Security and Privacy

The proposal provides a chip-level safeguard against sensitive data being transmitted after it’s accessed.

A Q&A with J. Alex Halderman, who co-founded the nonprofit organization.

The nation is using inexpensive commodity equipment to block 170K domains on more than 1K privately-owned ISPs.

The newly discovered microphone vulnerability allows attackers to remotely inject inaudible and invisible commands into voice assistants using light.

The new system is designed to save security researchers time and effort spent reverse-engineering the message format of every vehicle they study.

Technology pioneered by Michigan researchers can circumvent many effective website blocking tools

The researchers demonstrated that an adversary could remotely manipulate the temperature sensor measurements without tampering with the targeted system or triggering automatic temperature alarms.

The research generated a chatbot to help users sift through important details in privacy policies.

The research suggests that common blacklist-based prevention systems are ineffective.

The meeting began the commission’s review and assessment of election security in Michigan.

The effort seeks to protect the integrity of every vote.

In congressional testimony, professor urges $370M in federal funding to replace outdated machines.

McDonald works to develop better privacy and security tools for marginalized communities

Censored Planet could provide new insight into the flow of online information

A team of researchers unearthed new data on geographic denial of access to web content in a new paper.

A new special topics course on election cybersecurity gives students an examination of the past, present, and future of US elections.

“The work is an important step towards understanding how to make tradeoffs between usability and security.”

Patches can provide protection.

When it comes to their smartphones, immigrants struggle to apply instinctive caution, according to a study by a team of University of Michigan researchers.

A large quantum computer could retroactively decrypt almost all internet communication ever recorded.

U-M profs weigh new business model, European-style regulation

Professor Alex Halderman and the New York Times staged a mock election to demonstrate voting machine vulnerability.

The vulnerability allows an attacker to manipulate a new intelligent traffic control algorithm and cause severe traffic jams.

In this video, CSE PhD Student Matt Bernhard weighs in on the matter Facebook data harvesting, such as that done by Cambridge Analytica.

What happened to people inside the U.S. Embassy in Havana?

‘We’ve demonstrated a scenario in which the harm might have been unintentional.’

Automated chatbot uses artificial intelligence to weed through fine print

A long-standing tenet of the internet was overturned today.

How much can your cellphone reveal about where you go?

Their paper introduces a new programming language and tool called Vale that supports flexible, automated verification of high-performance assembly code.

His remarks focused on vulnerabilities in the US voting system and a policy agenda for securing the system against the threat of hacking.

‘Open port’ backdoors are common.

Michigan Engineering researchers discuss and demonstrate the sound-based attacks they leveled at the accelerometers found in everyday electronics.

Michigan Engineering professor Kevin Fu spoke in front of congress on Nov. 16, 2016.

DROWN allows attackers to break encryption used to protect HTTPS websites and read or steal sensitive communications.

In order to bring HTTPS to everyone, Prof. Halderman joined forces in 2012 with colleagues at Mozilla and the Electronic Frontier Foundation to found Let’s Encrypt, a non-profit certificate authority with the mission of making the switch to HTTPS vastly easier.

One of the paper describes and demonstrates a malicious hardware backdoor. The other demonstrated security failings in a commercial smart home platform.

New security ramifications exist when laptops and smartphones configured for enterprise systems are used outside the enterprise in the realm of the wider web.