Cybersecurity
News Feed
WHYY PBS: October 28, 2024
Despite reassurances, election security risks continue to mount
Prof. J. Alex Halderman is profiled in this piece on Philadephia-region PBS affiliate WHYY. The interview summarizes Halderman's background as a security researcher and interviews him on the details of the vulnerabilities that exist in our election infrastructure.CBS News: October 25, 2024
False claims about machines "switching" votes are going viral. Here's what to know.
As viral claims about "switching" votes circulate, experts have said that there is no evidence of machines being hacked or programmed to alter ballots in an actual election. However, the "gold standard protection" for Americans are hand-marked paper ballots, according to Prof. J. Alex Halderman.Hacked voting machine donated to Henry Ford museum
The machine was used by Prof. J. Alex Halderman for election cybersecurity research, and in a demonstration during which then-Senator Kamala Harris voted on it.Visiting researcher assesses Starlink as path to avoid government censorship
The study is the first to technically describe how and to what extent Starlink can be used to access the internet from inside Iran.Mingyan Liu named Alice L. Hunt Collegiate Professor of Engineering
Mingyan Liu, renowned for her research specializing in communication networks and cybersecurity, has served as Chair of ECE since 2018. (video of the talk now available)Register: September 19, 2022
Can reflections in eyeglasses actually leak info from Zoom calls? Here's a study into it
The Register features ECE PhD student Yan Long's analog cybersecurity research, focusing on how bespectacled video conferencing participants are inadvertently revealing sensitive on-screen information via reflections in their eyeglasses.Researchers earn USENIX Test of Time for work in exposing network key vulnerabilities
The award recognizes “Mining Your Ps and Qs” for its lasting contributions to the field of security and encryption.U-M spin-off Agita Labs releases always encrypted computing product
TrustForge, based on U-M research spearheaded by Austin and Bertacco, provides users with the ability to protect data using a process called sequestered encryptionKang G. Shin recognized with Distinguished Leadership Award by IEEE Computer Society Technical & Conference Activities Board
His work in the area of real-time computing has spanned decades and has had impact in a broad range of applications.The Washington Post: February 21, 2022
New legislation could bring mobile voting to the District
New proposed legislation could bring mobile voting to Washington DC. Prof. J. Alex Halderman comments on why we may not be ready for this.ABC News: February 14, 2022
Feds oppose immediate release of voting machine report
A federal cybersecurity agency is reviewing a report under seal by Prof. J. Alex Halderman that indicates security vulnerabilities exist in voting machines used by Georgia and other states. Halderman has advocated to make his findings public in a limited and responsible way so that problems could be addressed.The New Yorker: December 21, 2021
The Catch-22 of Addressing Election Security
Prof. J. Alex Halderman comments on election security vulnerabilities versus current threats to the democratic process in this article that asks the question: How do politicians contend with the weaknesses in the voting system without fueling baseless claims of election fraud?Five ways to keep vaccine cold storage equipment safe from hackers
A medical security expert outlines the risks and how hospitals can protect themselves.MedTechDive: October 4, 2021
Ransomware attacks put availability of medical devices at risk: FDA cyber chief
Kevin Fu, acting director of cybersecurity at the FDA's Center for Devices and Radiological Health, says that "You can't have a safe and effective medical device if it's unavailable" due to ransomware.The NAE invites Necmiye Ozay to symposium to advance the engineering frontier
Prof. Ozay presented on her research that is relevant to cybersecurity and the future of space exploration.New York Times: September 2, 2021
G.O.P. Election Reviews Create a New Kind of Security Threat
Election security experts, such as Prof. J. Alex Halderman, are concerned about the security risks that are being introduced as non-election officials are granted broad access to voting equipment.Newsweek: June 9, 2021
Trump Says More Countries Should Ban Twitter: 'Perhaps I Should Have Done It While I Was President'
In this article, Prof. Roya Ensafi comments on how the June 2018 repeal of net neutrality in the U.S. has set the stage for potentially blocking websites nationwide.Network World: June 4, 2021
Experimental Morpheus CPU is ‘mind-bogglingly terrible’ to crack
Cybersecurity researchers have found the Morpheous chip, designed by a U-M team lead by S. Jack Hu Professor of Computer Science and Engineering Todd Austin, to virtually eliminate whole classes of exploits.MedTechDive: May 26, 2021
Ransomware, other cyber threats mount as medtech industry tries to adapt
Prof. Kevin Fu is interviewed on how cyber threats to the medical technology industry, including ransomware and other malware, are growing in sophistication and potentially putting patient safety at risk.Marina Minkin chosen for Facebook Fellowship
Marina’s research in security closely investigates the boundary between software and hardware.
