Sensitive information
“It is important to better understand how an elderly person’s medical data can be leaked from a pillbox companion app or how an attacker can exploit a low-level issue to carry out a specific attack against the user,” explains the researcher .
Nearly 15 apps allow full account takeover and 9 apps have a false validation control – this allows some hackers free access to rid the database of their sensitive information.
Some apps transmitted usernames, passwords and other important information. In three applications, an attacker could have obtained personal and sensitive information such as telephone number, home and work addresses. “Just by changing a few parameters,” Pranay Kapoor continues.
Researchers found a remote code entry vulnerability in a pillbox application. According to researchers, this issue could lead to a reduction in the functionality of the app. Apparently, “an attacker could change the warnings for the user’s pill, such as when to take it, frequency, quantity, etc.,” Mr. Kapoor explains.
Easily customizable problems
But beyond technical issues, the behavior of the people affected also poses a problem.