A comment by Dr. Florian Scheuer, CTO DRACOON
Regensburg, 29thDecember 2018– The attention around the health-file-app Vivy has died down over the last few weeks. However, the topic was once again intensively discussed at the Chaos Communication Congress (35C3) in Leipzig. The reason was the detailed description of the safety-gaps in the talk given by the discoverer, Martin Tschirsich.
Once again it became clear, which mistakes were made during the well-financed development of the app that claims to offer ‘highest security levels’ according to their website. It is especially problematic that the weak security measures protecting critical patient data could be easily hacked with only a few tries. Furthermore, it was possible to plant phishing-attacks within the app. Thus, access data of users could be stolen (without a chance of detection) and a way to steal sensitive cryptographic keys from doctors presented itself. Especially the last safety-gap has not been closed until today.
However, not only Vivy is affected by serious security and data safety problems. Tschirsich also analysed the alternatives by large and small providers and found severe problems there too. Some even enabling access to all data of the system. The by far the best performing app (TK Safe) was still in its beta-phase and ensured safety through client-side encryption. Here, the data is already strongly encrypted within the app. Only afterwards, it is transferred to the central server or exchanged with a recipient (e.g. attending physician). Nevertheless, even here serious mistakes were made in securing the secret cryptographic keys.
These implementation problems show that security standards need to already be taken into account during the development of these critical systems and deeply embedded within the software-architecture. Adding security measures later is often difficult and prone to error. Furthermore, client-side encryption is the only method to really prevent data falling into the hands of an attacker in case of an information leakage.
As a provider of an enterprise-filesharing-solution we offer multiple security mechanisms for the management of sensitive data. This also includes client-side encryption with emergency passwords, should the cryptographic keys get lost. And the possibility of implementing multi-factor authentication systems, as well as a well-devised authorization system. The development is accompanied by regular pen tests and security audits by external companies.
Already today many clinics are successfully using this solution and therefore protecting sensitive information of many patients in Germany.