https://engineering.wustl.edu/news/Pages/McKelvey-Engineering-students-alumna-win-NSF-Graduate-Research-Fellowships.aspx1278McKelvey Engineering students, alumna win NSF Graduate Research Fellowships<img alt="" src="/news/PublishingImages/feb2020-east-end.jpg?RenditionID=1" style="BORDER:0px solid;" /><div id="__publishingReusableFragmentIdSection"><a href="/ReusableContent/36_.000">a</a></div><p>Several McKelvey School of Engineering students have been offered the highly competitive National Science Foundation Graduate Research Fellowship.</p><p>The program recognizes and supports outstanding graduate students in NSF-supported science, technology, engineering and mathematics disciplines who are pursuing research-based master's and doctoral degrees at accredited U.S. institutions. The fellowship includes a three-year annual stipend of $34,000 along with a $12,000 cost of education allowance for tuition and fees, opportunities for international research and professional development, and the opportunity to conduct their own research.</p><p>In 2020, NSF made more than 2,000 fellowship offers to applicants. More than 1,700 applicants received honorable mentions, which is considered a significant academic achievement.</p><h4>The new fellows from McKelvey Engineering include:</h4><ul style="list-style-type: disc;"><li>Anna Marie Powell Eddelbuettel, who will earn a bachelor's degree in biomedical engineering in May and will pursue graduate study at Princeton University;</li><li>Jacob Graham, who will earn a bachelor's degree in mechanical engineering in May and will pursue graduate study in mechanical engineering;<br/></li><li>Nicholas Matteucci, who will earn a bachelor's degree in chemical engineering in May and will pursue graduate study in chemical engineering;<br/></li><li> Alumna Sydney Katz, who earned bachelor's degrees in electrical engineering and in applied science from Engineering in 2018, is pursuing graduate study in aeronautical and aerospace engineering at Stanford University.<br/></li></ul><h4>Fellows who are studying at McKelvey Engineering include:</h4><ul style="list-style-type: disc;"><li>Elisabeth Anna Jones, who earned a bachelor's degree from SUNY College at Geneseo and is a doctoral student in systems science & mathematics at WashU;</li><li>Xiaohong Tan, who earned a bachelor's degree from Purdue University and is a doctoral student in biomedical engineering at WashU;</li><li>Hannah Maria Zmuda, who earned a bachelor's degree from Washington State University and is a doctoral student in biomedical engineering at WashU;</li></ul><h4>Those receiving honorable mentions include:<br/></h4><ul style="list-style-type: disc;"><li>Patrick Ryan Naughton, who will earn a bachelor's degree in electrical engineering and computer science from McKelvey Engineering in May, who will pursue robotics and computer vision;</li><li>Erin Newcomer, who earned a bachelor's degree from the University of Missouri, is a doctoral student in biomedical engineering at WashU;</li></ul><ul style="list-style-type: disc;"><li>Elizabeth Anne Sivriver, who will earn a degree in computer science and mathematics from Arts & Sciences in May and will pursue graduate study in the human-computer interface.</li></ul><p> </p><SPAN ID="__publishingReusableFragment"></SPAN><br/>Beth Miller 2020-04-02T05:00:00ZMcKelvey Engineering students and alumni win NSF Graduate Research Fellowships.
