Security and Society
Security and Society
Security and Society Security and Society

News

Prof. Chris Peikert Receives TCC Test of Time Award for Work in Lattice Cryptography

Chris Peikert, the Patrick C. Fischer Development Professor in Theoretical Computer Science, and his co-author Alon Rosen have received the TCC Test of Time Award for their paper on efficient collision-resistant hashing on cyclic lattices. The award is a recognition of a long line of works by Prof. Peikert and others who laid the foundations for practically efficient lattice-based cryptography. [Full Story]

Related Topics:  Lab-Theory of Computation  Peikert, Chris  Security (Computing)  

Securing the vote: How 'paper' can protect US elections from foreign invaders

This story on security problems with voting quotes Prof. J. Alex Halderman, who says that "Although there is no evidence that any past election in the United States has been changed by hacking, it is in my opinion only a matter of time until one is." [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

VAuth tech feels your voice in your skin

This article describes VAuth, the new thechnology that supplements voice authorization developed in the lab of Prof. Kang G. Shin. [Full Story]

Related Topics:  Lab-Software Systems  Networking, Operating Systems, and Distributed Systems  Security (Computing)  Shin, Kang G.  

Duo Security raises $70 million at a valuation north of $1 billion

Duo Security, based in Ann Arbor, was founded by alums Jon Oberheide (CSE PhD 2011) and Dug Song (CS BS 1997) in 2009. Congrats to them! [Full Story]

Related Topics:  Alumni  Security (Computing)  

Why the Krack Wi-Fi Mess Will Take Decades to Clean Up

This article quotes Prof. Kevin Fu, who says "For the general sphere of IoT devices, like security cameras, we're not just underwater. We're under quicksand under water." [Full Story]

Related Topics:  Fu, Kevin  Lab-Software Systems  Security (Computing)  

Wearables to boost security of voice-based log-in

Voice authentication is easy to spoof. New technology could help close this open channel. [Full Story]

Related Topics:  Lab-Software Systems  Networking, Operating Systems, and Distributed Systems  Security (Computing)  Shin, Kang G.  

Hacking North Korea is Easy. Its Nukes? Not So Much

This article reports on how difficult it is for hackers to invade North Korea's nuclear program. CSE research fellow Will Scott talks about the country's limited connections, and says that any successful attack would require a human agent working to manually sabotage target systems. [Full Story]

Related Topics:  Security (Computing)  

Manos Kapritsos and Collaborators Win USENIX Security Paper Award

A team of researchers including Prof. Manos Kapritsos has won a Distinguished Paper Award at the 2017 USENIX Security Symposium for Vale, a new programming language and tool that supports flexible, automated verification of high-performance cryptographic assembly code. [Full Story]

Related Topics:  Kapritsos, Manos  Lab-Software Systems  Security (Computing)  

In fight for free speech, researchers test anti-censorship tool built into the internet's core

This article describes an implementation of TapDance, a method of anticensorship deployment that is built into the very core of the internet itself. By building TapDance into the servers and routers that underpin the Internet, censorship would become impractical. TapDance's development has been led by Prof. J. Alex Halderman. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

U.S. elections are an easier target for Russian hackers than once thought

This article on voting system security quotes Prof. J. Alex Halderman, who says of the prospect of election tampering that "the technical ability is there and we wouldn't be able to catch it. The state of technical defense is very primitive in our election system now." [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Heres exactly how Russia can hack the 2018 elections

Vulnerabilities in our voting system need to be addressed swiftly, according to experts in the field, including Prof. J. Alex Halderman. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Apps available for your smartphone could steal your personal information

WXYZ Detroit reports on work by UM researchers that has exposed dangerous open ports in mobile platforms that can be taken advantage of by hackers. [Full Story]

Related Topics:  Graduate Students  Lab-Software Systems  Mao, Zhuoqing Morley  Mobile and Networked Computing  Security (Computing)  

Let's Encrypt Issues 100 Millionth Security Certificate

The Internet is more secure thanks to Let's Encrypt, the certificate authority founded by Prof. J. Alex Halderman and his collaborators. Since launching in Jan. 2016, Let's Encrypt has issued 100 million certificates. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Prof. J. Alex Halderman Testifies in Front of Senate Intelligence Committee on Secure Elections

Prof. J. Alex Halderman testified in front of the Senate Intelligence Committee as a part of the broader Russian hacking investigation. His remarks focused vulnerabilities in the US voting system and a policy agenda for securing the system against the threat of hacking. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

How to prevent Russian hackers from attacking the 2018 election

In this commentary piece in the Chicago Tribune, Prof. J. Alex Halderman and Justin Talbot-Zorn make the case for a straightforward policy agenda to secure America's voting systems against the threat of hackers. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

If Voting Machines Were Hacked, Would Anyone Know?

