THaW researcher Kevin Fu’s work on acoustic device hacking has recently been featured in the New York Times. The article discusses the team’s work on using acoustic signals to fool sensors in mobile device, and create the potential for security violations. For more information beyond the article, click here for a quick video, or read the complete paper below.
WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks
THaW contributor Eric Johnson recently sat down with VP and CISO of Hospital Corporation of America Paul Connelly to discuss advancements in healthcare analytics and information security. Over the course of the discussion the two touch on the sheer volume of data created by HCA, and how analytics can be used to give that data value in contributing to informed decision making, while at the same time protecting patient security.
Click here, or play the embedded video above, to hear the discussion in full.
A few months ago we announced the results of our Wanda project, as published in INFOCOM 2016. Today we’re excited to share this new video description of the project! Thanks to Abby Starr and Shiyao Peng of Dartmouth’s DALI lab, and Tim Pierson of the THaW team, for this fun and informative production.
Nearly every setting is increasingly populated with wireless and mobile devices – whether appliances in a home, medical devices in a health clinic, sensors in an industrial setting, or devices in an office or school. There are three fundamental operations when bringing a new device into any of these settings: (1) to configure the device to join the wireless local-area network, (2) to partner the device with other nearby devices so they can work together, and (3) to configure the device so it connects to the relevant individual or organizational account in the cloud. The challenge is to accomplish all three goals simply, securely, and consistent with user intent. We call our approach Wanda – a `magic wand’ that accomplishes all three of the above goals – and evaluate a prototype implementation.
Last month, a broad mix of experts convened by THaW researcher Carl Landwehr convened in New Orleans to begin drafting a “building code” for medical-device software. They’ve just released their report, and there is already talk about taking some of these ideas into the various standards bodies. Check out their report and feel free to leave comments on their site. — dave
The Department of Homeland Security (specifically the agency’s Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT) is starting to investigate cyber-security vulnerabilities in medical devices, according to recent news reports.
THaW co-PI Kevin Fu commented on the story: “It’s very easy to sort of sensationalize these problems,” said Kevin Fu, who runs the Archimedes Research Center for Medical Device Security at the University of Michigan.
THaW’s Kevin Fu and Darren Lacey were both key players in this week’s FDA workshop “Collaborative Approaches for Medical Device and Healthcare Cybersecurity”.
Welcome to the Trustworthy Health and Wellness (THaW) project. Our mission is to enable the promise of health and wellness technology by innovating mobile- and cloud-computing systems that respect the privacy of individuals and the trustworthiness of medical information.
With this mission in mind, our team is launching a comprehensive, multi-disciplinary research agenda to address many of the fundamental technical problems that arise in securing healthcare infrastructure that, given recent trends, will increasingly be delivered using mobile devices and cloud-based services. The pervasive reach and (often) health-critical nature of these new technologies demand scientific solutions that provide trustworthy cybersystems for health and wellness. Our five-year research agenda is driven by the needs of the changing health & wellness ecosystem and addresses fundamental scientific problems that arise in other domains in transition to an infrastructure built on mobile devices and cloud services, such as transportation, m-commerce and education.
Specifically, our research agenda will contribute to authenticating mobile users in a continuous and unobtrusive way, segmenting access to medical records from mobile devices to limit information exposure, allowing individuals a usable way to control the information collected about them, handling genomic data in the cloud while enabling patient control over information, managing security on remote health devices while reducing the burden on the user, verifying medical directives issued to remote devices, detecting malware through power analysis, providing provenance information to those who use health data, and auditing behavior of this complex ecosystem of devices and systems.
Our research will have long-term impact by enabling the creation of health & wellness systems that can be trusted by individual citizens to protect their privacy and can be trusted by health professionals to ensure data integrity and security. Our healthcare partners will aid us to evaluate and demonstrate the value of our security solutions. We will also impact the next generation of scientists by creating new course modules, sponsoring summer programs for underrepresented minorities and women to broaden undergraduate and K-12 participation in computing; and creating an exchange program for our postdocs and research students to rotate among sites to broaden perspectives and receive mentoring on trustworthy computing.