MIT security breakthrough may prevent mobile hacks

As healthcare security pundits increasingly warn of rampant security threats associated with mobile phones, tablets and other devices, researchers at MIT may have found a solution to at least one major risk.

Researchers recently discovered a way to prevent "man-in-the-middle" hackers from accessing secure communications on smartphones, tablets and wireless medical devices, according to a report in MIT news this week. It's an important breakthrough for mobile security in healthcare because man-in-the-middle attacks can target any connected devices, including phones, laptops, tablets, wireless headsets, or any type of medical devices that transmits wirelessly, explains MobileHealthLive.

The primary vulnerability for man-in-the-middle attacks is the moment when two wireless devices swap cryptographic keys. A hacker attempts to insert his own key, so that one of the devices will assume he is the other device, and allow him to intercept the transmissions between the devices, MIT news reports.

What MIT researchers have demonstrated is a way to 1) detect when a hacker is attempting to block one of the devices, and 2) create an automatic alternate connection for the devices through a "substitute" key that will also block the hacker's false key.

The substitute key is a set of numbers that is received by the connected device as bursts of sound and silence. As the hacker attempts to send his own key, it won't match exactly, and during the silences of the substitute key, the receiving device will "hear" the bursts from the hacker's key. The result: The receiving device will be alerted to the attempted breach, MIT news explains.

It's a simple, but rather elegant solution that focuses on protecting the signal itself, rather than the message being communicated. "Other people have been focusing on protecting against man-in-the-middle attacks and just assumed that an adversary would be able to tamper with messages," Tadayoshi Kohno, an assistant professor of computer science and engineering at the University of Washington tells MIT news. Instead, the MIT researchers "look under the hood and say, 'Wait, if we actually know how wireless works,we can construct a system so that an adversary couldn't tamper with messages to begin with.'"

To learn more:
- read the MIT news story
- check out MobileHealthLive's coverage