DARPA pitted 500+ hackers against this computer chip. The chip won.
University of Michigan’s MORPHEUS technology emerges unscathed from bug bounty effort.
After five years, Let’s Encrypt, a non-profit based on tech developed at Michigan, has helped to secure the internet
Today, over 225 million websites are protected by free certificates issued by Let’s Encrypt.
National Security Agency Central Security Service: November 30, 2020
Winner of NSA’s 8th Annual Best Scientific Cybersecurity Research Paper Competition
The National Security Agency’s Research Directorate selected “Spectre Attacks: Exploiting Speculative Execution” as the winner of its 8th Annual Best Cybersecurity Research Paper competition. Prof. Daniel Genkin is one of the authors.PBS News Hour: October 28, 2020
Will Georgia’s new voting machines solve election problems — or make them worse?
Prof. J. Alex Halderman participates in a conversion about whether the latest voting technology being used in Georgia provides a stronger defense against meddling than the traditional paper ballot.NIST finalists for post-quantum security standards include research results developed by Prof. Chris Peikert
A new secure code is needed to protect private information from the power of quantum computing.
Wired: June 22, 2020
Hacker Lexicon: What Is a Side Channel Attack?
Prof. Daniel Genkin helps to explain why side channel attacks continue to happen in this article. Genkin has been involved in identifying a number of flaws that have been vulnerable to side channel attacks, enabling attacks such as the Meltdown, Spectre, RAMBleed, and Foreshadow attacks.New remote voting risks and solutions identified
The upcoming presidential election in the middle of a pandemic has jurisdictions exploring new technologies. They’re not secure.
New York Times: June 9, 2020
Amid Pandemic and Upheaval, New Cyberthreats to the Presidential Election
Fear of the coronavirus is speeding up efforts to allow voting from home, but some of them pose security risks. A new study by Prof. J. Alex Halderman identifies risks to election integrity and voter privacy on the OmniBallot platform, currently in use for the Delaware primaries and in other parts of the country.King's College: May 27, 2020
When is the likelihood of a cyber blackout?
Kings College London profiles the research of Assistant Research Scientist Ranjan Pal, who's estimating the risk of catastrophic cyber-attacks - and the financial impact on businesses and their cyber-insurance.Michigan Today: April 27, 2020
Probing tech’s soft underbelly
Prof. Kevin Fu's lab has demonstrated weaknesses in the electronic devices and sensors that we rely upon to illustrate the need for improvements in cybersecurity. He is profiled in this article.Xueru Zhang awarded Rackham Predoctoral Fellowship
Zhang is working to improve data security and address important ethical issues related to AI and discriminatory data sets.
Advancing the future of circuit design with Intel’s Dr. Eric Karl
Karl (BSE MSE PhD EE) talks about how his time at Michigan helped prepare him for his dream job at Intel and a career advancing embedded memory technology and circuits.
Data security for a safer world
ECE alum Kurt Rohloff helped create one of the world’s best homomorphic encryption software libraries, and he reflects on how his time at Michigan helped shape his career.
Todd Austin Named S. Jack Hu Collegiate Professor of Computer Science and Engineering
Prof. Austin is a creative, outside-the-box thinker who has produced a body of work that has had extraordinary impact in the area of computer architecture.