In the article, Prof. J. Alex Halderman points out how electronic voting systems even those not connected to the Internet can be compromised. One path for hackers is to attack the computers that are used to program the ballots, which are later transferred to voting machines via memory cards. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Smartphone security hole: "Open port" backdoors are common

The College of Engineering reports on work by computer science security researchers which has revealed that so-called "open ports" are much more vulnerable to security breaches than previously thought. [Full Story]

Related Topics:  Lab-Software Systems  Mao, Zhuoqing Morley  Mobile and Networked Computing  Networking, Operating Systems, and Distributed Systems  Security (Computing)  

Hundreds of popular Android apps have open ports, making them prime targets for hacking

This article reports on the work done by CSE researchers Yunhan Jack Jia, Qi Alfred Chen, Yikai Lin, Chao Kong, and Prof. Z. Morley Mao in characterizing a widespread vulnerability in popular Android apps. [Full Story]

Related Topics:  Graduate Students  Lab-Software Systems  Mao, Zhuoqing Morley  Mobile and Networked Computing  Networking, Operating Systems, and Distributed Systems  Security (Computing)  

Open Ports Create Backdoors in Millions of Smartphones

This article reports on work by CSE researchers who have characterized a widespread vulnerability in the software that runs on mobile devices which could allow attackers to steal contact information, security credentials, photos, and other sensitive data by using open ports to create backdoors. [Full Story]

Related Topics:  Graduate Students  Lab-Software Systems  Mao, Zhuoqing Morley  Mobile and Networked Computing  Networking, Operating Systems, and Distributed Systems  Security (Computing)  

An Obscure Flaw Creates Backdoors in Millions of Smartphones

CSE researchers have characterized a widespread vulnerability in the software that runs on mobile devices which could allow attackers to steal contact information, security credentials, photos, and other sensitive data, and also to install malware and to perform malicious code execution which could be used in large-scale attacks. [Full Story]

Related Topics:  Graduate Students  Lab-Software Systems  Mao, Zhuoqing Morley  Mobile and Networked Computing  Networking, Operating Systems, and Distributed Systems  Security (Computing)  

Hacking with Sound Waves

CSE researchers have demonstrated a new way of using sound to interfere with devices containing accelerometers, such as smartphones and self-driving cars. This presents a new avenue for hackers to use in compromising devices to steal information or disrupt communication. [Full Story]

Related Topics:  Embedded Computing and Systems  Fu, Kevin  Internet of Things  Lab-Computer Engineering (CE Lab)  Lab-Software Systems  Security (Computing)  

Why India Needs A Paper Trail For Free And Fair Elections

This article in the Indian edition of the Huffington Post, references the work that Prof. J. Alex Halderman and his collaborators did in 2010 to demonstrate vulnerabilities in India's "tamper-proof" electronic voting machines. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Courage to Resist: The High-Stakes Adventures of J. Alex Halderman

This story by Randy Milgrom at the UM College of Engineering profiles Prof. J. Alex Halderman and his work in the area of Digital Democracy. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Open Ports Act As Security Wormholes Into Mobile Devices

Computer science and engineering researchers at the University of Michigan have for the first time characterized a widespread vulnerability in the software that runs on mobile devices which could allow attackers to steal contact information, security credentials, photos, and other sensitive data, and also to install malware and to perform malicious code execution which could be used in large-scale attacks. [Full Story]

Related Topics:  Graduate Students  Lab-Software Systems  Mao, Zhuoqing Morley  Mobile and Networked Computing  Networking, Operating Systems, and Distributed Systems  Security (Computing)  

The next cyberattack could render your anti-virus and encryption software useless

Researchers including Prof. Kevin Fu and CSE graduate student Timothy Trippel have demonstrated a new way of using sound to interfere with devices containing accelerometers, such as smartphones. This presents a new avenue for hackers to use in compromising devices to steal information or disrupt communication. [Full Story]

Related Topics:  Fu, Kevin  Lab-Computer Engineering (CE Lab)  Lab-Software Systems  Security (Computing)  

Smartphone Accelerometers Can Be Fooled by Sound Waves

This article features work done by Prof. Kevin Fu and his collaborators in which they demonstrate a way to take control of or influence devices such as smartphones through the use of sound waves. [Full Story]

Related Topics:  Embedded Computing and Systems  Fu, Kevin  Internet of Things  Lab-Computer Engineering (CE Lab)  Lab-Software Systems  Security (Computing)  

It's Possible to Hack a Phone With Sound Waves, Researchers Show

This article features work done by Prof. Kevin Fu and his collaborators in which they demonstrate a way to take control of or influence devices such as smartphones through the use of sound waves. The Department of Homeland Security is expected to issue a security advisory alert for affected chips. [Full Story]

