By Sara Elizabeth Cody
Five teams of ECE students competing in the fifth annual Intel-Cornell Cup have advanced to the final round in the competition. The Intel-Cornell Cup is a college-level design competition that aims to empower inventors of the newest innovative applications of embedded technology.
“This is a major national competition and personally I think our teams’ performances reflect highly on the College,” says Associate Professor of Practice Alan Pisano (ECE), who is one of the faculty advisor for the competition. “We have five very interesting projects in the finals, more than any other school, which seek to tackle nationally relevant issues that will benefit society.”
The competition, which alternates between live and online competition annually, is following an online format this year. Initially, six teams from BU advanced to the semifinal round and competed against 31 other teams from around the country. Five teams from BU, comprised of senior design project teams, are competing with 24 other teams in the final round.
The BU finalist teams are:
- An interdisciplinary team of ECE and ME students and sponsored by Consolidated Edison to build an autonomous robot to move 800 pound circuit breakers in their substations.
- A team of ECE students building a drone to locate ice dams and apply melting chemicals to “break the dam.”
- Created by a team of ECE students (with one BME dual-degree student), this device is essentially a “Fitbit” for cows, networking them together and gathering data to analyze in a cloud.
- A team of ECE students designing a translating teddy bear toy for young children to help them learn different languages
- An ECE team creating a device to measure high-energy electrons in space
Projects will be completed by the end of March, fulfilling both a course requirement and a competition requirement with support from Pisano and the other ECE Senior Design Capstone supporting faculty members, Lecturer Osama Alshaykh and Senior Lecturer Babak Kia. The final judging takes place at the end of April. The competition is sponsored primarily by Intel and Cornell University.
Leading Engineers Visit BU as Part of the ECE Distinguished Lecture Series to Discuss Research with Students and Faculty
By Rebecca Jahnke, COM ’17
BU’s Electrical & Computer Engineering department draws renowned leaders of the field to present as part of the ECE Distinguished Lecture Series. The topics presented are always changing, but consistently span diverse research areas. The Fall 2015 lineup included academics Daniel Fleetwood, Kevin Skadron and Ralph Etienne-Cummings.
Despite Fleetwood, Skadron and Etienne-Cummings’ varying research focuses, the trio has much in common. All are highly decorated IEEE Fellows with many accolades to their names. They hold a collective ten patents between them. Through the groundbreaking publications they’ve authored, the group has effectively written the science today’s students are learning. Work conducted at posts throughout the country – and for some, on sabbatical abroad – further reflects the breadth of their influence.
Fleetwood kicked off this season’s series with a lecture entitled “Moore’s Law and Radiation Effects on Microelectronics” in September. Fleetwood is the Chair of Vanderbilt University’s Department of Electrical Engineering & Computer Science as well as the university’s Olin H. Landreth Professor of Engineering. His lecture examining the effects of Moore’s Law Size and voltage scaling followed his research in nano science and technology as well as risk and reliability. A Fellow of the American Physical Society and an IEEE Fellow, Fleetwood also received the IEEE Nuclear and Plasma Sciences Society’s Merit Award. Having authored over 380 publications, Fleetwood received ten Outstanding Paper Awards and has his research cited upwards of 7000 times.
The series continued with a lecture by Kevin Skadron, University of Virginia Department of Computer Science Chair and Harry Douglas Forsyth Professor. His October presentation, “Automata Processing: Massively-Parallel Acceleration for Approximate Pattern Matching,” provided an overview of the AP architecture and observations from accelerating its applications. Skadron cites his research as exploring processor design techniques for managing power, thermal and reliability constraints, all with a focus on manycore and heterogeneous architectures. He has achieved two patents of his own and over 100 peer-reviewed publications and counting since his college summers spent interning for Microsoft and Intel.
Ralph Etienne-Cummings, Professor and Chair of Johns Hopkins University’s Department of Electrical and Computer Engineering, closed out this semester’s series in December. This final presentation – “I, Robot: Blurring the lines between Mind, Body and Robotics” – suggested new approaches to brain-machine interfaces (BMI). Etienne-Cummings’ research interests include systems and algorithms for biologically inspired and low-power processing, biomorphic robots, applied neuroscience, neutral prosthetics and computer integrated surgical systems and technologies. His high level of curiosity has been evident since he was a child and repaired his own short wave radio to listen to a soccer match. Now the holder of seven patents, Etienne-Cummings is known to make time for diversity and mentoring initiatives intended to awaken a similar curiosity in others.
