“Look, I’m not trying to freak you out here. Well, OK, maybe a little. But think about it: We have computers all over the place. Your laptop or desktop PC; maybe you have a tablet too, maybe a smartphone. And it doesn’t stop there. Your car might be computerized, your kitchen, the toys your kids got for Christmas. If any of those computers are connected to any kind of network, there exists an issue of security …
“Yoshi Kohno is an associate professor of computer science and engineering at the University of Washington. He and his team figured out how to break into a car’s internal, computer network. They were able to control the brakes and turn the car on and off. They also fiddled around with a commercially available toy robot. ‘One of the things we found is that as soon as we turned this toy robot on, it advertises a wireless ad hoc network that anyone can connect to,’ Kohno says …
“Kohno’s team has been looking into something far more serious than a toy robot: implanted medical devices. ‘We found that a person using their own equipment could wirelessly communicate with a pacemaker or defibrillator and change its settings, turn on and off therapies, and in fact make it issue a large shock,’ he says.”
Listen to the full story here.
“The break-in is one of the boldest known infiltrations in what has become a regular confrontation between US companies and Chinese hackers.
“Bradley Shear, George Washington University professor and Attorney At Law with the Law Office of Bradley S. Shear, LLC, Alexei Czeskis, Security and Privacy Research Lab with the Department of Computer Science & Engineering at the University of Washington, and Paul Rosenweig, Principal with Red Branch Consulting and a visiting fellow at Heritage, talk about this complex operation, which involved at least 300 internet addresses.”
Listen to the story here.
Jeff Bezos spent several hours in UW CSE labs on December 16 — discussing ubiquitous computing and sensing with Shwetak Patel and students; the future of search with Oren Etzioni; and the security of computer-controlled personal devices (such as automobiles) with Yoshi Kohno and students; as well as discussing future directions for the computer science field with Ed Lazowska and Hank Levy.
Recently, Miro Enev traveled to CCS 2011 to present his work with Sidhant Gupta on uncovering the depth of information leakage available on the modern powerline. The paper suggests that it is possible to tell what someone is watching on a TV by collecting a short period of unintentionally generated electromagnetic interference (EMI) from any wall socket in a home (not just the socket connected to the TV). This research was based on in-lab and in-home experiments with 8 TVs ranging in size, technology, and manufacturer, and a dataset of 20 movies plus over-the-air broadcasts. Miro and Sidhant also demonstrated the ability to train a neural network to predict the EMI of a television without need for physical access to the device. Full details in the paper. UW faculty members Shwetak Patel and Tadayoshi Kohno were also involved.
Earlier this year UW CSE security researcher Franzi Roesner released ShareMeNot — a Firefox plugin designed to help users avoid unwanted tracking by third party social media buttons on the Web while still allowing the user to use those buttons when they wish. ShareMeNot handles the Facebook Like button, the Google +1 button, and others.
Last night Franzi presented a poster of her work at the annual UW CSE Industrial Affiliates meeting. The Madrona Venture Group was extremely impressed by Franzi’s work and awarded her the Madrona Prize Runner Up Award. Congratulations Franzi!
UW CSE’s Karl Koscher is headed to Taiwan to give the opening talk at the 6th Workshop on Embedded Systems Security (WESS 2011) along with UCSD PhD student (and UW undergraduate alumnus) Steve Checkoway. Karl and Steve will be presenting their recent research results on automotive computer security, co-authored with UW’s Alexei Czeskis, Franziska Roesner, Shwetak Patel, and Yoshi Kohno and UCSD’s Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage. You can read about their research at http://www.autosec.org/faq.html.
Members of the UW Security and Privacy Lab surprised Yoshi with his new, most favorite shirt ever! Thank you Alexei, Franzi, Karl, Miro, and Tammy!
The paper titled deSEO: Combating Search-Result Poisoning was published last week at Usenix Security 2011. It describes how malware and viruses are spread through the poisoning of popular search keywords, and develops tools to help search engines fight the problem.
The paper was authored by John P. John and Arvind Krishnamurthy from UW, in collaboration with researchers at MSR, Silicon Valley.
The UW Security and Privacy Lab is now on Twitter. Follow us at https://twitter.com/#!/uw_cse_seclab.
The UW-UCSD collaborative project on automotive security has just published their second paper entitled “Comprehensive Experimental Analyses of Automotive Attack Surfaces” at Usenix Security 2011. The results in this paper were previously presented before a National Academy of Sciences committee on automotive safety (3.13.2011).
On the UW side, this effort was led by Karl Koscher, Alexei Czeskis, and Franziska Roesner (along with faculty member Yoshi Kohno). On the UCSD side, this effort was led by Stephen Checkoway, Damon McCoy, Brian Kantor, and Danny Anderson (along with faculty members Hovav Shacham and Stefan Savage).
A video of the Usenix Security talk is online here.