Real-time monitor tracks the growing use of network filters for censorship
The team says their framework can scalably and semi-automatically monitor the use of filtering technologies for censorship at global scale.
Gizmodo: February 6, 2020
Buggy Iowa Caucus App Is Buggy, Security Experts Say
“It’s total amateur hour,” Prof. J. Alex Halderman says of a vulnerable app used in the Iowa Caucuses.
The Washington Post: February 6, 2020
Here’s why NSA rushed to expose a dangerous computer bug
Hackers could have used vulnerabilities in the IowaReporterApp to intercept or even change passwords, vote totals, and other sensitive information, with commentary from Prof. J. Alex Halderman.
Bloomberg: February 4, 2020
How Multiple System Failures Produced Debacle in Iowa Caucus
Prof. J. Alex Halderman spoke about how the spectacle in the Iowa Caucuses should serve as a cautionary tale about electronic and internet voting.
Halderman honored for public engagement efforts
The U-M presidential award honors individuals who provide sustained, dedicated, and influential leadership and service in major national or state capacities.The New York Times: February 3, 2020
App Used to Tabulate Votes Is Said to Have Been Inadequately Tested
Prof. J. Alex Halderman provides commentary on the vulnerabilities of app used in the Iowa Caucuses.
National Public Radio: January 30, 2020
Puerto Rico’s Internet Voting Plan Threatens Election Security: ACLU
Puerto Ricans could be casting their ballots online only in the next eight years, and Prof. J. Alex Halderman provides criticism.
Wired: January 27, 2020
Intel Is Patching the Patch for the Patch for Its ‘Zombieload’ Flaw
A research team from Michigan and University of Adelaide has identified a new microarchitectural attack that is capable of bypassing the buffer overwrite countermeasures in INtel's flagship processors.The New York Times: January 13, 2020
‘Chaos Is the Point’: Russian Hackers and Trolls Grow Stealthier in 2020
While American election defenses have improved since 2016, many of the vulnerabilities exploited four years ago remain. Comments by Prof. J. Alex Halderman.
Politico: January 10, 2020
Research undercuts arguments from ballot-marking device advocates
Ballot-marking devices are still vulnerable to hacks, according to a study from EECS-CSE professor Alex Halderman.
The Washington Post: January 9, 2020
Voting machines touted as secure option are actually vulnerable to hacking
EECS-CSE professor Alex Halderman's latest study shows that hybrid voting machines are still vulnerable to hacks.Bloomberg: January 9, 2020
Voters fail mock election, exposing vulnerability to hackers
The latest study from EECS-CSE professor Alex Halderman shows vulnerabilities in ballot-marking devices.SmarterEveryDay: January 6, 2020
Breaking Into a Smart Home With A Laser – Smarter Every Day 229
Graduate student Ben Cyr demonstrates how his lab was able to hack into smart speakers with a laser.
Researchers design new solution to widespread side-channel attacks
The proposal provides a chip-level safeguard against sensitive data being transmitted after it’s accessed.
How Let’s Encrypt doubled the percentage of secure websites in four years
A Q&A with J. Alex Halderman, who co-founded the nonprofit organization.
How Russia’s online censorship could jeopardize internet freedom worldwide
The nation is using inexpensive commodity equipment to block 170K domains on more than 1K privately-owned ISPs.
Researchers take control of Siri, Alexa, and Google Home with lasers
The newly discovered microphone vulnerability allows attackers to remotely inject inaudible and invisible commands into voice assistants using light.
Year of vulnerability hunting uncovers potential attacks on Intel Chips, RAM
All three of these attacks put users’ privacy at risk, exploiting new routes to sensitive data.Remote attack on temperature sensors threatens safety in incubators and industry
The researchers demonstrated that an adversary could remotely manipulate the temperature sensor measurements without tampering with the targeted system or triggering automatic temperature alarms.
