Security and Privacy
Microphones that “hear” light; microprocessors that “tell” us secrets; self-driving cars that “see” fake objects; sensors that “feel” the wrong temperature. Our devices are under attack in new, increasingly sophisticated ways. Security researchers at CSE are exploring the limits of hardware and finding new, sobering vulnerabilities in our computers and homes.
After five years, Let’s Encrypt, a non-profit based on tech developed at Michigan, has helped to secure the internet
Today, over 225 million websites are protected by free certificates issued by Let’s Encrypt.
Major side-channel discovery wins NSA contest
The winning paper broke open a new area of investigation in hardware-based data leaks.
Censored Planet: Tracking internet censorship without on-the-ground participation
Censored Planet is releasing technical details for other researchers and for activists.
5 ways Americans can keep their vote secure and accurate
Expert advice for voting in an unprecedented election.
CSE researchers help organize 10th anniversary workshop on internet freedom
Prof. Roya Ensafi and PhD candidate Reethika Ramesh led organizing efforts for USENIX’s Tenth Workshop on Free and Open Communications on the Internet.
$1.8M DARPA project aims to protect cars, trucks and spacecraft from hackers
Ironpatch could head off growing danger of security vulnerabilities in vehicle systems.
New collaboration promises greater innovation in medical device security
The two organizations will connect their membership and partner networks to work on advancing security for life-saving devices.
New remote voting risks and solutions identified
The upcoming presidential election in the middle of a pandemic has jurisdictions exploring new technologies. They’re not secure.
IEEE security conference features six accepted papers from CSE researchers
The projects impact voting systems, physical sensors, integrated circuit fabrication, and multiple microarchitectural side-channel vulnerabilities.
Rackham Predoctoral Fellowship for design of robust, reliable and repairable software systems
Subarno Banerjee uses program analysis to improve software systems’ safety and security.
Autonomous vehicles can be fooled to ‘see’ nonexistent obstacles
Vehicles that perceive obstacles that aren’t really there could cause traffic accidents.
Todd Austin Named S. Jack Hu Collegiate Professor of Computer Science and Engineering
Prof. Austin is a creative, outside-the-box thinker who has produced a body of work that has had extraordinary impact in the area of computer architecture.
Real-time monitor tracks the growing use of network filters for censorship
The team says their framework can scalably and semi-automatically monitor the use of filtering technologies for censorship at global scale.
Not enough voters detecting ballot errors and potential hacks, study finds
Researchers carried out the first study on voter behavior with electronic assistive devices, found 93% missed incorrect ballots.
Researchers design new solution to widespread side-channel attacks
The proposal provides a chip-level safeguard against sensitive data being transmitted after it’s accessed.
How Let’s Encrypt doubled the percentage of secure websites in four years
A Q&A with J. Alex Halderman, who co-founded the nonprofit organization.
How Russia’s online censorship could jeopardize internet freedom worldwide
The nation is using inexpensive commodity equipment to block 170K domains on more than 1K privately-owned ISPs.
Researchers take control of Siri, Alexa, and Google Home with lasers
The newly discovered microphone vulnerability allows attackers to remotely inject inaudible and invisible commands into voice assistants using light.
Offensive vehicle security toolbox makes car hacking easier
The new system is designed to save security researchers time and effort spent reverse-engineering the message format of every vehicle they study.
New tool combats evolving internet censorship methods
Technology pioneered by Michigan researchers can circumvent many effective website blocking tools
Year of vulnerability hunting uncovers potential attacks on Intel Chips, RAMAll three of these attacks put users’ privacy at risk, exploiting new routes to sensitive data.
Remote attack on temperature sensors threatens safety in incubators and industry
The researchers demonstrated that an adversary could remotely manipulate the temperature sensor measurements without tampering with the targeted system or triggering automatic temperature alarms.
PET Award for making privacy policies easier to read
The research generated a chatbot to help users sift through important details in privacy policies.
Best paper award for analysis of a decade of malware reports
The research suggests that common blacklist-based prevention systems are ineffective.
Michigan’s new Election Security Commission holds inaugural meeting on U-M Campus
The meeting began the commission’s review and assessment of election security in Michigan.
Halderman co-chairs new commission to protect Michigan votes
The effort seeks to protect the integrity of every vote.
Election security: Halderman recommends actions to ensure integrity of US systems
In congressional testimony, professor urges $370M in federal funding to replace outdated machines.
Facebook Fellowship for research on web privacy, security, and censorship
McDonald works to develop better privacy and security tools for marginalized communities
Online censorship detector aims to make the internet a freer place
Censored Planet could provide new insight into the flow of online information
Study reveals new data on region-specific website blocking practices
A team of researchers unearthed new data on geographic denial of access to web content in a new paper.
A secure future for US elections starts in the classroom
A new special topics course on election cybersecurity gives students an examination of the past, present, and future of US elections.
Tyche: A new permission model to defend against smart home hacks
“The work is an important step towards understanding how to make tradeoffs between usability and security.”
Intel processor vulnerability could put millions of PCs at risk
Patches can provide protection.
Undocumented immigrants’ privacy at risk online, on phones
When it comes to their smartphones, immigrants struggle to apply instinctive caution, according to a study by a team of University of Michigan researchers.
Building a security standard for a post-quantum future
A large quantum computer could retroactively decrypt almost all internet communication ever recorded.
Zuckerberg Capitol Hill testimony: Engineering experts offer comments
U-M profs weigh new business model, European-style regulation
‘I hacked an election. So can the Russians.’
Professor Alex Halderman and the New York Times staged a mock election to demonstrate voting machine vulnerability.
Michigan researchers discover vulnerabilities in next-generation connected vehicle technology
The vulnerability allows an attacker to manipulate a new intelligent traffic control algorithm and cause severe traffic jams.