https://engineering.wustl.edu/news/Pages/Ultrasonic-Waves-Can-Make-Siri-Share-Your-Secrets.aspx1265In the media: Ultrasonic Waves Can Make Siri Share Your Secrets<img alt="" src="/news/PublishingImages/Vice%20Ning%20Zhang%20mention.jpg?RenditionID=1" style="BORDER:0px solid;" /><p>​Researchers at the Washington University in St. Louis have discovered a new method of attacking mobile devices via inaudible voice assistant commands, using a novel method that’s effective from up to 30 feet away. While the attack requires such a specific environment that we’re unlikely to see it used much in the wild, it nevertheless represents a previously unknown vulnerability that affects virtually all mobile devices, including all iPhones running Siri and a plethora of Android devices running Google Assistant.<br/></p><p>The research team presented its <a href="https://surfingattack.github.io/papers/NDSS-surfingattack.pdf">full report</a> on the vulnerability at the Network and Distributed System Security Symposium on February 24, and has subsequently <a href="https://source.wustl.edu/2020/02/surfing-attack-hacks-siri-google-with-ultrasonic-waves/">published a summary</a> on the university website. The gist of the main finding is that these voice assistant programs listen to a frequency far wider than the human voice is capable of producing, and thus can be fed ultrasonic waves that will be interpreted as voice commands while remaining completely inaudible to the human ear.<br/></p>As part of their study, the researchers set up a variety of scenarios in which this attack method could be used to steal information from the target device. All versions of the attack shared a common premise and required the same laundry list of specialized tools: a piece of software that can produce the right waveforms, an ultrasonic generator to output the signal, a piezoelectric transducer (a device that turns an electrical signal into physical vibrations), and a hidden microphone to listen for the voice assistant’s response.<div><br/>The most obviously compromising version of the attack involves using these inaudible queries to ask the voice assistant to set the phone’s volume to a very low level, then read aloud the contents of a text message containing a two-factor authentication code. In theory, this could be done in a way that leaves the phone’s owner completely unaware of the attack, as the voice assistant reads the text at a volume that gets lost in the background noise of an office or public space but can nonetheless be picked up by the hidden microphone.</div><div><br/></div><div>In order to perform the attack at an inconspicuous distance, the researchers conducted the ultrasonic signal through a hard surface upon which the target device was placed. They found that the process worked through up to thirty feet of metal, glass or wood, but softer materials such as a tablecloth foiled the attack by not conducting the signal with a sufficient degree of fidelity.</div><div><br/>The idea of an attacker being able to sit down 30 feet away from you and read all your text messages sounds quite terrifying, but it’s important to keep in mind the improbability of becoming the victim of an attack like this in the real world. As mentioned above, the attack requires some fairly specialized equipment, some of which is fairly odd-looking and cumbersome, rendering it hard to deploy in a public space without attracting suspicion. Furthermore, it requires a very particular physical arrangement wherein the target device is out of line of sight from the attacker while still being coupled to a hard surface upon which the attacker can deploy the required gadgetry.</div><div><br/>“I don't think we will see such an attack a lot in common places, but probably used for a more targeted attack,” says assistant professor Ning Zhang, who led the research team. He also warned that while the hardware they use in their demonstration is unwieldy, there are alternatives; “The signal generator can be expensive and bulky, but you can design your own hardware to generate certain signals ... depending on how DIY you want to do. A cell phone will also do, if bulkyness is the main problem.”<br/></div><div><br/></div><div>Of course, a particularly paranoid user can foil this method of attack by simply keeping their phone in their pocket instead of leaving it on the table next to them. As with many of these exciting-sounding methods of cyberattack, this is technically possible to pull off in the wild, but unlikely to appear outside the world of serious espionage and/or spy movies any time soon.<br/></div><div><div class="cstm-section"><h3>Ning Zhang<br/></h3><div style="text-align: center;"> <strong> <a href="/Profiles/Pages/Ning-Zhang.aspx"> <img src="/Profiles/PublishingImages/Ning%20Zhang%202018.jpeg?RenditionID=3" alt="" style="margin: 5px;"/></a> <br/></strong></div><ul style="text-align: left;"><li>Assistant Professor<br/></li><li>Research: Professor Zhang's research focus is system security, which lies at the intersection of security, computer architecture and programming language<br/></li></ul><p style="text-align: center;"> <a href="/Profiles/Pages/Ning-Zhang.aspx">>> View Bio</a><br/></p></div></div>Mitch Bowman, VICEhttps://www.vice.com/en_us/article/bvg5dv/ultrasonic-waves-can-make-siri-share-your-secrets2020-03-03T06:00:00ZVoice assistant programs listen to a frequency far wider than the human voice is capable of producing, and thus can be fed ultrasonic waves that will be interpreted as voice commands.<p>​<span style="font-size: 1.05em;">Voice assistant programs listen to a frequency far wider than the human voice is capable of producing, and thus can be fed ultrasonic waves that will be interpreted as voice commands.</span></p>