New attack on autonomous vehicle sensors creates fake obstacles
Up to this point, no attacks had been discovered targeting a car’s LiDAR system—but a major new finding from researchers at the University of Michigan has demonstrated what that might look like.
Best paper award for analysis of a decade of malware reports
The research suggests that common blacklist-based prevention systems are ineffective.
Ars Technica: June 11, 2019
Researchers use Rowhammer bit flips to steal 2048-bit crypto key
Prof. Daniel Genkin's group contributed to the discovery of a new side-channel attack targeting a computer's memory.Ars Technica: May 14, 2019
New speculative execution bug leaks data from Intel chips’ internal buffers
Intel-specific vulnerability was found by researchers including Prof. Daniel Genkin's group, calling their discovery of the attack Fallout.New chip stops hacks before they start
MORPHEUS can encrypt and reshuffle code thousands of times faster than human and electronic hackers.
Michigan’s new Election Security Commission holds inaugural meeting on U-M Campus
The meeting began the commission’s review and assessment of election security in Michigan.
Halderman co-chairs new commission to protect Michigan votes
The effort seeks to protect the integrity of every vote.
Election security: Halderman recommends actions to ensure integrity of US systems
In congressional testimony, professor urges $370M in federal funding to replace outdated machines.
Study reveals new data on region-specific website blocking practices
A team of researchers unearthed new data on geographic denial of access to web content in a new paper.
A secure future for US elections starts in the classroom
A new special topics course on election cybersecurity gives students an examination of the past, present, and future of US elections.
Tyche: A new permission model to defend against smart home hacks
“The work is an important step towards understanding how to make tradeoffs between usability and security.”
Intel processor vulnerability could put millions of PCs at risk
Patches can provide protection.
Undocumented immigrants’ privacy at risk online, on phones
When it comes to their smartphones, immigrants struggle to apply instinctive caution, according to a study by a team of University of Michigan researchers.
Mingyan Liu, 2018 Distinguished University Innovator, talks about her company and data science commercialization
Mingyan Liu, recipient of the 2018 Distinguished Innovator of the Year award, gave a talk about her startup company and participated on a panel discussing data science commercialiation.
Building a security standard for a post-quantum future
A large quantum computer could retroactively decrypt almost all internet communication ever recorded.
Zuckerberg Capitol Hill testimony: Engineering experts offer comments
U-M profs weigh new business model, European-style regulation
‘I hacked an election. So can the Russians.’
Professor Alex Halderman and the New York Times staged a mock election to demonstrate voting machine vulnerability.
Inaugural ECE Willie Hobbs Moore Alumni Lecture: Dr. Isaac R. Porche III
Porche discussed the changing definition of war and how information is playing a greater role than ever.
Michigan researchers discover vulnerabilities in next-generation connected vehicle technology
The vulnerability allows an attacker to manipulate a new intelligent traffic control algorithm and cause severe traffic jams.
CSE PhD student Matt Bernhard on the Facebook data breach
In this video, CSE PhD Student Matt Bernhard weighs in on the matter Facebook data harvesting, such as that done by Cambridge Analytica.
Internet-scanning U-M startup offers new approach to cybersecurity
Censys is the first commercially available internet-wide scanning tool. It helps IT experts to secure large networks with a constantly changing array of devices.
Unhackable computer under development with $3.6M DARPA grant
The researchers say they’re making an unsolvable puzzle: ‘It’s like if you’re solving a Rubik’s Cube and every time you blink, I rearrange it.’
The art of cyber war with Isaac Porche
Porche shares the global state of cyber warfare, and how his time at Michigan led him to the front lines.
Chris Peikert Receives TCC Test of Time Award for work in lattice cryptography
Prof. Peikert and his co-author received the award at the Fifteenth Theory of Cryptography Conference for their paper on efficient collision-resistant hashing on cyclic lattices.
Manos Kapritsos and collaborators win USENIX security paper award
Their paper introduces a new programming language and tool called Vale that supports flexible, automated verification of high-performance assembly code.