CSE PhD student Matt Bernhard on the Facebook data breach
In this video, CSE PhD Student Matt Bernhard weighs in on the matter Facebook data harvesting, such as that done by Cambridge Analytica.
Can sound be used as a weapon? 4 questions answered
What happened to people inside the U.S. Embassy in Havana?
Cuba ‘sonic attacks’: A covert accident?
‘We’ve demonstrated a scenario in which the harm might have been unintentional.’
Chat tool simplifies tricky online privacy policies
Automated chatbot uses artificial intelligence to weed through fine print
FCC repeals net neutrality: Engineering experts offer comments
A long-standing tenet of the internet was overturned today.
An armed robber’s Supreme Court case could affect all Americans’ digital privacy for decades to come
How much can your cellphone reveal about where you go?
Manos Kapritsos and collaborators win USENIX security paper award
Their paper introduces a new programming language and tool called Vale that supports flexible, automated verification of high-performance assembly code.
Prof. J. Alex Halderman testifies in front of senate intelligence committee on secure elections
His remarks focused on vulnerabilities in the US voting system and a policy agenda for securing the system against the threat of hacking.
Smartphone security hole
‘Open port’ backdoors are common.
Sonic cyber attacks show security holes in ubiquitous sensors
Michigan Engineering researchers discuss and demonstrate the sound-based attacks they leveled at the accelerometers found in everyday electronics.
Professor to Congress: ‘Internet of Things security is woefully inadequate’
Michigan Engineering professor Kevin Fu spoke in front of congress on Nov. 16, 2016.
Peter Honeyman receives USENIX Test of Time Award
The USENIX Test of Time Awards recognizes papers presented at its respective conference from at least 10 years ago that have had a lasting impact on their fields.
Several Michigan Papers Presented at 2016 USENIX Security SymposiumA total of five papers authored by CSE researchers were presented.
Researchers David Adrian and Alex Halderman receive Pwnie Award for work on DROWN attack
DROWN allows attackers to break encryption used to protect HTTPS websites and read or steal sensitive communications.
With over 7 million certificates issued, Let’s Encrypt aims to secure the entire web
In order to bring HTTPS to everyone, Prof. Halderman joined forces in 2012 with colleagues at Mozilla and the Electronic Frontier Foundation to found Let’s Encrypt, a non-profit certificate authority with the mission of making the switch to HTTPS vastly easier.
Two Michigan papers win top awards at IEEE Security and Privacy Symposium
One of the paper describes and demonstrates a malicious hardware backdoor. The other demonstrated security failings in a commercial smart home platform.
Michigan and Verisign researchers demonstrate new man-in-the-middle WPAD query attack
New security ramifications exist when laptops and smartphones configured for enterprise systems are used outside the enterprise in the realm of the wider web.
Hacking into homes: Security flaws found in SmartThings connected home system
New vulnerabilities form when hardware like electronic locks, thermostats, ovens, sprinklers, lights and motion sensors are networked and set up to be controlled remotely.
Passwords, privacy and protection: Can Apple meet FBI’s demand without creating a ‘backdoor’?
Prof. H.V. Jagadish sheds light on current issues regarding data privacy and technology.
Secure your website now: Let's Encrypt enters Public Beta
Let's Encrypt allows anyone to request a free website security certificate without needing an invitation.
Michigan Researchers Win the 2016 Applied Networking Research Prize
In their paper, the researchers present the first report on global adoption rates of SMTP email security extensions.
Computer Scientists Win Best Paper Award at ACM Conference on CCS for Exposing the Vulnerabilities of the Diffie-Hellman Key Exchange
Diffie-Hellman is a popular algorithm used for encrypted communications, including emails VPNs, HTTPS, and other protocols where a client and server negotiate a shared secret key for communication
J. Alex Halderman and Collaborators Receive NSF Cybersecurity Award to Develop Rapid-Response Architecture
This project strives to positively impact the availability and reliability of the Internet and provide the security community with tools, platforms, and comprehensive vulnerability measurement data.
Virta Labs Introduces PowerGuard™
Virta Laboratories was co-founded in part by Prof. Kevin Fu and former CSE postdoctoral researcher Denis Foo Kune.
Security Flaw in New South Wales Puts Thousands of Online Votes at Risk
Securing Internet voting requires solving some of the hardest problems in computer security, and even the smallest mistakes can undermine the integrity of the election result.
Computer science researchers aim to securely encrypt every website
A project is underway which will offer a free, automated, and easy process for converting webservers from HTTP to HTTPS that is implemented with a single command.
Computer Scientists Win Best Paper Award at 2014 ACM Internet Measurement Conference
The research team performed a comprehensive, measurement-based analysis of the impact of the recent Heartbleed vulnerability.
Yelin Kim wins Best Student Paper Award at ACM Multimedia 2014 for research in facial emotion recognition
She computationally measures, represents, and analyzes human behavior data to illuminate fundamental human behavior and emotion perception, and develop natural human-machine interfaces.
Researchers identify security risks in Estonia's online voting system
Iranian internet censorship system profiled for first time
Michael Bailey receives Research Faculty Recognition Award from OVPRHis research is focused on the security and availability of complex distributed systems.
Computer scientists win Best Paper Award at 21st USENIX Security Symposium
Halderman's "Securing Digital Democracy" opens on Coursera
Computer scientists named runners up for PET Award
Duo of CSE Alums Form and Grow Security Company in Ann Arbor
Serial entrepreneur Dug Song (CS BS 1997) and recent alum Jon Oberheide (CSE PhD 2011) founded security firm Duo Security in early 2010 and have rapidly grown their company to serve over 500 customers in 40+ countries around the world.