https://engineering.wustl.edu/news/Pages/Fail-Better-Andrew-Bass.aspx1263Fail Better: Andrew Bass<div class="youtube-wrap"><div class="iframe-container"> <iframe width="560" height="315" src="https://www.youtube.com/embed/70B43zU5_5U" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture"></iframe>   </div> </div><span rtenodeid="3" style="box-sizing: inherit; font-style: italic; caret-color: #3c3d3d; color: #3c3d3d; font-family: "source sans pro", "helvetica neue", helvetica, arial, sans-serif; font-size: 19.200000762939453px;"><sub>(Video by Tom Malkowicz/Washington University)</sub></span><br/><img alt="" src="/news/PublishingImages/Fail%20Better%20Andrew%20Bass.png?RenditionID=1" style="BORDER:0px solid;" /><p>Develop an open-source nuclear detection system.</p><p>That was the charge from the U.S. Department of Defense to members of its new internship program, the <a href="https://www.nsin.us/x-force/">X-Force Fellowship</a>.</p><p>Washington University in St. Louis sophomore Andrew Bass, to his surprise, had been selected to serve in the pilot cohort and arrived at Cape Canaveral in Florida for the three-month program convinced he would fail.</p><p>“They wanted a detection system that could fit in a briefcase, like what you would see in the movies,” recalled Bass, who is studying computer science at the McKelvey School of Engineering and design at the Sam Fox School of Design & Visual Arts. “I was like, ‘What does that even mean? Why am I even here?’”<br/></p><p>For those first weeks, Bass felt lost. At night, Bass studied the concepts that his teammates — all recent college graduates or graduate students — had discussed during the day. Always a strong student, Bass soon discovered he also was his own best teacher.</p><p>But even more importantly, Bass realized he should worry less about what he did not know and focus more on what he did, which, in this case, was sensor technology.</p><p>“I was able to find my value by specializing in one area that I knew better than anyone else,” Bass said.</p><p>The federal agency’s National Security Innovation Network launched the X-Force Fellowship last year to see if students, in partnership with experienced military leaders, could bring fresh approaches to real-world problems. The answer was a definitive yes — and not just because Bass’ team, after several setbacks, developed a functional prototype.<br/></p><p>“We were proud of what we delivered, but the main priority was to see if we could come together and create new ideas,” Bass said. “I used to think that you go to college to learn and you bring all that you need to know to industry. Now I see that the underlying concepts behind innovative technologies and ideas are not yet known. Without an instruction manual, you have to learn to teach yourself and lean on each other.”<br/></p>Diane Toroian Keaggyhttps://source.wustl.edu/2020/02/fail-better-andrew-bass/2020-02-28T06:00:00ZComputer science and design student suffered from impostor syndrome until he found his niche<p>​Computer science and design student suffered from impostor syndrome until he found his niche<br/></p>y
https://engineering.wustl.edu/news/Pages/Surfing-attack-hacks-Siri-Google-with-ultrasonic-waves.aspx1261‘Surfing attack’ hacks Siri, Google with ultrasonic waves<div class="youtube-wrap"><div class="iframe-container"> <iframe width="560" height="315" src="https://www.youtube.com/embed/pQw2zRAqVnI" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture"></iframe>    <br/></div></div><img alt="" src="/Profiles/PublishingImages/Ning%20Zhang%202018.jpeg?RenditionID=1" style="BORDER:0px solid;" /><div id="__publishingReusableFragmentIdSection"><a href="/ReusableContent/36_.000">a</a></div><p>Ultrasonic waves don’t make a sound, but they can still activate Siri on your cellphone and have it make calls, take images or read the contents of a text to a stranger. All without the phone owner’s knowledge.</p><p>Attacks on cell phones aren’t new, and researchers have previously shown that ultrasonic waves can be used to deliver a single command through the air.</p><p>However, new research from Washington University in St. Louis expands the scope of vulnerability that ultrasonic waves pose to cellphone security. These waves, the researchers found, can propagate through many solid surfaces to activate voice recognition systems and — with the addition of some cheap hardware — the person initiating the attack can also hear the phone’s response.</p><p>The <a href="https://surfingattack.github.io/papers/NDSS-surfingattack.pdf">results were presented Feb. 24</a> at the Network and Distributed System Security Symposium in San Diego.