BugMD: automatic mismatch diagnosis for bug triaging
Bugs that are not caught before a product is released can cost companies billions of dollars.
Prof. J. Alex Halderman testifies in front of senate intelligence committee on secure elections
His remarks focused on vulnerabilities in the US voting system and a policy agenda for securing the system against the threat of hacking.
Smartphone security hole
‘Open port’ backdoors are common.
Open ports act as security wormholes into mobile devices
Researchers have for the first time characterized a widespread vulnerability in the software that runs on mobile devices.
Mingyan Liu: Confessions of a pseudo data scientist
Liu’s most recent research involves online learning, modeling of large-scale internet measurement data, and incentive mechanisms for security games.
Peter Honeyman receives USENIX Test of Time Award
The USENIX Test of Time Awards recognizes papers presented at its respective conference from at least 10 years ago that have had a lasting impact on their fields.
Researchers David Adrian and Alex Halderman receive Pwnie Award for work on DROWN attack
DROWN allows attackers to break encryption used to protect HTTPS websites and read or steal sensitive communications.
With over 7 million certificates issued, Let’s Encrypt aims to secure the entire web
In order to bring HTTPS to everyone, Prof. Halderman joined forces in 2012 with colleagues at Mozilla and the Electronic Frontier Foundation to found Let’s Encrypt, a non-profit certificate authority with the mission of making the switch to HTTPS vastly easier.
Two Michigan papers win top awards at IEEE Security and Privacy Symposium
One of the paper describes and demonstrates a malicious hardware backdoor. The other demonstrated security failings in a commercial smart home platform.
U-M cyber security startup purchased by FICO
Analytic software company FICO of San Jose, Calif., bought QuadMetrics to help in its development of a FICO Enterprise Security Score.
Michigan and Verisign researchers demonstrate new man-in-the-middle WPAD query attack
New security ramifications exist when laptops and smartphones configured for enterprise systems are used outside the enterprise in the realm of the wider web.
Fighting cyber crime with data analytics
QuadMetrics offers a pair of services to help companies both assess the effectiveness of their security and decide the best way to allocate (or increase) their security budget.
Hacking into homes: Security flaws found in SmartThings connected home system
New vulnerabilities form when hardware like electronic locks, thermostats, ovens, sprinklers, lights and motion sensors are networked and set up to be controlled remotely.
March 29, 2016
Security risks in the age of smart homes
Smart homes, an aspect of the Internet of Things, offer the promise of improved energy efficiency and control over home security. But there are also security risks. Smart home systems can leave owners vulnerable to serious threats, such as arson, blackmail, theft and extortion.Startup founded by U-M assoc. professor gets NSF grant
Healthcare security company Virta Laboratories, Inc. has received a $750,000 grant from the National Science Foundation Small Business Innovation Research (SBIR) program.
Security Flaw in New South Wales Puts Thousands of Online Votes at Risk
Securing Internet voting requires solving some of the hardest problems in computer security, and even the smallest mistakes can undermine the integrity of the election result.
Yi-Chin Wu receives ProQuest Distinguished Dissertation Award for research in network security
Her dissertation focused on “opacity,” which captures whether a given secret of the system can be inferred by intruders who observe the behavior of the system.
Yang Liu receives Best Applications Paper Award for cyber security research in phishing
His paper detailed his use of big data analysis to solve a major problem of cyber security.
Zakir Durumeric Selected for Google PhD Fellowship
Parinaz Naghizadeh, Researcher in economic network security, is named a Barbour Scholar
Parinaz’s research is in combining communications with economics to assess the security of a network and then apply that to cyber-insurance contracts.
Duo of CSE Alums Form and Grow Security Company in Ann Arbor
Serial entrepreneur Dug Song (CS BS 1997) and recent alum Jon Oberheide (CSE PhD 2011) founded security firm Duo Security in early 2010 and have rapidly grown their company to serve over 500 customers in 40+ countries around the world.