MagicPairing: Apple's Take on Securing Bluetooth Peripherals

Device pairing in large Internet of Things (IoT) deployments is a challenge for device manufacturers and users. Bluetooth offers a comparably smooth trust on first use pairing experience. Bluetooth, though, is well-known for security flaws in the pairing process. In this paper, we analyze how Apple improves the security of Bluetooth pairing while still maintaining its usability and specification compliance. The proprietary protocol that resides on top of Bluetooth is called MagicPairing. It enables the user to pair a device once with Apple's ecosystem and then seamlessly use it with all their other Apple devices. We analyze both, the security properties provided by this protocol, as well as its implementations. In general, MagicPairing could be adapted by other IoT vendors to improve Bluetooth security. Even though the overall protocol is well-designed, we identified multiple vulnerabilities within Apple's implementations with over-the-air and in-process fuzzing

Intergenerational correlations in size at birth and the contribution of environmental factors: The Uppsala Birth Cohort Multigenerational Study, Sweden, 1915-2002.

Sizes at birth of parents and their children are known to be correlated, reflecting in part the influence of fetal and maternal genes. Sociodemographic factors, regarded as aspects of the shared environment across generations, would also be expected to contribute, but evidence is limited. In the present study, the authors aimed to quantify the role of the shared environment in explaining intergenerational correlations in birth weight and length by using data across 3 consecutive generations from the Uppsala Birth Cohort Multigenerational Study in Uppsala, Sweden. That study included birth and sociodemographic data on 7,657 singletons born in Uppsala in 1915-1929 (generation 1) and their grandchildren (generation 3). Standard regression and biometric models were used to study the correlations in size at birth of generation 1-generation 3 pairs. The data showed stronger correlations in maternal pairs than in paternal pairs for birth weight (0.125 vs. 0.096, P = 0.02) but not for birth length (0.097 vs. 0.093, P = 0.77). These correlations were not reduced by adjustment for sociodemographic factors in regression models. In contrast, significant shared-environment contributions to the intergenerational correlations were identified in biometric models, averaging 14% for both birth measures. These models assumed a common latent factor for the sociodemographic variables. The present results show that the shared environment moderately but significantly contributes to intergenerational correlations

The Opportunistic Transmission of Wireless Worms between Mobile Devices

The ubiquity of portable wireless-enabled computing and communications devices has stimulated the emergence of malicious codes (wireless worms) that are capable of spreading between spatially proximal devices. The potential exists for worms to be opportunistically transmitted between devices as they move around, so human mobility patterns will have an impact on epidemic spread. The scenario we address in this paper is proximity attacks from fleetingly in-contact wireless devices with short-range communication range, such as Bluetooth-enabled smart phones. An individual-based model of mobile devices is introduced and the effect of population characteristics and device behaviour on the outbreak dynamics is investigated. We show through extensive simulations that in the above scenario the resulting mass-action epidemic models remain applicable provided the contact rate is derived consistently from the underlying mobility model. The model gives useful analytical expressions against which more refined simulations of worm spread can be developed and tested.Comment: Submitted for publicatio

Estimating the influence of body mass index (BMI) on mortality using offspring BMI as an instrumental variable

Objective: High body mass index (BMI) is an important predictor of mortality but estimating underlying causality is hampered by confounding and pre-existing disease. Here, we use information from the offspring to approximate parental BMIs, with an aim to avoid biased estimation of mortality risk caused by reverse causality. / Methods: The analyses were based on information on 9674 offspring–mother and 9096 offspring–father pairs obtained from the 1958 British birth cohort. Parental BMI–mortality associations were analysed using conventional methods and using offspring BMI as a proxy, or instrument, for their parents’ BMI. / Results: In the conventional analysis, associations between parental BMI and all-cause mortality were U-shaped (Pcurvature  0.46). Curvature was particularly pronounced for mortality from respiratory diseases and from lung cancer. Instrumental variable analyses suggested a positive association between BMI and mortality from all causes [mothers: HR per SD of BMI 1.43 (95% CI 1.21–1.69), fathers: HR 1.17 (1.00–1.36)] and from coronary heart disease [mothers: HR 1.65 (1.15–2.36), fathers: HR 1.51 (1.17–1.97)]. These were larger than HR from the equivalent conventional analyses, despite some attenuation by adjustment for social indicators and smoking. / Conclusions: Analyses using offspring BMI as a proxy for parental BMI suggest that the apparent adverse consequences of low BMI are considerably overestimated and adverse consequences of overweight are underestimated in conventional epidemiological studies

