MagicPairing: Apple's Take on Securing Bluetooth Peripherals

Device pairing in large Internet of Things (IoT) deployments is a challenge for device manufacturers and users. Bluetooth offers a comparably smooth trust on first use pairing experience. Bluetooth, though, is well-known for security flaws in the pairing process. In this paper, we analyze how Apple improves the security of Bluetooth pairing while still maintaining its usability and specification compliance. The proprietary protocol that resides on top of Bluetooth is called MagicPairing. It enables the user to pair a device once with Apple's ecosystem and then seamlessly use it with all their other Apple devices. We analyze both, the security properties provided by this protocol, as well as its implementations. In general, MagicPairing could be adapted by other IoT vendors to improve Bluetooth security. Even though the overall protocol is well-designed, we identified multiple vulnerabilities within Apple's implementations with over-the-air and in-process fuzzing

The Opportunistic Transmission of Wireless Worms between Mobile Devices

The ubiquity of portable wireless-enabled computing and communications devices has stimulated the emergence of malicious codes (wireless worms) that are capable of spreading between spatially proximal devices. The potential exists for worms to be opportunistically transmitted between devices as they move around, so human mobility patterns will have an impact on epidemic spread. The scenario we address in this paper is proximity attacks from fleetingly in-contact wireless devices with short-range communication range, such as Bluetooth-enabled smart phones. An individual-based model of mobile devices is introduced and the effect of population characteristics and device behaviour on the outbreak dynamics is investigated. We show through extensive simulations that in the above scenario the resulting mass-action epidemic models remain applicable provided the contact rate is derived consistently from the underlying mobility model. The model gives useful analytical expressions against which more refined simulations of worm spread can be developed and tested.Comment: Submitted for publicatio

InternalBlue - Bluetooth Binary Patching and Experimentation Framework

Bluetooth is one of the most established technologies for short range digital wireless data transmission. With the advent of wearables and the Internet of Things (IoT), Bluetooth has again gained importance, which makes security research and protocol optimizations imperative. Surprisingly, there is a lack of openly available tools and experimental platforms to scrutinize Bluetooth. In particular, system aspects and close to hardware protocol layers are mostly uncovered. We reverse engineer multiple Broadcom Bluetooth chipsets that are widespread in off-the-shelf devices. Thus, we offer deep insights into the internal architecture of a popular commercial family of Bluetooth controllers used in smartphones, wearables, and IoT platforms. Reverse engineered functions can then be altered with our InternalBlue Python framework---outperforming evaluation kits, which are limited to documented and vendor-defined functions. The modified Bluetooth stack remains fully functional and high-performance. Hence, it provides a portable low-cost research platform. InternalBlue is a versatile framework and we demonstrate its abilities by implementing tests and demos for known Bluetooth vulnerabilities. Moreover, we discover a novel critical security issue affecting a large selection of Broadcom chipsets that allows executing code within the attacked Bluetooth firmware. We further show how to use our framework to fix bugs in chipsets out of vendor support and how to add new security features to Bluetooth firmware

Intergenerational correlations in size at birth and the contribution of environmental factors: The Uppsala Birth Cohort Multigenerational Study, Sweden, 1915-2002.

Sizes at birth of parents and their children are known to be correlated, reflecting in part the influence of fetal and maternal genes. Sociodemographic factors, regarded as aspects of the shared environment across generations, would also be expected to contribute, but evidence is limited. In the present study, the authors aimed to quantify the role of the shared environment in explaining intergenerational correlations in birth weight and length by using data across 3 consecutive generations from the Uppsala Birth Cohort Multigenerational Study in Uppsala, Sweden. That study included birth and sociodemographic data on 7,657 singletons born in Uppsala in 1915-1929 (generation 1) and their grandchildren (generation 3). Standard regression and biometric models were used to study the correlations in size at birth of generation 1-generation 3 pairs. The data showed stronger correlations in maternal pairs than in paternal pairs for birth weight (0.125 vs. 0.096, P = 0.02) but not for birth length (0.097 vs. 0.093, P = 0.77). These correlations were not reduced by adjustment for sociodemographic factors in regression models. In contrast, significant shared-environment contributions to the intergenerational correlations were identified in biometric models, averaging 14% for both birth measures. These models assumed a common latent factor for the sociodemographic variables. The present results show that the shared environment moderately but significantly contributes to intergenerational correlations

Worm Epidemics in Wireless Adhoc Networks

A dramatic increase in the number of computing devices with wireless communication capability has resulted in the emergence of a new class of computer worms which specifically target such devices. The most striking feature of these worms is that they do not require Internet connectivity for their propagation but can spread directly from device to device using a short-range radio communication technology, such as WiFi or Bluetooth. In this paper, we develop a new model for epidemic spreading of these worms and investigate their spreading in wireless ad hoc networks via extensive Monte Carlo simulations. Our studies show that the threshold behaviour and dynamics of worm epidemics in these networks are greatly affected by a combination of spatial and temporal correlations which characterize these networks, and are significantly different from the previously studied epidemics in the Internet