By Rebecca Jahnke, COM ’17
The IEEE Power & Energy Society (PES) selected three ECE undergraduates – Zachary Lasiuk, Nathaniel Michener and Ami Vyas – to receive scholarships through the Scholarship Plus Initiative. The scholarships recognize students majoring in electrical and computer engineering who have achieved high GPAs and distinctive extracurricular involvement, and have demonstrated commitment to exploring the power and energy field.
The students join 210 fellow 2015-16 scholarship recipients hand-selected by PES regional volunteers. The application period ended last June. Each winner will receive a $2,000 scholarship.
Michener received further recognition as the Northeast region’s John W. Estey Outstanding Scholar. Michener is one of six top PES Scholars – one from each U.S. and Canadian region – chosen for the honor. He will receive an additional $5,000 scholarship and a yearlong IEEE and IEEE PES Student Membership.
Michener was also offered $1,000 in travel honorarium to attend the IEEE PES Annual Meeting in Denver this July featuring conferences, panels and tutorials under the theme “Powering Up the Next Generation.” However, he will be unable to attend on account of his new job in the Edison Engineering Development Program at Pittsburgh’s General Electric Power Conversion.
PES, a volunteer based, non-profit organization, bills itself as directly addressing the power and energy workforce shortage by bringing together government and industry forces, educators and students. The international society – comprised of over 26,000 engineers and scientists worldwide – intends for its scholarship program to attract the highest qualified students to the field.
According to Michener, PES is meeting that goal.
“The IEEE PES has been a great resource for exploring an education and career in power and energy, a field I am passionate about. Their presence fosters a growing community in an increasingly important area of today’s society,” Michener said. “With the support they have expressed towards me, I am now more determined than ever to pursue an impactful career that will have meaningful, tangible benefits for society through improved energy sources.”
Lasiuk stays up-to-date with IEEE through his professor who heads the BU chapter, Professor Min-Chang Lee.
“I take Electromagnetic Systems with Professor Lee,” say Lasiuk. “He integrates concepts from IEEE such as power transmission, reflection, total transmission and EM wave propagation in different modes to give a holistic view of electromagnetics as applied to real life applications.”
BU’s triple recognition this year follows one BU student’s recognition last fall, when Marissa Petersile (EE ’15) was named a PES Scholar.
Giles has recently accepted key roles aimed at progressing the field of astronomy and of supercomputing; all while, continuing his role as a STEM diversity advocate.
By Gabriella McNevin and Rebecca Jahnke (COM ‘17)
Roscoe Giles is a Professor of Electrical and Computer Engineering at Boston University (BU). Within the last few months, Giles has become involved with a $864-million cooperative agreement to manage the National Radio Astronomy Observatory (NRAO). He has also accepted an invitation to aid in the development of U.S. supercomputing policies.
In October, 2015, Giles started a two-year term as Chair of the Associated Universities, Inc. (AUI) Board of Trustees. The following month, NSF approved the largest cooperative agreement the astronomy division has ever granted. A 10-year, $864-million cooperative contract with AUI to manage the NRAO. This record breaking contract will tie AUI leadership to the core goals of astronomical research embraced by NRAO.
Also in October, Giles was invited to the White House’s National Strategic Computing Initiative (NCSI) Workshop. NCSI was established by President Obama’s executive order to ensure the United States continues its role as a supercomputing pioneer in the coming decades. The workshop sought to jumpstart ideas for a cohesive, multi-agency strategy. While at the workshop, he and other industry, academic, and government leaders discussed the challenges and opportunities associated with the increase in computing demands and the heightened role of big data in the ever-evolving technological landscape.
Giles is no stranger to government policy. Having served as Chairman of the United States Department of Energy’s Advanced Scientific Computing Advisory Committee from 2008 to 2015, Giles directly influenced the management and direction of federal scientific computing programs.
Giles’ expansive research interests provide a broad foundation to draw upon. Giles started his education studying physics. He obtained his Bachelor’s of Arts degree with honors from the University of Chicago and received Master’s of Science and Ph.D. degrees from Stanford University.
Giles shifted his focus to electrical and computer engineering upon joining Boston University in 1985. Giles is focused on advanced computer architectures, distributed and parallel computing and computation science.
On LinkedIn, Roscoe Giles describes himself simply as an optimist intent to push “the envelope of computing and science in the large.”