</p><p>“We want to raise awareness of such a threat,” said <a href="/Profiles/Pages/Ning-Zhang.aspx">Ning Zhang</a>, assistant professor of computer science and engineering at the McKelvey School of Engineering. “I want everybody in the public to know this.”<br/></p><p>Zhang and his co-authors were able to send “voice” commands to cellphones as they sat inconspicuously on a table, next to the owner. With the addition of a stealthily placed microphone, the researchers were able to communicate back and forth with the phone, ultimately controlling it from afar.</p><p>Ultrasonic waves are sound waves in a frequency that is higher than humans can hear. Cellphone microphones, however, can and do record these higher frequencies. “If you know how to play with the signals, you can get the phone such that when it interprets the incoming sound waves, it will think that you are saying a command,” Zhang said.</p><p>To test the ability of ultrasonic waves to transmit these “commands” through solid surfaces, the research team set up a host of experiments that included a phone on a table.</p><p>Attached to the bottom of the table was a microphone and a piezoelectric transducer (PZT), which is used to convert electricity into ultrasonic waves. On the other side of the table from the phone, ostensibly hidden from the phone’s user, is a waveform generator to generate the correct signals.</p><p>The team ran two tests, one to retrieve an SMS (text) passcode and another to make a fraudulent call. The first test relied on the common virtual assistant command “read my messages” and on the use of two-factor authentication, in which a passcode is sent to a user’s phone — from a bank, for instance — to verify the user’s identity.</p><p>The attacker first told the virtual assistant to turn the volume down to Level 3. At this volume, the victim did not notice their phone’s responses in an office setting with a moderate noise level.</p><p>Then, when a simulated message from a bank arrived, the attack device sent the “read my messages” command to the phone. The response was audible to the microphone under the table, but not to the victim.</p><p>In the second test, the attack device sent the message “call Sam with speakerphone,” initiating a call. Using the microphone under the table, the attacker was able to carry on a conversation with “Sam.”</p><p>The team tested <a href="https://surfingattack.github.io/">17 different phone models,</a> including popular iPhones, Galaxy and Moto models. All but two were vulnerable to ultrasonic wave attacks.</p><h4>Ultrasonic waves made it through metal, glass and wood</h4><p>They also tested different table surfaces and phone configurations.</p><p>“We did it on metal. We did it on glass. We did it on wood,” Zhang said. They tried placing the phone in different positions, changing the orientation of the microphone. They placed objects on the table in an attempt to dampen the strength of the waves. “It still worked,” he said. Even at distances as far as 30 feet.</p><p>Ultrasonic wave attacks also worked on plastic tables, but not as reliably.</p><p>Phone cases only slightly affected the attack success rates. Placing water on the table, potentially to absorb the waves, had no effect. Moreover, an attack wave could simultaneously affect more than one phone.</p><p>The research team also included researchers from Michigan State University, the University of Nebraska-Lincoln and the Chinese Academy of Sciences.</p><p>Zhang said the success of the “surfing attack,” as it’s called in the paper, highlights the less-often discussed link between the cyber and the physical. Often, media outlets report on ways in which our devices are affecting the world we live in: Are our cellphones ruining our eyesight? Do headphones or earbuds damage our ears? Who is to blame if a self-driving car causes an accident?</p><p>“I feel like not enough attention is being given to the physics of our computing systems,” he said. “This is going to be one of the keys in understanding attacks that propagate between these two worlds.”</p><p>The team suggested some defense mechanisms that could protect against such an attack. One idea would be the development of phone software that analyzes the received signal to discriminate between ultrasonic waves and genuine human voices, Zhang said. Changing the layout of mobile phones, such as the placement of the microphone, to dampen or suppress ultrasound waves could also stop a surfing attack.</p><p>But Zhang said there’s a simple way to keep a phone out of harm’s way of ultrasonic waves: the interlayer-based defense, which uses a soft, woven fabric to increase the “impedance mismatch.”</p><p>In other words, put the phone on a tablecloth.