Prenatal Vitamin D Supplementation and Child Respiratory Health: A Randomised Controlled Trial

PMCID: PMC3691177This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited

Comparative analysis of genome-wide association studies signals for lipids, diabetes, and coronary heart disease: Cardiovascular Biomarker Genetics Collaboration

AIMS: To evaluate the associations of emergent genome-wide-association study-derived coronary heart disease (CHD)-associated single nucleotide polymorphisms (SNPs) with established and emerging risk factors, and the association of genome-wide-association study-derived lipid-associated SNPs with other risk factors and CHD events. METHODS AND RESULTS: Using two case–control studies, three cross-sectional, and seven prospective studies with up to 25 000 individuals and 5794 CHD events we evaluated associations of 34 genome-wide-association study-identified SNPs with CHD risk and 16 CHD-associated risk factors or biomarkers. The Ch9p21 SNPs rs1333049 (OR 1.17; 95% confidence limits 1.11–1.24) and rs10757274 (OR 1.17; 1.09–1.26), MIA3 rs17465637 (OR 1.10; 1.04–1.15), Ch2q36 rs2943634 (OR 1.08; 1.03–1.14), APC rs383830 (OR 1.10; 1.02, 1.18), MTHFD1L rs6922269 (OR 1.10; 1.03, 1.16), CXCL12 rs501120 (OR 1.12; 1.04, 1.20), and SMAD3 rs17228212 (OR 1.11; 1.05, 1.17) were all associated with CHD risk, but not with the CHD biomarkers and risk factors measured. Among the 20 blood lipid-related SNPs, LPL rs17411031 was associated with a lower risk of CHD (OR 0.91; 0.84–0.97), an increase in Apolipoprotein AI and HDL-cholesterol, and reduced triglycerides. SORT1 rs599839 was associated with CHD risk (OR 1.20; 1.15–1.26) as well as total- and LDL-cholesterol, and apolipoprotein B. ANGPTL3 rs12042319 was associated with CHD risk (OR 1.11; 1.03, 1.19), total- and LDL-cholesterol, triglycerides, and interleukin-6. CONCLUSION: Several SNPs predicting CHD events appear to involve pathways not currently indexed by the established or emerging risk factors; others involved changes in blood lipids including triglycerides or HDL-cholesterol as well as LDL-cholesterol. The overlapping association of SNPs with multiple risk factors and biomarkers supports the existence of shared points of regulation for these phenotypes

Body mass index in early and middle adult life: prospective associations with myocardial infarction, stroke and diabetes over a 30-year period: the British Regional Heart Study.

OBJECTIVES: Adiposity in middle age is an established risk factor for cardiovascular disease and type 2 diabetes; less is known about the impact of adiposity from early adult life. We examined the effects of high body mass index (BMI) in early and middle adulthood on myocardial infarction (MI), stroke and diabetes risks. DESIGN: A prospective cohort study. PARTICIPANTS: 7735 men with BMI measured in middle age (40-59 years) and BMI ascertained at 21 years from military records or participant recall. PRIMARY AND SECONDARY OUTCOME MEASURES: 30-year follow-up data for type 2 diabetes, MI and stroke incidence; Cox proportional hazards models were used to examine the effect of BMI at both ages on these outcomes, adjusted for age and smoking status. RESULTS: Among 4846 (63%) men (with complete data), a 1 kg/m(2) higher BMI at 21 years was associated with a 6% (95% CI 4% to 9%) higher type 2 diabetes risk, compared with a 21% (95% CI 18% to 24%) higher diabetes risk for a 1 kg/m(2) higher BMI in middle age (hazard ratio (HR) 1.21, 95% CI 1.18 to 1.24). Higher BMI in middle age was associated with a 6% (95% CI 4% to 8%) increase in MI and a 4% (95% CI 1% to 7%) increase in stroke; BMI at 21 years showed no associations with MI or stroke risk. CONCLUSIONS: Higher BMI at 21 years of age is associated with later diabetes incidence but not MI or stroke, while higher BMI in middle age is strongly associated with all outcomes. Early obesity prevention may reduce later type 2 diabetes risk, more than MI and stroke

Body size modifies the relationship between maternal serum 25-hydroxyvitamin D concentrations and gestational diabetes in high-risk women

Obesity increases the risk of low 25-hydroxyvitamin D (25(OH) D) concentrations and gestational diabetes (GDM). We explored whether the association between GDM and change in 25(OH) D concentrations measured in the first (7-18 wk) and second (20-27 wk) trimesters of pregnancy is dependent on maternal BMI. The study was a prospective study of 219 women with BMI of >= 30 kg/m2, a history of GDM, or both. The participants were stratified by first-trimester BMI: BMI of = 35 kg/m(2). In the BMI group >= 35 kg/m(2), those who did not develop GDM during the follow-up showed higher increase in serum 25(OH) D concentrations compared with women who developed GDM (43.2 vs. 11.5%; P <0.001). No associations between 25(OH) D concentrations and GDM were observed in other BMI groups. These findings give an important aspect of the role of maternal body size in the association between vitamin D and GDM in high-risk women.Peer reviewe