Giles is well acquainted with national initiatives to increase diversity in STEM fields. Giles is listed by the Career Communications Group as one of the “50 Most Important Blacks in Research Science,” and was the first African American to earn a theoretical physics PH.D. from Stanford. Additionally, Giles was the first ever African American conference chairman of the Supercomputing Conference, which took place in Baltimore, Maryland in 2002
To that effect, Giles has been lauded not just for his research, but also for his community outreach. Giles was a Founder and Executive Director for the Institute of African American E-Culture. The foundation worked to open access to information technology to minorities and disadvantaged communities across the country. Giles won the Computing Research Association (CRA) A. Nico Habermann Award for his service as a faculty adviser and Minority Engineers Society Mentor.
At the Boston University Department of Electrical and Computer Engineering, Giles has received recognition including Scholar-Teacher of the Year in 1992. In 1996, Giles won Boston University’s College of Engineering Award for Excellence in Teaching.
By Rebecca Jahnke (COM ‘17) and Bhumika Salwan (Questrom ’16)
Boston University hosted over 300 attendees November 12-15th at the Metcalf Trustee Center for the Students for the Exploration and Development of Space (SEDS) SpaceVision 2015 Conference. The conference is entirely student-run and space-centric. It bills itself as connecting present with future space leaders and is part of international nonprofit SEDS’ larger mission to empower students through the high school, undergraduate and graduate levels to impact space exploration.
BU Engineering seniors Mehmet Akbulut (ME ‘16) and Dean De Carli (EE ‘16) spearheaded conference planning. Both Akbulut and De Carli, who served as the Chair of Operations and Chair of Programming, respectively, had attended the 2013 Arizona SpaceVision Conference. After pondering why the conference had yet to be hosted in a major city like Boston, the pair submitted a bid to post the conference at Boston University and successfully secured the 2015 venue nomination.
Akbulut oversaw logistics, registration, personnel, and general operations of the event while De Carli took charge of programming and speakers. Together, they developed an agenda that featured industry speakers, panels, a business plan competition, and a first-ever peer mentor session. By bringing students together with leaders in the aerospace community, the conference offered attendees invaluable networking opportunities and the chance to view the future of space development through an interdisciplinary lens.
The SEDS, SpaceVision, Rocket Propulsion, and small satellite efforts at BU are all truly interdisciplinary and interdepartmental. This creates a forum for students in different concentrations to work as a team and further learning in fields such as space research. Both Akbulut and De Carli attribute their success running SpaceVision 2015 to the education and leadership opportunities they’ve had in the College of Engineering and Department of Electrical and Computer Engineering (ECE).
“ECE has prepared me to help with SpaceVision by giving me the opportunity to lead in student groups such as Boston University Rocket Proposal Group. It’s given me the leadership skills that I have been able to translate into a much larger scale such as being Chair of this conference,” De Carli said.
The College of Engineering, Department of Electrical and Computer Engineering, Department of Mechanical Engineering and Center for Space Physics jointly sponsored the conference. Outside sponsors included Arizona State University School of Earth and Science Exploration and industry sponsors like Lockheed Martin.
MOC successfully rallies academia, government and industry in developing new cloud.
By Rebecca Jahnke (COM ’17)
The Massachusetts Open Cloud (MOC) project – led by ECE Professor Orran Krieger – just announced a set of core industry partners, spanning key hardware, software and services industry sectors. The MOC is an ambitious project that aims to create a public cloud, based on a revolutionary model for a multi-provider Open Cloud eXchange (OCX).
In existing public clouds one provider operates the entire cloud. In contrast, the OCX model underlying the MOC allows for multiple entities to provide computing resources and services in a level playing field. Having multiple providers – all with their own specialties – participating in the same cloud will enable a broader range of users and applications to be supported.
The core corporate partners of the MOC – Brocade, Cisco, Intel, Lenovo, Red Hat and Two Sigma – have made financial commitments as well as in-kind commitments, ranging from computer infrastructure in support of MOC deployment and operation, to engineering expertise to support the development of OCX functionality. The companies have also pledged executive sponsors to keep company and project goals aligned and to support MOC’s development. These new partnerships underscore the strong and growing industry support for the project, which has already secured in excess of $14 million of funding – more than quadruple the $3 million in seed funding that the MOC received from the Mass Tech Collaborative in 2014.
Incubated at and seed-funded by the Hariri Institute for Computing at BU (as part of the Cloud Computing Initiative led by its Director, Orran Krieger), this complex project has benefitted from strong BU institutional and administrative support, including the offices of the Provost, Corporate Relations, General Council, and IS&T Research Computing. Anchored at BU, the project is a collaboration that also involves Harvard University, MIT, UMass, and Northeastern University, as well as the Massachusetts Green High-Performance Computing Center (MGHPCC). The project leverages and builds on current and prior research by a number of ECE and CS faculty members at BU including Jonathan Appavoo, Azer Bestavros, Ran Canetti, Ayse Coskun, and Orran Krieger.