Related Topics:  Embedded Computing and Systems  Fu, Kevin  Lab-Computer Engineering (CE Lab)  Lab-Software Systems  Security (Computing)  

Sonic Cyber Attacks Show Security Holes in Ubiquitous Sensors

Sound waves can be used to hack into critical sensors used in a broad array of technologies including smartphones, automobiles, medical devices, and the Internet of Things, according to research performed by Prof. Kevin Fu, Prof. Peter Honeyman, CSE graduate student Timothy Trippel, and their collaborators at the University of South Carolina. [Full Story]

Related Topics:  Embedded Computing and Systems  Fu, Kevin  Graduate Students  Internet of Things  Lab-Computer Engineering (CE Lab)  Lab-Software Systems  Security (Computing)  

Professor Who Urged an Election Recount Thinks Trump Won, but Voting Integrity Still Concerns Him

This article in the Chronicle of Higher Education includes a Q and A with Prof. J. Alex Halderman on the 2016 presidential election recount and on the challenges ahead for election integrity. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Inside the Recount

This story provides an in-depth, inside view of how the recount effort for the 2016 presidential election - of which Prof. J. Alex Halderman was a primary participant - was sparked, how it came to focus on three states, what the results showed, and what we can learn from it all. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Our Voting System Is Hackable by Foreign Powers

This article reviews the vulnerabilities that currently exist in our voting system. It references Prof. J. Alex Halderman, who has stated that he and his students could have changed the results of the November election. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

The 2016 US Election Wasnt Hacked, but the 2020 Election Could Be

Prof. Alex Halderman is quoted in this article which reports on the recent Chaos Communication Congress. "Developing an attack for one of these machines is not terribly difficult," says Prof. Halderman. "I and others have done it again and again in the laboratory. All you need to do is buy one government surplus on eBay to test it out." [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Prof. Kevin Fu to deliver endowed Dr. Dwight Harken Memorial Lecture on medical device security

Prof. Kevin Fu has been selected to give the annual Dwight E. Harken Lecture during the AAMI 2017 Conference & Expo in Austin, TX, June 912. Prof. Fu directs the Archimedes Center for Medical Device Security and the Security and Privacy Research Group at Michigan and is also CEO and chief scientist of Virta Labs, Inc. [Full Story]

Related Topics:  Fu, Kevin  Lab-Computer Engineering (CE Lab)  Medical Device Security  Security (Computing)  

Five things that got broken at the oldest hacking event in the world

Chaos Communications Congress is the world's oldest hacker conference, and Europe's largest. Every year, thousands of hackers gather in Hamburg to share stories, trade tips and discuss the political, social and cultural ramifications of technology. This story quotes Prof. J. Alex Halderman, who with his student Matt Bernhard, has studied the security of the past US presidential election. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Trump Allowed to Join Fight Against Pennsylvania Recount

A battle over whether or not a recount of ballots cast in Pennsylvania during the recent presidential campaign is taking place. In the case made for a recount, hackers could have easily infected Pennsylvanias voting machines with malware designed to lay dormant for weeks, pop up on Election Day and then erase itself without a trace, according to Prof. J. Alex Halderman. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Vote Recount Push Advances, but Reversing Trumps Win Is Unlikely

This article in the New York Times reports on the uneven progress toward recounts in three key states for the recent presidential election. Led by Green Party candidate Jill Stein, the recounts were inspired by a call from leading security experts, including Prof. J. Alex Halderman. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Computer scientists urge Clinton campaign to challenge election results

CNN reports that a group of top computer scientists, including Prof. J. Alex Halderman, have urged Hillary Clinton's campaign to call for a recount of vote totals in Wisconsin, Michigan and Pennsylvania. The computer scientists believe they have found evidence that vote totals in the three states could have been manipulated or hacked and presented their findings to top Clinton aides on a call last Thursday. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Trump election: Activists call for recount in battleground states

The BBC reports on the call by leading computer scientists, including Prof. J. Alex Halderman, for a recount of votes in the presidential election in three swing states. Their analysis shows that Clinton performed worse in counties that relied on electronic voting machines compared to paper ballots and optical scanners. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Want to Know if the Election was Hacked? Look at the Ballots

In this post, Prof. J. Alex Halderman sets the record straight regarding what he and other leading election security experts have actually been saying to the Clinton campaign and everyone else whos willing to listen. He describes a situation where malware could be a factor in the vote totals during the presidential election. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Experts Urge Clinton Campaign to Challenge Election Results in 3 Swing States

Leading computer security experts with an interest in election integrity, including Prof. J. Alex Halerman, have called for a recount of the votes cast in the presidential election in three key swing states. They believe they have found evidence that results in Wisconsin, Michigan, and Pennsylvania may have been manipulated. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Vulnerable connected devices a matter of "homeland security"

