Multi-Layered Security Assessment in mHealth Environments: Case Study on Server, Mobile and Wearable Components in the PHGL-COVID Platform
The growing use of mobile health (mHealth) technologies adds complexity and risk to the healthcare environment. This paper presents a multi-layered cybersecurity assessment of an in-house mHealth platform (PHGL-COVID), comprising a Docker-based server infrastructure, a Samsung Galaxy A55 smartphone,...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-08-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/15/15/8721 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849766098590760960 |
|---|---|
| author | Edi Marian Timofte Mihai Dimian Serghei Mangul Alin Dan Potorac Ovidiu Gherman Doru Balan Marcel Pușcașu |
| author_facet | Edi Marian Timofte Mihai Dimian Serghei Mangul Alin Dan Potorac Ovidiu Gherman Doru Balan Marcel Pușcașu |
| author_sort | Edi Marian Timofte |
| collection | DOAJ |
| description | The growing use of mobile health (mHealth) technologies adds complexity and risk to the healthcare environment. This paper presents a multi-layered cybersecurity assessment of an in-house mHealth platform (PHGL-COVID), comprising a Docker-based server infrastructure, a Samsung Galaxy A55 smartphone, and a Galaxy Watch 7 wearable. The objective was to identify vulnerabilities across the server, mobile, and wearable components by emulating real-world attacks and conducting systematic penetration tests on each layer. Tools and methods specifically tailored to each technology were applied, revealing exploitable configurations, insecure Bluetooth Low Energy (BLE) communications, and exposure of Personal Health Records (PHRs). Key findings included incomplete container isolation, BLE metadata leakage, and persistent abuse of Android privacy permissions. This work delivers both a set of actionable recommendations for developers and system architects to strengthen the security of mHealth platforms, and a reproducible audit methodology that has been validated in a real-world deployment, effectively bridging the gap between theoretical threat models and practical cybersecurity practices in healthcare systems. |
| format | Article |
| id | doaj-art-2a384fc94d2946c7b26acf1968f99ef9 |
| institution | DOAJ |
| issn | 2076-3417 |
| language | English |
| publishDate | 2025-08-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj-art-2a384fc94d2946c7b26acf1968f99ef92025-08-20T03:04:42ZengMDPI AGApplied Sciences2076-34172025-08-011515872110.3390/app15158721Multi-Layered Security Assessment in mHealth Environments: Case Study on Server, Mobile and Wearable Components in the PHGL-COVID PlatformEdi Marian Timofte0Mihai Dimian1Serghei Mangul2Alin Dan Potorac3Ovidiu Gherman4Doru Balan5Marcel Pușcașu6Department of Computers, Automation and Electronics, University “Ștefan cel Mare”, 720229 Suceava, RomaniaDepartment of Computers, Automation and Electronics, University “Ștefan cel Mare”, 720229 Suceava, RomaniaDepartment of Clinical Pharmacy, USC Alfred E. Mann School of Pharmacy and Pharmaceutical Sciences, University of Southern California, Los Angeles, CA 90033, USADepartment of Computers, Automation and Electronics, University “Ștefan cel Mare”, 720229 Suceava, RomaniaDepartment of Computers, Automation and Electronics, University “Ștefan cel Mare”, 720229 Suceava, RomaniaDepartment of Computers, Automation and Electronics, University “Ștefan cel Mare”, 720229 Suceava, RomaniaDepartment of Computers, Automation and Electronics, University “Ștefan cel Mare”, 720229 Suceava, RomaniaThe growing use of mobile health (mHealth) technologies adds complexity and risk to the healthcare environment. This paper presents a multi-layered cybersecurity assessment of an in-house mHealth platform (PHGL-COVID), comprising a Docker-based server infrastructure, a Samsung Galaxy A55 smartphone, and a Galaxy Watch 7 wearable. The objective was to identify vulnerabilities across the server, mobile, and wearable components by emulating real-world attacks and conducting systematic penetration tests on each layer. Tools and methods specifically tailored to each technology were applied, revealing exploitable configurations, insecure Bluetooth Low Energy (BLE) communications, and exposure of Personal Health Records (PHRs). Key findings included incomplete container isolation, BLE metadata leakage, and persistent abuse of Android privacy permissions. This work delivers both a set of actionable recommendations for developers and system architects to strengthen the security of mHealth platforms, and a reproducible audit methodology that has been validated in a real-world deployment, effectively bridging the gap between theoretical threat models and practical cybersecurity practices in healthcare systems.https://www.mdpi.com/2076-3417/15/15/8721cybersecurityhealthcaremHealthPHGL-COVID |
| spellingShingle | Edi Marian Timofte Mihai Dimian Serghei Mangul Alin Dan Potorac Ovidiu Gherman Doru Balan Marcel Pușcașu Multi-Layered Security Assessment in mHealth Environments: Case Study on Server, Mobile and Wearable Components in the PHGL-COVID Platform Applied Sciences cybersecurity healthcare mHealth PHGL-COVID |
| title | Multi-Layered Security Assessment in mHealth Environments: Case Study on Server, Mobile and Wearable Components in the PHGL-COVID Platform |
| title_full | Multi-Layered Security Assessment in mHealth Environments: Case Study on Server, Mobile and Wearable Components in the PHGL-COVID Platform |
| title_fullStr | Multi-Layered Security Assessment in mHealth Environments: Case Study on Server, Mobile and Wearable Components in the PHGL-COVID Platform |
| title_full_unstemmed | Multi-Layered Security Assessment in mHealth Environments: Case Study on Server, Mobile and Wearable Components in the PHGL-COVID Platform |
| title_short | Multi-Layered Security Assessment in mHealth Environments: Case Study on Server, Mobile and Wearable Components in the PHGL-COVID Platform |
| title_sort | multi layered security assessment in mhealth environments case study on server mobile and wearable components in the phgl covid platform |
| topic | cybersecurity healthcare mHealth PHGL-COVID |
| url | https://www.mdpi.com/2076-3417/15/15/8721 |
| work_keys_str_mv | AT edimariantimofte multilayeredsecurityassessmentinmhealthenvironmentscasestudyonservermobileandwearablecomponentsinthephglcovidplatform AT mihaidimian multilayeredsecurityassessmentinmhealthenvironmentscasestudyonservermobileandwearablecomponentsinthephglcovidplatform AT sergheimangul multilayeredsecurityassessmentinmhealthenvironmentscasestudyonservermobileandwearablecomponentsinthephglcovidplatform AT alindanpotorac multilayeredsecurityassessmentinmhealthenvironmentscasestudyonservermobileandwearablecomponentsinthephglcovidplatform AT ovidiugherman multilayeredsecurityassessmentinmhealthenvironmentscasestudyonservermobileandwearablecomponentsinthephglcovidplatform AT dorubalan multilayeredsecurityassessmentinmhealthenvironmentscasestudyonservermobileandwearablecomponentsinthephglcovidplatform AT marcelpuscasu multilayeredsecurityassessmentinmhealthenvironmentscasestudyonservermobileandwearablecomponentsinthephglcovidplatform |