author: Jochem Harmes
title: A threat model analysis of audio recording on mobile health care applications
company: Chipsoft
keywords: software engineering, health care, vulnerabilities, audio
topics: Dependability, security and performance , Software Technology
committee: Mariƫlle Stoelinga ,
Erik Tews ,
Tom van Dijk
started: September 2019
end: June 2020


Mobile devices getting used more and more in the medical field. They help physicians access patient data more easily, without the need for a desktop or computer on wheels (COW). As patient data is privacy sensitive, the security of mobile apps and their backends has a top priority. During this presentation, I will discuss the progress of my thesis: a threat model analysis of an audio recording feature on mobile devices. Chipsoft, the biggest provider of electronic medical records software in the Netherlands, wants to know if recording audio can be done safely in their medical specialist app. I will show multiple threat model analysis methods that help to identify and prioritize threats. I will also show how these methods can be applied and when to use them.