This article describes the security ramifications of unprotected IoT devices such as internet-connected cameras, video recorders on the larger Internet. It quotes Prof. Kevin Fu on the effort that would be required to secure this new ecosystem. [Full Story]

Related Topics:  Fu, Kevin  Internet of Things  Lab-Computer Engineering (CE Lab)  Security (Computing)  

Professor to Congress: "Internet of Things security is woefully inadequate"

As the Internet of Things grows around us, so do the threat of cybersecurity breaches severe enough to shut down hospitals and other vital infrastructure. This is the message that Prof. Kevin Fu delivered to lawmakers at a congressional hearing this week. [Full Story]

Related Topics:  Fu, Kevin  Lab-Computer Engineering (CE Lab)  Security (Computing)  

After Dyn cyberattack, lawmakers seek best path forward

In a hearing hosted by the House Energy and Commerce Committee, University of Michigan professor Kevin Fu, Level 3 Communications Chief Security Officer Dale Drew and computer security luminary Bruce Schneier briefed Congress on the challenges posed by insecure internet-connected devices and whether they believe the government can make a difference. This article provides a summary of the proceedings. [Full Story]

Related Topics:  Fu, Kevin  Lab-Computer Engineering (CE Lab)  Security (Computing)  

Regulate cybersecurity or expect a disaster, experts warn Congress

The U.S. government must demand that all internet-connected devices have built-in security, according to experts including Prof. Kevin Fu who warned Congress that the country could soon face a disastrous, lethal cyberattack. [Full Story]

Related Topics:  Fu, Kevin  Internet of Things  Lab-Computer Engineering (CE Lab)  Security (Computing)  

Kevin Fu Testifies on the Role of Connected Devices in Recent Cyber Attacks

Prof. Kevin Fu testified before the House Energy and Commerce Committee on the role of connected devices in recent cyber attacks on Wednesday, Nov 16, 2016. Follow the link to see a video of the proceedings. [Full Story]

Related Topics:  Fu, Kevin  Lab-Computer Engineering (CE Lab)  Security (Computing)  

The Network Standard Used in Cars Is Wide Open to Attack

As automobiles grow increasingly computerized, the security of the network for in-vehicle communication is a growing security concern. New research by Prof. Kang G. Shin and graduate student Kyong-Tak Cho demonstrates that the controller area network (CAN) protocol implemented by in-vehicle networks has a new and potentially quite dangerous vulnerability. [Full Story]

Related Topics:  Graduate Students  Lab-Software Systems  Networking, Operating Systems, and Distributed Systems  Security (Computing)  Shin, Kang G.  

How Safe is Your Smart Home?

The Smart Home sounds like a great idea. But is it an unsafe home? "I would be cautious, overall," says Prof. Atul Prakash. "The technology is relatively new. Hardware is probably a little bit ahead of the software at this point, and a lot of vulnerabilities we are seeing are primarily on the software side of things." Read more and listen to the full interview here. [Full Story]

Related Topics:  Lab-Software Systems  Prakash, Atul  Security (Computing)  

A Lot Of Voting Machines Are Broken Across America (But It's Totally Normal)

Forbes reports on numerous reports of broken machines causing epic queues and peeving voters. Matt Bernhard, CSE graduate student and an expert on the security of electoral systems, says that "This year isn't that different, other than I'm expecting higher turnout which may stress the infrastructure more." [Full Story]

Related Topics:  Graduate Students  Lab-Software Systems  Security (Computing)  

US election: Experts keep watch over 'hack states'

"Unless the election is extraordinarily close, it is unlikely that an attack will result in the wrong candidate getting elected," suggest CSE graduate student Matt Bernhard and Prof. J. Alex Halderman. But they say the risk the election process could be disrupted by hackers should be taken extremely seriously. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

US Election Systems Seen 'Painfully Vulnerable' to Cyberattack

This article sheds light on potential cyberattacks during the U.S election. Some cybersecurity analysts warned that hackers of even moderate talent could possibly throw the results of the 2016 presidential election into chaos. Prof. Halderman hopes all the attention on voting-system vulnerabilities will motivate state governments to invest in cybersecurity for the 2020 elections. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Next Weeks Anticipated U.S. Election

This article discusses the vulnerabilities of direct recording electronic voting systems. It quotes Prof. J. Alex Halderman and his colleagues on the security of DREs. Twenty-nine states still use DREs and five states: Delaware, Georgia, Louisiana, New Jersey and South Carolina, use the easily compromised machines without a paper trail. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Forget rigged polls: Internet voting is the real election threat

Prof. J. Alex Halderman and his contemporaries have been tireless in warning us of the security risks associated with internet voting. Will we listen? [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

The Security Challenges of Online Voting Have Not Gone Away

This guest post on IEEE Spectrum by CSE graduate student Matthew Bernhard, Prof. J. Alex Halderman, and Robert Cunningham, Chair of the IEEE Cybersecurity Initiative, lays out the details for the case against Internet voting. [Full Story]

