May 17, 2020

FluPhone app could track epidemics

cell phones
2 min
FluPhone app developed
Researchers from the University of Cambridge Computer Laboratory have been working on the FluPhone app in the hope that it will be able to monitor how...

Researchers from the University of Cambridge Computer Laboratory have been working on the FluPhone app in the hope that it will be able to monitor how diseases like flu are spread.

The app uses Bluetooth technology to ‘talk’ to other phones fitted with the FluPhone app and it monitors the number of people that an infected person comes into contact with.

When the mobile phones come into close contact with each other the data is recorded and sent back to researchers.

To read the latest edition of Exec Digital, click here
Study shows our brains can take ‘naps’

Warnings over alcohol risk

Ibuprofen, aspirin and paracetamol stop Prozac working

“The application in the mobile phone monitors influenza-like symptoms by prompting questions for the mobile phone owner.

It also captures physical proximity information between individuals by recording other devices nearby via Bluetooth communication,” explained Dr Yoneki, a principal investigator of the study.

The team behind the study said that they believe that the data collected could be used to simulate social interaction during an epidemic which would then make it possible to monitor the spread of an epidemic.

Cambridge University is one of seven institutions working on developing the app, and a three month pilot study of FluPhone was carried out in Cambridge last year which coincided with an outbreak of swine flu.

Dr Yoneki said: “The data was a valuable insight into how human communities are formed, how much time people spend together, and how frequently they meet.”

“Such data shows complex network-like structures, which is very useful for understanding the spread of disease.”

Traditionally, epidemiologists monitor the spread of disease by asking patients to keep a diary of all their social interactions.

“That's very heavy-going and people often forget to do it, or forget who they've met," Professor Crowcroft, another principal investigator of the study said.

He said that the FluPhone app was a more reliable way to trace contact between infectious subjects now that the mobile phone market is dominated by Blackberry smartphones and iPhones.

“There are more cell phones than people and in most urban areas network coverage is close to 100%, hence we can get very accurate measurement and sampling of the population,” Crowcroft added.

The study also highlighted how the FluPhone app can provide data that would be otherwise unavailable: “In this particular outbreak it’s now known that some people carried the disease yet were asymptomatic."

"Our system is capable of identifying these asymptomatic ‘superspreaders’ because they show up by virtue of the contacts who develop the disease,” explained Crowcroft.

Share article

Jun 17, 2021

Peloton vulnerable to cyber attacks, McAfee research finds

2 min
​​​​​​​Software security experts McAfee discovered exercise bikes by Peloton are vulnerable to cyber attacks, which the company have since resolved 

Peloton, the popular exercise bikes, were found to be vulnerable to cyber attacks in the latest research from McAfee. 

Peloton is a brand of electric bikes that combines high end exercise equipment with cutting-edge technology. Its products use wi fi to connect to a large tablet that interfaces with the components of the exercise device, and provides an easy way for physical activity enthusiasts to attend virtual workout classes over the internet several times a week.

Peloton has garnered attention recently around the privacy and security of its products. So McAfee decided to take a look for themselves and purchased a Peloton Bike+.

The problem

Researchers looked at the Android devices and uncovered a vulnerability  that could allow an attacker with either physical access to the Bike+ or access during any point in the supply chain to gain to hack into the bike’s tablet, including the camera, microphone and personal data. 

For the person using it there would be no indication the Bike+ has been tampered with, potentially putting Peloton’s 16.7 million users at risk.  

The flaw was found in the Android Verified Boot (AVB) process. McAfee researchers were able to bypass the Android Verified Boot process, which normally verifies all code and data before booting. They were then able to get the device to boot bypassing this step. 

This could potentially lead to the Android OS being compromised by an attacker who is physically present. Even worse, the attacker could boot up the Peloton with a modified credential to gain privileges, granting them access to the bike remotely. 

As the attacker never has to unlock the device to boot it up, there would be no trace of their access on the device. This type of attack could also happen at any point from construction to warehouse to delivery, by installing a backdoor into the Android tablet without the user ever knowing. 

The solution

Given the simplicity and criticality of the flaw, McAfee informed Peloton while auditing was ongoing. The vendor was sent full details,  and shortly after, Peloton confirmed the issue and released a fix for it. 

Further conversations between McAfee and  Peloton confirmed that this vulnerability had also been present on the Peloton Tread exercise equipment. 

Peloton’s Head of Global Information Security Adrian Stone, commented on the research: “This vulnerability reported by McAfee would require direct, physical access to a Peloton Bike+ or Tread. Like with any connected device in the home, if an attacker is able to gain physical access to it, additional physical controls and safeguards become increasingly important.

"To keep our members safe, we acted quickly and in coordination with McAfee. We pushed a mandatory update in early June and every device with the update installed is protected from this issue.”

Share article