legal Invest Sci 5(2):029

    Google Scholar 

  25. Lacour P, Buschmann C, Storm C, Nee J, Parwani AS, Huemer M, Attanasio P, Boldt LH, Rauch G, Kucher A et al (2018) Cardiac implantable electronic device interrogation at forensic autopsy: an underestimated resource? Circulation 137(25):2730–2740

    Article  Google Scholar 

  26. Liu J, Sasaki R, Uehara T (2020) Towards a holistic approach to medical iot forensics. In: 2020 IEEE 20th international conference on software quality, reliability and security companion (QRS-C). IEEE, pp 686–687

  27. Mahalik H, Tamma R, Bommisetty S (2016) Practical mobile forensics. 2nd Ed. Packt Publishing Ltd, Birmingham, United Kingdom

  28. Maras MH, Wandt AS (2020) State of ohio v. ross compton: Internet-enabled medical device data introduced as evidence of arson and insurance fraud. Int J Evid Proof 24(3):321–328

    Article  Google Scholar 

  29. Maus S, Höfken H, Schuba M (2011) Forensic analysis of geodata in android smartphones. In: International conference on cybercrime, security and digital forensics. http://www.schuba.fhaachen.de/papers/11cyberforensics.pdf

  30. The MITRE Corporation (2018) Medical device cybersecurity: regional incident preparedness and response playbook. Available online: https://www.mitre.org/sites/default/files/2021-11/prs-18-1550-Medical-Device-Cybersecurity-Playbook.pdf. Accessed 10 Oct 2021

  31. Mohay G (2005) Technical challenges and directions for digital forensics. In: First international workshop on systematic approaches to digital forensic engineering (SADFE’05). IEEE, pp 155–161

  32. Norouzizadeh Dezfouli F, Dehghantanha A, Eterovic-Soric B, Choo KKR (2016) Investigating social networking applications on smartphones detecting facebook, twitter, linkedin and google+ artefacts on android and IoS platforms. Aust J Forensic Sci 48(4):469–488

    Article  Google Scholar 

  33. Oates BJ (2005) Researching information systems and computing. 1st Ed. SAGE Publications, London, United Kingdom

  34. Quick D, Choo KKR (2013) Dropbox analysis: Data remnants on user machines. Digit Investig 10(1):3–18

    Article  Google Scholar 

  35. Quick D, Martini B, Choo R (2013) Cloud storage forensics. 1st Ed. Syngress, Waltham, MA, USA

  36. Singh A, Wilkinson S, Braganza S (2014) Smartphones and pediatric apps to mobilize the medical home. J Pediatr 165(3):606–610

    Article  Google Scholar 

  37. StatCounter (2021) Mobile Operating System Market Share Worldwide Sept 2020 - Sept 2021. Available online: https://gs.statcounter.com/os-market-share/mobile/worldwide

  38. Tangari G, Ikram M, Ijaz K, Kaafar MA, Berkovsky S (2021) Mobile health and privacy: cross sectional study. BMJ 373

  39. United State Food and Drug Administration (2016) Postmarket management of cybersecurity in medical devices. Available online: https://www.fda.gov/regulatoryinformation/search-fda-guidance-documents/postmarket-management-cybersecurity-medicaldevices. Accessed 10 Oct 2021

  40. United State Food and Drug Administration (2020) Premarket notification 510(k). Available online: https://www.fda.gov/medical-devices/premarket-submissions/premarket-not ification-510k

  41. United States Food and Drug Administration (2019) Cybersecurity. Available from: https://www.fda.gov/medical-devices/digital-health/cybersecurity

  42. United States Food and Drug Administration (2019) Policy for device software functions and mobile medical applications. Available online: https://www.fda.gov/media/80958/download. Accessed 10 Oct 2021

  43. The Health Insurance Portability and Accountability Act of 1996, Pub.L. 104–191 (1996) Available online: https://www.govinfo.gov/content/pkg/PLAW-104publ191/pdf/PLAW-104publ191.pdf. Accessed 10 Oct 2021

  44. United States Government Accountability Office (2012) FDA should expand its consideration of information security for certain types of devices. Available online: https://www.gao.gov/products/gao-12-816. Accessed 10 Oct 2021

  45. Verizon (2019) 2019 Mobile security index. Available online https://www.verizon.com/business/resources/reports/mobile-security-index/2019/. Accessed 10 Oct 2021

Download references

Acknowledgements

G. Grispos was financially supported by the Nebraska Research Initiative (NRI), while the work of K.-K.R. Choo was supported by the National Security Agency (NSA) (Award H98230-20-1-0392). The statements, opinions, and content included in this publication do not necessarily reflect the position or the policy of the NRI or the NSA, and no official endorsement should be inferred.

Author information

Authors and Affiliations

  1. University of Nebraska at Omaha, Omaha, NE, USA

    George Grispos

  2. University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  3. Louisiana Tech University, Ruston, LA, USA

    William Bradley Glisson

Authors
  1. George Grispos
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Kim-Kwang Raymond Choo
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. William Bradley Glisson
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to George Grispos.

Ethics declarations

Conflicts of Interest

There is no conflict of interest to declare, with regard to the above research.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Grispos, G., Choo, KK.R. & Glisson, W.B. Sickly Apps: A Forensic Analysis of Medical Device Smartphone Applications on Android and iOS Devices. Mobile Netw Appl 28, 1282–1292 (2023). https://doi.org/10.1007/s11036-022-02049-8

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-022-02049-8

Keywords