<br/></p><SPAN ID="__publishingReusableFragment"></SPAN><p><br/></p><div><div class="cstm-section"><h3>Ning Zhang<br/></h3><div style="text-align: center;"> <strong> <a href="/Profiles/Pages/Ning-Zhang.aspx"> <img src="/Profiles/PublishingImages/Ning%20Zhang%202018.jpeg?RenditionID=3" alt="" style="margin: 5px;"/></a> <br/></strong></div><ul style="text-align: left;"><li>Assistant Professor<br/></li><li>Research: Professor Zhang's research focus is system security, which lies at the intersection of security, computer architecture and programming language<br/></li></ul><p style="text-align: center;"> <a href="/Profiles/Pages/Ning-Zhang.aspx">>> View Bio</a><br/></p></div></div><div class="cstm-section"><h3>Media Coverage<br/></h3><div> <strong>Wevolver: </strong> <a href="https://www.wevolver.com/article/surfing.attack.hacks.siri.google.with.ultrasonic.waves">'Surfing Attack' Hacks Siri, Google With Ultrasonic Waves</a><br/><br/><strong>VICE: </strong> <a href="https://www.vice.com/en_us/article/bvg5dv/ultrasonic-waves-can-make-siri-share-your-secrets">Ultrasonic Waves Can Make Siri Share Your Secrets</a></div><div> <br/> <strong>Popular Mechanics: </strong><a href="https://www.popularmechanics.com/technology/security/a31228645/vibration-smartphone-attack/">The Sinister, Silent Way Hackers Can Talk to Siri and Steal Your Data</a><br/></div><div> <br/> <strong>Tech Explorist: </strong><a href="https://www.techexplorist.com/alert-siri-google-assistant-hacked-ultrasonic-waves/30993/">Alert! Your Siri and Google assistant can be hacked with Ultrasonic Waves</a><br/></div></div>Brandie Jeffersonhttps://source.wustl.edu/2020/02/surfing-attack-hacks-siri-google-with-ultrasonic-waves/2020-02-27T06:00:00ZResearchers use ultrasound waves vibrating through tables to access cellphones.<p>​Researchers use ultrasound waves vibrating through tables to access cellphones<br/></p>y
https://engineering.wustl.edu/news/Pages/Alls-fair-in-artificial-intelligence.aspx1252All’s fair in artificial intelligence?<img alt="" src="/news/PublishingImages/iStock-856080954.jpg?RenditionID=2" style="BORDER:0px solid;" /><div id="__publishingReusableFragmentIdSection"><a href="/ReusableContent/36_.000">a</a></div><p>Artificial intelligence is often used to automate decision-making, thereby speeding up the process and removing human bias. The humans who write the algorithms want the outcomes of those decisions to be fair for all involved, but how does one teach an algorithm what is fair and what is not?</p><p>A team of computer scientists from the Department of Computer Science & Engineering in the McKelvey School of Engineering at Washington University in St. Louis is working with researchers from the Brown School and the School of Law to develop a framework for algorithms that can make decisions with fair outcomes. The game-theory based framework, to be called FairGame, will include an auditor that can determine potential fairness violations.</p><p>"The ultimate goal is to make sure that whatever algorithms we design make decisions that are fair according to some specified criteria when these decisions are consequential for individuals," said Yevgeniy Vorobeychik, associate professor of computer science & engineering and principal investigator in the project, which is funded by a three-year, $444,145 grant from the National Science Foundation.</p><p>To do this, the researchers must first assess whether something is fair.</p><p>"We want to be as agnostic as possible to how we know our policymakers would define fairness in the particular situation and want to make sure that the algorithm is fair with respect to those criteria," Vorobeychik said. "Second, we want to use this generic approach for verifying or certifying fairness. If you design an algorithm, you have to account for the fact that someone is going to see if there are any issues with the way you're making decisions in terms of being unfair to people and ensuring that your decisions don't inadvertently discriminate against individuals or groups."</p><p>Sanmay Das, another investigator on the project, said the framework will help to analyze the properties of, or to develop a good solution to, the problem under different possible notions of fairness.</p><p>"Suppose you have a procedure for allocating resources for making decisions, and separately, some notion of equity or fairness that can be specified by society or by legal considerations," Das said. "We have to think about the interactions of the goals of the decision-maker and the constraints imposed by the equity considerations when we're thinking about developing a framework that allows us to end up with solutions that can satisfy both.</p><p>"My hope is that we can do this in general for decision procedures that will operate across different domains and may have to satisfy different fairness metrics," Das said.</p><p>Vorobeychik and Das, along with Roman Garnett, Chien-Ju Ho, and Brendan Juba, all assistant professors in the Department of Computer Science, will work with Patrick Fowler, associate professor in the Brown School, and Pauline Kim, the Daniel Noyes Kirby Professor of Law, in the School of Law to ensure that the framework abides by moral, ethical and legal constraints.</p><p>In addition to developing the framework, the team plans to develop new courses and course modules; take a lead role in the Division of Computational & Data Sciences doctoral program; seek to inform policymakers and regulators about computational approaches ensuring fairness; and work to broaden participation in computing through partnerships and summer research opportunities for students.<br/></p> <SPAN ID="__publishingReusableFragment"></SPAN><br/>Beth Miller 2020-02-18T06:00:00ZA team of faculty from computer science & engineering, social work and law will investigate fairness in decision-making by artificial intelligence.

VIEW ALL CSE NEWS