Related Topics:  Graduate Students  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

How the 2016 Election Could Be Hacked (story+video)

Is our voting system really vulnerable to hackers? Professor of computer science, J. Alex Halderman, explains the situation to VICE News in this segment that originally aired on October 24. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

$800K in Research Awards Aim to Address Data Science

Four research teams from the University of Michigan and Shanghai Jiao Tong University in China are sharing $800,000 in awards to use data science techniques to address big challenges. Prof. Atul Prakash is co-PI for a project that aims to develop algorithms and mechanism design to incentivize users to charge electric vehicles at appropriate times and locations, leading to better load management, a more reliable grid, and cost savings. [Full Story]

Related Topics:  Big Data  Electric Vehicles and HEVs  Lab-Software Systems  Prakash, Atul  Security (Computing)  

Using cyber security to keep your ballot safe ahead of the presidential election

This TV news segment features an interview with CSE graduate student Matthew Bernhard. He is interviewed about the possibility for stolen votes in the upcoming election. His answer: Michigan has a paper ballot/optical scan system, which is considered best practice. Touchscreen, paperless systems like those in Ohio, Virginia, and some other states are not secure enough yet. [Full Story]

Related Topics:  Graduate Students  Lab-Software Systems  Security (Computing)  

How to (Really) Steal an Election (audio)

Prof. J. Alex Halderman is interviewed on the dangers posed by electronic voting in this story. The story covers all types of concerns regarding elections, from Donald Trump's warning of a rigged election through the Bush v. Gore contest and the use of electronic voting systems. Halderman appears at about 20:15. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Matthew Bernhard on the Steve Gruber Show (audio)

Matthew Bernhard, a CSE graduate student working with Prof. J. Alex Halderman, speaks on the Steve Gruber Show about the possibility for voting fraud in Michigan during the upcoming election. He is introduced just over one minute into the show. [Full Story]

Related Topics:  Graduate Students  Lab-Software Systems  Security (Computing)  

Rigging the Election

Jason Smith, writer and director of the documentary "I Voted?", references work done by Prof. J. Alex Halderman in demonstrating the vulnerabilities of electronic voting systems in this opinion piece. Mr. Smith's mission has been to reinforce the message that "Nothing is more important to the future of our democracy than ensuring the integrity of all elections." [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

This Is Why We Still Cant Vote Online

This article highlights the work done by security researchers to demonstrate the dangers inherent in the use of paperless electronic voting systems. It spotlights work done by Prof. J. Alex Halderman and his students in 2010, when they accepted a challenge to hack Washington DC's proposed new Internet system. The research team was able to hack the system, steal records, and modify it to play the Michigan fight song -- all in less than two days. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Experts: State Should Audit Election Results

Since hackers have targeted the election systems of more than 20 states, cyber-security experts including Prof. J. Alex Halderman say Michigan should change its policy and routinely audit a sample of its paper ballots to protect against election fraud. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

As cyberthreats multiply, hackers now target medical devices

This article, which quotes Prof. Kevin Fu, describes the threat of malware for implantable medical devices and for hospital systems. Because these systems were typically designed without security in mind, "There is no [impervious] device," says Prof. Fu. [Full Story]

Related Topics:  Fu, Kevin  Lab-Computer Engineering (CE Lab)  Medical Device Security  Security (Computing)  

Why Can't We Vote Online?

This article on the security concerns associated with Internet voting points to the 2010 hack of the District of Columbia's internet voting system by researchers led by Prof. J. Alex Halderman as a prime example of what could go wrong. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Technology Will Destroy Democracy Unless This Man Stops It

This article provides an in-depth profile of Prof. J. Alex Halderman and his research in the area of security, in particular his work in exposing the security vulnerabilities of electronic voting systems and his additional work in the area of internet anticensorship. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Cybersecurity and Voting Machine Security (video)

Prof. J. Alex Halderman appeared on C-SPAN to discuss vulnerabilities associated with electronic voting and to answer viewer questions. It's worth viewing this 40-minute video segment of the C-SPAN airing. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Despite Flaws, Paperless Voting Machines Remain Widespread in the U.S.

