Statement to the U.S House Energy and Commerce Committee, Joint hearing on Understanding the Role of Connected Devices in Recent Cyber Attacks, Wednesday, November 16, 2016.
Publications
Postmarket Management of Cybersecurity in Medical Devices
In response to FDA-2015-D-5105 clearance process for “Postmarket Management of Cybersecurity in Medical Devices,” April 21, 2016
Ghost Talk: Mitigating EMI Signal Injection Attacks Against Analog Sensors
In Proceedings of the 34th Annual IEEE Symposium on Security and Privacy (Oakland), May 2013.
Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance
PLoS ONE 7(7), July 2012.
Design Challenges for Secure Implantable Medical Devices
In Proceedings of the 49th Design Automation Conference (DAC), June 2012. Invited paper.
Recent Results in Computer Security for Medical Devices
In International ICST Conference on Wireless Mobile Communication and Healthcare (MobiHealth), Special Session on Advances in Wireless Implanted Devices, October 2011.
They Can Hear Your Heartbeats: Non-Invasive Security for Implanted Medical Devices
In Proceedings of ACM SIGCOMM, August 2011.
Software Issues for the Medical Device Approval Process
Statement to the Special Committee on Aging, United States Senate; Hearing on a delicate balance: FDA and the reform of the medical device approval process, Wednesday, April 13, 2011.
Take Two Software Updates and See Me in the Morning: The Case for Software Security Evaluations of Medical Devices
In Proceedings of 2nd USENIX Workshop on Health Security and Privacy (HealthSec), August 2011.
Trustworthy Medical Device Software
In Public Health Effectiveness of the FDA 510(k) Clearance Process: Measuring Postmarket Performance and Other Select Topics: Workshop Report, Washington, DC, IOM (Institute of Medicine), National Academies Press, 2011.
Patients, Pacemakers, and Implantable Defibrillators: Human values and security for wireless implantable medical devices
28th Conference on Human Factors in Computing Systems (CHI), April 2010.
Clinically Significant Magnetic Interference of Implanted Cardiac Devices by Portable Headphones
Heart Rhythm, October 2009.
Improving the Security and Privacy of Implantable Medical Devices
New England Journal of Medicine, April 2010.
Inside Risks, Reducing the Risks of Implantable Medical Devices: A Prescription to Improve Security and Privacy of Pervasive Healthcare
Communications of the ACM, 52(6):25–27, June 2009.
Privacy of Home Telemedicine: Encryption is Not Enough (poster)
Design of Medical Devices Conference, April 2009.
Absence Makes the Heart Grow Fonder: New Directions for Implantable Medical Device Security
USENIX Workshop on Hot Topics in Security (HotSec), July 2008.
Electromagnetic Interference (EMI) of Implanted Cardiac Devices by MP3 player Headphones
Circulation, 118(18 Supplement), November 2008 Abstract 662, 2008 American Heart Association Annual Scientific Sessions.
Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses
IEEE Symposium on Security and Privacy, May 2008.
Devices That Tell On You: Privacy Trends in Consumer Ubiquitous Computing
Proceedings of the USENIX Security Symposium, August 2007.
Secure Software Updates: Disappointments and New Challenges
Proceedings of USENIX Hot Topics in Security, July 2006.
