Motivational Aspects and Privacy Concerns on Wearables in the German Running Community

Today I am proud to announce that another paper of my former colleagues from Heilbronn University and me was published in one of the journals with the highest impact factor for Medical Informatics research called JMIR mHealth and uHealth. There is a reason why we published in this journal besides its informatics focus. The journal is an open access journal. That means that readers are not charged on a pay-per-view basis or other business models to access the full text of the paper. In return, the authors need to pay publication fees. In my opinion restricting access to academic research is not a way to go. I think this isn’t a thing we see in the security community often anyway. But this is and was the standard in academia for years.

Continue reading “Motivational Aspects and Privacy Concerns on Wearables in the German Running Community”

Continue reading

Introduction & CCS’16 – Day 1 – 24th October 2016

 I am Andrei Costin (at http://firmware.re project), and this is the first post from a series of guest postings courtesy of ERNW.

Between 24th and 28th October, I had the pleasure and the great opportunity to attend ACM CCS 2016 in Vienna, Austria, where I also presented at the TrustED’16 workshop my paper titled “Security of CCTV and Video Surveillance Systems: Threats, Vulnerabilities, Attacks, and Mitigations”.

My attendance throughout the entire ACM CCS 2016 week and my presentation at TrustED was possible thanks to generous support from Enno Rey and ERNW, and I thank them again for this opportunity!

 In these guest postings I am going to summarize the talks I have attended, and will try to make you interested in exploring more on each of the mentioned papers. Continue reading “Introduction & CCS’16 – Day 1 – 24th October 2016”

Continue reading

Scal(e)ing down Privacy

As you might know we are continuously doing research on medical devices. I presented some of the new results at Power of Community 2014 last week and we thought we would share some of the details with you here. The focus of the previous work was testing medical devices that are used in hospitals like patient monitors, syringe pumps or even MRIs. This time we looked at a device that every user can use at home and which is available to anyone on the market: A smart scale.

The scale implements some basic features as you might have guessed, that is measuring your weight. In this case there are a lot more additional features that you can use, e.g. measuring the air quality, the room temperature, your heart rate and your fat mass. The latter makes testing this device quite hard, because somebody has to step on it and the results were not funny at all and will be kept secret! 😉

Continue reading “Scal(e)ing down Privacy”

Continue reading

Ganz Gallien?

“Nein! Ein von unbeugsamen Galliern bevölkertes Dorf hört nicht auf, dem Eindringling Widerstand zu leisten.”

This is a famous quote pretty much every German kid used to know. Not sure if this still applies though, my three haven’t touched Asterix comics so far. Anyhow, you might ask why I cite this.

Simple answer: see this recent article from the Guardian on a Utah-based ISP “resisting some pressure”. That’s the spirit…

Have a great Sunday everybody,


Continue reading

Impressions from the Google I/O Con

From 15th – 17th of May, the sixth Google I/O conference took place in San Francisco, California and I was one of the lucky guys attending. More then 5500 people, primarily web, mobile, and enterprise developers, attended this annual event. A lot of presentations included announcements of new and exciting technologies, APIs as well as of two new devices.

During the first minutes of the keynote some of Google’s managers announced that by now over 900 million Android devices are activated and that 48 billion apps are installed, which demonstrates that this market is still heavily growing. As the major part of the audience were (app-) developers, these numbers were received quite greatfully and euphoric.

Some of the presentations announced new services as well as new features and designs for existing services like:

  • Google Play Music All Access, which makes it possible to stream music legally for a monthly fee (comparable to spotify).
  • Underwater Streetview, where Google tries to capture all coral reefs worldwide in order to enable virtual diving.
  • The new user interface and features of Google+, which make it easier to use the social network while providing more functionalities (e.g. automated sorting and quality assurance of uploaded holiday pictures).
  • Google Maps, which now provides more intelligent localization features for target locations of users as well as clouds hovering over the world in realtime.
  • “Sign in with G+” which is a OAuth2 based Single Sign-On that can be used to replace all kind of web authentication mechanisms.

Of course, quite some talks dealt with the privacy critic project Google Glass, that had been introduced at last years I/O. From a technical point of view Google Glass is an interesting project not only due to its new “in-eye-projection” technology. Also the voice interface allows to easily control the device. By saying “OK Glass, take a picture” the user’s actual view is captured and directly uploaded – of course to Google servers. In addition, the integrated navigation system is an interesting feature which enables augmented navigation by means of semitransparent arrows being displayed directly in the users’ field of view. However, there is the other side of the coin: privacy. All data that is captured by the device is processed by Google’s servers. The fact, that one of the responsible Google managers answered the question, in which way Google handles the captured and GPS data, with “in the same way as Google handles all the other data that is collected by our other services”, does not calm at that point. It rather states that when considering Lawful Interception as it exists in almost all countries (and in particular in the USA), Google Glass can turn into a surveillance instrument par excellence. Of course this does not only imply an impact for owners of Google Glass but also for all other people being faced by people wearing Googles new toy. In fact, there is a tiny LED shining while the device is taking a video. However, this can easily be manipulated (e.g. with a sticker) and it is questionable if visibility of this LED is in appropriate proportion to the resolution of the integrated camera. In other words, it is possible to be filmed and photographed while walking in the streets without even being able to notice it. Since Glass is not publicly available so far we have some time left to think about how to deal with this…


All in all Google I/O was a very impressive and informative event. In some kind I felt amazed like a child when I saw all these crazy Android figures hanging around and being surrounded by remotely controlled zeppelins flying through the building.

Have a good weekend

P.S.: All talks can be reviewd here.

Continue reading