This article surveys problems associated with aging and insecure electronic voting systems. It quotes Prof. J. Alex Halderman, a leading researcher in this area, as saying, "Clearly we still have a long way to go to ensure that all Americans have access to a form of voting technology they can trust." [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Paperless voting could fuel 'rigged' election claims

This article describes the concern that talk of a potentially "rigged" election could undermine confidence in results. Amongst the issues associated with electronic voting is that many systems do not produce paper backups that could be used for verification, according to Prof. J. Alex Halderman, who is quoted in the article. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Expert Questions Claim That St. Jude Pacemaker Was Hacked

This article reports on the work done by Prof. Kevin Fu and his collaborators, which has called into question the allegations of security flaws in St. Jude Medical's pacemakers and other life-saving medical devices. The claim of security holes was made by short-selling investment research firm Muddy Waters Capital LLC and medical device security firm MedSec Ltd [Full Story]

Related Topics:  Fu, Kevin  Lab-Software Systems  Security (national and personal safety)  

Guarding Presidential Election Vote Integrity Presents a Daunting Task

Prof. J. Alex Halderman is quoted in this article regarding election integrity. He points out that any election system must be able to prove that results are accurate in order to dispel concerns about vote rigging. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Hacking Report on St. Jude Pacemakers Was Flawed, Researchers Say

This article details how a report on cybersecurity vulnerabilities in St. Jude Medicals implantable heart devices released last week by short sellers was flawed and didnt prove the flaws existed, according to a review by University of Michigan researchers including Prof. Kevin Fu. [Full Story]

Related Topics:  Fu, Kevin  Lab-Computer Engineering (CE Lab)  Security (Computing)  

New Concerns About Hacks Into State Voting Systems

Prof. J. Alex Halderman was a guest on the Diane Rehm show on August 31, where the conversation included discussion of the security of elections. Click the "Listen" button under the headline to hear the interview; the discussion with Prof. Halderman begins at 20:30. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Holes Found in Report on St. Jude Medical Device Security

Michigan researchers including Prof. Kevin Fu have reproduced experiments alleging security flaws in St. Jude Medical's pacemakers and other life-saving medical devices and have concluded that those claims are questionable. The report alleging the security flaws was released last week by short-selling investment research firm Muddy Waters Capital LLC and medical device security firm MedSec Ltd. [Full Story]

Related Topics:  Fu, Kevin  Lab-Computer Engineering (CE Lab)  Security (Computing)  

Correlation is Not Causation: Electrical Analysis of St. Jude Implant Shows Normal Pacing

This blog post by the Archimedes Center for Medical Device Security provides additional technical detail regarding the claims by Muddy Waters and St. Jude regarding pacemaker/defibrillator security. Prof. Kevin Fu, who heads the Archimedes Center, and his collaborators at Michigan have concluded that those claims are questionable. [Full Story]

Related Topics:  Fu, Kevin  Lab-Computer Engineering (CE Lab)  Security (Computing)  

University study finds flaws in criticism of St. Jude cyber security

This article reports on the work done by Prof. Kevin Fu and his collaborators, which has called into question the allegations of security flaws in St. Jude Medical's pacemakers and other life-saving medical devices. The claim of security holes was released last week by short-selling investment research firm Muddy Waters Capital LLC and medical device security firm MedSec Ltd. [Full Story]

Related Topics:  Fu, Kevin  Lab-Computer Engineering (CE Lab)  Security (Computing)  

How Electronic Voting Could Undermine the Election

Foreign hackers, domestic hackers, those with physical access to voting machines, and those who attack from afar: this article describes the multiple risks associated with electronic voting and highlights the work of Prof. J. Alex Halderman in making this clear to us. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Online voting could be really convenient. But its still probably a terrible idea.

This article reports on Internet voting availability in the US. It then examines Estonia's electronic voting system, which has been been hailed by some as a model system for secure electronic voting. Prof. J. Alex Halderman, who was part of a security team that documented failings in the Estonian system, disagrees and is quoted in the article. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Researchers David Adrian and Prof. J. Alex Halderman Receive Pwnie Award for Work on DROWN Attack

A research team that includes CSE PhD student David Adrian and Prof. J. Alex Halderman has been awarded the Pwnie Award for Best Cryptographic Attack at the Black Hat conference for their work on the DROWN attack. DROWN allows attackers to break encryption used to protect HTTPS websites and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data. [Full Story]

Related Topics:  Graduate Students  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

How to Hack an Election in 7 Minutes

This in-depth article in Politico traces the history of "the Princeton group" -- a cadre of security experts, including Michigan's Prof. J. Alex Halderman, who grew out of Andrew Appel and Ed Felton's groups at Princeton and have influenced the conversation on the security of electronic voting. The article concludes with this remark from Halderman regarding the danger posed by state-sponsored cyber attackers: "We sit around all day and write research papers. But these people are full time exploiters. They're the professionals. We're the amateurs." [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

CSE Researchers Win Pwnie Award for Work on DROWN Attack

A research team that includes CSE PhD student David Adrian and Prof. J. Alex Halderman has been awarded the Pwnie Award for Best Cryptographic Attack at the BlackHat conference for their work on the DROWN attack. DROWN is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security. [Full Story]

Related Topics:  Graduate Students  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

With Over 7 Million Certificates Issued, Let's Encrypt Aims to Secure the Entire Web