Physicians' and nurses' experiences on EHR usability : Comparison between the professional groups by employment sector and system brand

Background: Usability associates with patient safety and quality of care. This article reports results from nationwide usability-focused survey studies for physicians and nurses in Finland. Earlier research has shown dissatisfaction and serious deficiencies, which hamper the efficient use of health information systems (HIS); however, evaluation studies covering the viewpoints of both user groups are practically lacking. Our study aimed at comparing end-users' experiences on the usability of electronic health record (EHR) systems by employment sector and EHR brand. Methods: To measure usability, we used the validated National Usability-focused HIS Scale (NuHISS). For this study, we selected 11 usability statements that relate to technical quality (n = 3), ease of use (n = 6), benefits (n = 1) and collaboration (n = 1), and were identical in both surveys. We report the responses from 3013 physicians and 2560 nurses working in public sector hospitals or primary care health centers in 2017. Results: Results in total and by healthcare sector showed notable differences between nurses' and physicians' experiences on usability of their EHR systems. Physicians were more satisfied than nurses on technical quality and learnability of the EHR-systems, while nurses experienced the ease of use better and were more satisfied with collaboration aspects than physicians. Two EHR brands used in hospitals appeared to have succeeded in supporting physician workflows, while two others used in health centers were more suitable for nurses' needs. Conclusions: Nurses' and physicians' experiences on EHR usability appear to vary more by EHR brand and employment sector rather than either professional group being generally more satisfied. Development of EHR systems should consider the perspectives of these two main user groups and their working contexts.Peer reviewe

InternalBlue - Bluetooth Binary Patching and Experimentation Framework

Bluetooth is one of the most established technologies for short range digital wireless data transmission. With the advent of wearables and the Internet of Things (IoT), Bluetooth has again gained importance, which makes security research and protocol optimizations imperative. Surprisingly, there is a lack of openly available tools and experimental platforms to scrutinize Bluetooth. In particular, system aspects and close to hardware protocol layers are mostly uncovered. We reverse engineer multiple Broadcom Bluetooth chipsets that are widespread in off-the-shelf devices. Thus, we offer deep insights into the internal architecture of a popular commercial family of Bluetooth controllers used in smartphones, wearables, and IoT platforms. Reverse engineered functions can then be altered with our InternalBlue Python framework---outperforming evaluation kits, which are limited to documented and vendor-defined functions. The modified Bluetooth stack remains fully functional and high-performance. Hence, it provides a portable low-cost research platform. InternalBlue is a versatile framework and we demonstrate its abilities by implementing tests and demos for known Bluetooth vulnerabilities. Moreover, we discover a novel critical security issue affecting a large selection of Broadcom chipsets that allows executing code within the attacked Bluetooth firmware. We further show how to use our framework to fix bugs in chipsets out of vendor support and how to add new security features to Bluetooth firmware

Avoidance of vitamin D deficiency in pregnancy in the United Kingdom: the case for a unified approach in National policy

Prevalence of hypovitaminosis D in Western populations is high; pregnant women are identified as a high-risk group, especially if dark skinned. Consequences of severe clinical vitamin D deficiency in pregnancy can be life threatening to the newborn, while lesser degrees of hypovitaminosis D may have important long-term implications for offspring health. Past experiences with routine provision of 10 mu g/d (4001U/d) to all pregnant mothers suggest that this dose is sufficient to prevent overt neonatal complications of vitamin D deficiency. Recent data suggest that supplementation with dosages above 10 mu g/d may be required for optimal health in the mother and child; however, further research is required for the assessment of the benefits and safety of supplementation with higher dosages. Lack of unified advice on vitamin D supplementation of pregnant mothers in the UK hinders the implementation of primary prevention strategies and is likely to leave some deficient mothers without supplementation

Health information exchange in Finland : Usage of different access types and predictors of paper use