Let's Encrypt, the non-profit certificate authority founded by Prof. J. Alex Halderman with colleagues at Mozilla and Electronic Frontier Foundation, is well on its way to securing the web. By making the switch to HTTPS free and easy, Let's Encrypt has issued over 7 million certificates since December 2015. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Networking, Operating Systems, and Distributed Systems  Security (national and personal safety)  

The DNC Leak Shows How Vulnerable This Election Is To Hacking

Security experts including Prof. J. Alex Halderman are quoted in this article about the security risks associated with electronic voting. Many studies conducted by Prof. Halderman and his contemporaries have demonstrated that elections based on electronic voting are at risk of manipulation - often without detection. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Clever Tool Shields Your Car From Hacks by Watching its Internal Clocks

In a paper they plan to present at the Usenix security conference next month, researchers led by Kang G. Shin, the Kevin and Nancy O'Connor Professor of Computer Science, describe an easy-to-assemble tool they call the Clock-based Intrusion Detection System, or CIDS. CIDS characterizes the clock inaccuracies of all of the processors in a car in order to spot the malicious messages that hackers use to take control of vehicle components like brakes and transmission. [Full Story]

Related Topics:  Automotive industry  Graduate Students  Lab-Software Systems  Security (Computing)  Shin, Kang G.  

The Mr. Robot Hack Report: Ransomware and Owning the Smart Home

This article references work done by UM CSE researchers, led by Prof. Atul Prakash, who recently exposed vulnerabilities in the Samsung SmartThings platform that let them set off smoke alarms or even unlock doors. [Full Story]

Related Topics:  Lab-Software Systems  Prakash, Atul  Security (Computing)  

Online voting would be disastrous because hackers could hijack the democratic process

This article frames the very real dangers of online voting and underscores them with examples from Prof. J. Alex Halderman's work in demonstrating weaknesses in the Estonian online voting system and Washington DC's 2010 attempt at an Internet voting system. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

Experimenting with Post-Quantum Cryptography

This Google blog post announces the company's decision to test post-quantum cryptography in Chrome, in which a small fraction of connections between desktop Chrome and Google's servers will use a post-quantum key-exchange algorithm in addition to the elliptic-curve key-exchange algorithm that would typically be used. The algorithm used in the test builds on work by Prof. Chris Peikert and his collaborators. [Full Story]

Related Topics:  Data and Computing  Lab-Theory of Computation  Peikert, Chris  Quantum Computing  Security (Computing)  

Two Michigan Papers Win Top Awards at IEEE Security and Privacy Symposium

Two papers authored by EECS researchers were selected for top honors at the 37th IEEE Symposium on Security and Privacy. One of the papers, describing and demonstrating a malicious hardware backdoor, received the Distinguished Paper Award. The second, which demonstrated security failings in a commercial smart home platform, received the Distinguished Practical Paper Award. [Full Story]

Related Topics:  Austin, Todd  Computer Architecture  Graduate Students  Hicks, Matt  Internet of Things  Lab-Computer Engineering (CE Lab)  Lab-Software Systems  Prakash, Atul  Security (Computing)  Sylvester, Dennis  

U-M cyber security startup purchased by FICO

QuadMetrics, a cyber risk security startup co-founded by Prof. Mingyan Liu, announced it has been purchased. Analytic software company FICO of San Jose, Calif., bought QuadMetrics to help in its development of a FICO Enterprise Security Score. The scores will rank an organization's level of cyber security risk, the company said in a statement. [Full Story]

Related Topics:  Lab-Systems  Liu, Mingyan  Security (Computing)  Technology Transfer  

Michigan and Verisign Researchers Demonstrate New Man-in-the-Middle WPAD Query Attack

Security researchers including Prof. Z. Morley Mao and CSE graduate student Qi Alfred Chen have demonstrated that new security ramifications exist when laptops and smartphones configured for enterprise systems and using generic top-level domains are used outside the enterprise in the realm of the wider web. [Full Story]

Related Topics:  Graduate Students  Lab-Software Systems  Mao, Zhuoqing Morley  Networking, Operating Systems, and Distributed Systems  Security (Computing)  

Undetectable proof-of-concept chip poisoning uses analog circuits to escalate privilege

In this article, Cory Doctorow describes work by Michigan researchers that demonstrates a "novel, frightening attack on the integrity of microprocessors." The paper describes the attack, which is nearly undetectable, and how it can lead to full control of a computing system. [Full Story]

Related Topics:  Austin, Todd  Computer Architecture  Graduate Students  Lab-Computer Engineering (CE Lab)  Security (Computing)  Sylvester, Dennis  

This "Demonically Clever" Backdoor Hides in a Tiny Slice of a Computer Chip

This article in Wired describes work by Michigan researchers that demonstrates how a hacker could hide a malicious backdoor in silicon and trigger it to gain access to a computing system. Google engineer Yonatan Zunger is quoted as saying "This is the most demonically clever computer security attack Ive seen in years." [Full Story]

Related Topics:  Austin, Todd  Blaauw, David  Computer Architecture  Graduate Students  Lab-Computer Engineering (CE Lab)  Security (Computing)  

Security Risks in the Age of Smart Homes

CSE graduate student Earlence Fernandes writes about the security risks of connected homes in this article at The Conversation. Earlence is part of a research team that included Prof. Atul Prakash and Jaeyeon Jung of Microsoft, which exposed security flaws in Samsung's popular SmartThings product offerings. [Full Story]

Related Topics:  Graduate Students  Lab-Software Systems  Prakash, Atul  Security (Computing)  

Fighting Cyber Crime with Data Analytics

Companies like Sony, JP Morgan Chase, Target, and even some state universities have had sensitive information like credit card numbers and account logins leaked, resulting in far-reaching economic consequences for countless households. Prof. Liu co-founded QuadMetrics to keep companies diligent when it comes to cybersecurity. QuadMetrics offers a pair of services to help companies both assess the effectiveness of their security and decide the best way to allocate (or increase) their security budget. [Full Story]

Related Topics:  Big Data  Entrepreneurship  Graduate Students  Lab-Systems  Liu, Mingyan  Security (Computing)  

Hacking into Homes: Security Flaws Found in SmartThings Connected Home System

Prof. Atul Prakash, CSE graduate student Earlence Fernandes, and Jaeyeon Jung (Microsoft Research), have performed a security analysis of the SmartThings programming framework. They were able to hack into the automation system and essentially get the PIN code to a homes front door. [Full Story]

Related Topics:  Lab-Software Systems  Prakash, Atul  Security (Computing)  Security (national and personal safety)  

Your Devices' Latest Feature? They Can Spy on Your Every Move

In The Converstation, Prof. HV Jagadish sheds light on how smart devices are a gateway for hackers to spy on you. Since devices are networked, they can communicate in ways we dont want them to and people can take control of these technologies to learn private information about you. [Full Story]

Related Topics:  Jagadish, HV  Lab-Software Systems  Security (Computing)  Security (national and personal safety)  

Dropping USB Drives Is the Easiest Trick Hackers Can Use - And You're Probably a Sucker

Researchers including CSE graduate student Zakir Durumeric have discovered a highly effective security hack to gain access to others' computing systems - leaving USB flash drives with malicious payloads laying on the ground. In their study, they found there is a nearly 50% chance that someone will pick up a given drive, plug it into their computer, and start clicking. This presents the opportunity for malware to be activated. [Full Story]

Related Topics:  Graduate Students  Lab-Software Systems  Security (Computing)  

Malware Attacks On Hospitals Put Patients At Risk

The article at NPR describes recent cases in which hospitals became the victims of ransomware attacks. Prof. Kevin Fu, an expert on the security vulnerabilities of medical equipment, is quoted. [Full Story]

Related Topics:  Fu, Kevin  Lab-Computer Engineering (CE Lab)  Security (Computing)  

With Hospital Ransomware Infections, the Patients Are at Risk

The article in MIT Technology Review quotes Prof. Kevin Fu on the recent string of ransomware attacks against hospitals. Prof. Fu's research is in the area of security for medical equipment, from implanted devices through bedside monitoring equipment, medical diagnostic equipment, and medical IT systems. [Full Story]

Related Topics:  Fu, Kevin  Lab-Computer Engineering (CE Lab)  Security (Computing)  

Startup Co-founded by Prof. Kevin Fu Gets NSF Grant

Healthcare security company Virta Laboratories, Inc, co-founded by Prof. Kevin Fu, has received a $750,000 grant from the National Science Foundation Small Business Innovation Research (SBIR) program. Virta Labs provides hardware and software cybersecurity solutions for hospitals. [Full Story]

Related Topics:  Entrepreneurship  Fu, Kevin  Lab-Computer Engineering (CE Lab)  Security (Computing)  

Drown attack: how weakened encryption jeopardizes 'secure' sites

This article describes how researchers including Prof. J. Alex Halderman have succeeded in attacking "secure" connections that are used in email, news and entertainment services. The article notes that the technique could affect up to one third of all websites that use secure communications and is a legacy of past efforts to water down online encryption. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)  

'Thousands of popular sites' at risk of Drown hack attacks

This article describes how researchers including Prof. J. Alex Halderman have discovered a new way to disable popular internet encryption protocols. Their "DROWN" attack takes advantage of past government rules against strong encryption in technology to be exported. The rules have since changed, but the effects live on. [Full Story]

Related Topics:  Halderman, J. Alex  Lab-Software Systems  Security (Computing)