Introduction: Timely, complete and accurate patient data is needed in care decisions along the continuum of care. To access patient data from other organizations, there are three types of regional health information exchange systems (RHIS) in use In Finland. Some regions use multiple RHISs while others do not have a RHIS available. The recently introduced National Patient Data Repository (Kanta) is increasingly used for health information exchange (HIE). Objectives: The purpose of this study was to assess usage of paper, RHISs and Kanta by context in 2017; evolution of paper use over the years; and predictors of paper use in 2017 among Finnish physicians for HIE system development. Methods: Data from national electronic health record (EHR) usage and user experience surveys were taken from 2010 (prior to ePrescription system implementation), 2014 (prior to implementation of Kanta) and 2017 (Kanta was in full use in the public sector and in large private organizations). The web-based surveys were targeted to all physicians engaged in clinical work in Finland. Results: Kanta was the most frequently used means of HIE in 2017. Paper use had reduced significantly from 2010 to 2014. The trend continued in 2017. Still, up to half of the physicians reported using paper daily or weekly in 2017. There were great variations in paper use by healthcare sector, available RHIS type and EHR system used. In multivariable analysis (with all other variables constant), predictors of more frequent use of paper than electronic means for HIE were: private sector or hospital, access to Master Patient Index RHIS (type 1), multiple RHIS (type 4) or no RHIS (type 5), two particular EHR systems, older age, less experience, operative, psychiatric or diagnostic specialties, and male gender. Conclusions: Usability of HIE systems including EHRs as access points to HIE need to be improved to facilitate usage of electronic HIE. Usage ensures more timely and complete patient data for safe, coordinated care. Specialty-specific needs and requirements call for more user participation in HIE design. Especially older professionals need training to better exploit HIS for HIE.Peer reviewe

Usability problems do not heal by themselves : National survey on physicians' experiences with EHRs in Finland

Purpose: Survey studies of health information systems use tend to focus on availability of functionalities, adoption and intensity of use. Usability surveys have not been systematically conducted by any healthcare professional groups on a national scale on a repeated basis. This paper presents results from two cross-sectional surveys of physicians' experiences with the usability of currently used EHR systems in Finland. The research questions were: To what extent has the overall situation improved between 2010 and 2014? What differences are there between healthcare sectors? Methods: In the spring of 2014, a survey was conducted in Finland using a questionnaire that measures usability and respondents' user experiences with electronic health record (EHR) systems. The survey was targeted to physicians who were actively doing clinical work. Twenty-four usability-related statements, that were identical in 2010 and 2014, were analysed from the survey. The respondents were also asked to give an overall rating of the EHR system they used. The study data comprised responses from 3081 physicians from the year 2014 and from 3223 physicians in the year 2010, who were using the nine most commonly used EHR system brands in Finland. Results: Physicians' assessments of the usability of their EHR system remain as critical as they were in 2010. On a scale from 1 ('fail') to 7 ('excellent') the average of overall ratings of their principally used EHR systems varied from 3.2 to 4.4 in 2014 (and in 2010 from 2.5 to 4.3). The results show some improvements in the following EHR functionalities and characteristics: summary view of patient's health status, prevention of errors associated with medication ordering, patient's medication list as well as support for collaboration and information exchange between the physician and the nurses. Even so, support for cross-organizational collaboration between physicians and for physician-patient collaboration were still considered inadequate. Satisfaction with technical features had not improved in four years. The results show marked differences between the EHR system brands as well as between healthcare sectors (private sector, public hospitals, primary healthcare). Compared to responses from the public sector, physicians working in the private sector were more satisfied with their EHR systems with regards to statements about user interface characteristics and support for routine tasks. Overall, the study findings are similar to our previous study conducted in 2010. Conclusions: Surveys about the usability of EHR systems are needed to monitor their development at regional and national levels. To our knowledge, this study is the first national eHealth observatory questionnaire that focuses on usability and is used to monitor the long-term development of EHRs. The results do not show notable improvements in physician's ratings for their EHRs between the years 2010 and 2014 in Finland. Instead, the results indicate the existence of serious problems and deficiencies which considerably hinder the efficiency of EHR use and physician's routine work. The survey results call for considerable amount of development work in order to achieve the expected benefits of EHR systems and to avoid technology-induced errors which may endanger patient safety. The findings of repeated surveys can be used to inform healthcare providers, decision makers and politicians about the current state of EHR usability and differences between brands as well as for improvements of EHR usability. This survey will be repeated in 2017 and there is a plan to include other healthcare professional groups in future surveys. (C) 2016 The Authors. Published by Elsevier Ireland Ltd.Peer reviewe