Wireless Sensors Developed by Interdisciplinary Engineering Team to be Launched into Space
By Rich Barlow Video by Joe Chan for BU Today
On March 10, 1989, a solar eruption blasted plasma toward Earth. Canadian utility Hydro-Quebec noticed a hop-skip-and-jump in the voltage on its grid two days later. On March 13, with plasma sweeping Earth’s magnetic field and causing electric currents in the outer atmosphere, the grid shut down, plunging the province into darkness for nine hours.
Such bolts from the blue (or black) of space rarely wreak such havoc. But less severe irritants—interrupted radio transmissions, disrupted GPS devices, even rusting of pipelines—can result when electric currents course through the magnetic field, says Joshua Semeter, who’d like to know more about this phenomenon (largely because the magnetic field may be an essential ingredient for life on Earth). So would the federal government, which is why NASA has agreed to launch a network of wireless sensors named ANDESITE, developed by Semeter’s College of Engineering students to study changes in Earth’s magnetic field caused by space weather.
It is the final frontier, finally crossed: the first space launch for eight-year-old BU Student-satellite for Applications and Training, overseen by Semeter (ENG’92,’97), an ENG professor of electrical and computer engineering. Colloquially known as BUSAT, the program engages students in designing and operating small satellites. Earlier this year, the BUSAT group was one of the teams from a half dozen universities that beat out nine competitors to continue receiving support from the Air Force, which has contributed more than $500,000 to BUSAT projects. (BU also provided funding.) NASA will set a date for the launch late this year, Semeter says, assuming the agency’s review shows that ANDESITE’s ejecting sensors “won’t blow up their vehicle.”
ANDESITE sensors are DVD-sized boxes packed with electronics boards, and eight of them will hitch a ride on a NASA spacecraft that will spit them out roughly 280 miles above the Earth. Each sensor, traveling at a speed of approximately six miles per second, will complete an orbit of the Earth in roughly 90 minutes. The sensors will measure variations in electrical currents flowing in and out of the upper atmosphere along Earth’s magnetic field. “From this we will learn about how turbulence forms in space plasmas and what the eventual effects of this will be” on things like radio signals, allowing for better modeling of those effects, Semeter says.
ANDESITE’s success has already led to one terrestrial development, he adds. ENG has hired Brian Walsh (GRS’09,’12) as an associate professor of mechanical engineering. Walsh researches small satellites and space technology.
“This whole idea of taking any kind of spacecraft and spitting out small sub-payloads is really experimental,” says Semeter.
“This whole idea of taking any kind of spacecraft and spitting out small sub-payloads is really experimental,” says Semeter, although ANDESITE employs “technology that’s very well established here on Earth. They use it for self-driving cars and finding cabs in a city; Uber uses this kind of thing. This is wireless mesh network technology.…Our innovation was, why can’t we use that in space? What science could you do?”
In July, government representatives visited the students’ lab at the Engineering Product Innovation Center for a demonstration of how the sensors would deploy during an upcoming zero-gravity test flight, a nausea-inducing trial that previous BUSAT students have experienced firsthand. The students rigged a contraption to gently fire sensors into a mesh net, a form of soccer-meets-space.
“Looks like a good setup,” Zane Singleton of the Defense Department’s Space Test Program and tech company MEI Technologies said at the demonstration.
Earlier in the history of miniaturized satellites, “NASA didn’t give a rat’s ass” about them, Semeter says, with one official harrumphing, “Why would somebody who drives a Ferrari care about Matchboxes?” Then the National Science Foundation convinced NASA that solid science research could be done by mini-satellites. Today, ANDESITE is but one government effort to study space weather. Last February, a National Oceanic and Atmospheric Administration satellite was launched to record data about solar wind.
Cody Nabong (ENG’15), ANDESITE’s project manager, joined BUSAT on a buddy’s recommendation after being stymied in his search for an internship. (A picture of his friend on a zero-gravity flight was a grabber.) “I’ve been interested in aerospace since I came here, so it wasn’t a hard decision,” says Nabong, who appreciates the hands-on practice of the classroom concepts he’s studied that the team has provided. “The computer program that you use to make your 3-D models—I got a lot of practice with that. And then I learned a bunch about communications stuff that I wouldn’t have been exposed to if I had just had courses.…The biggest thing I’ve learned is how you meet requirements for an engineering project,” he says, referring to the government competitions and reviews the ANDESITE project has hurdled.
If the foregoing sounds uber-Star Trek-y, BUSAT’s members include some liberal arts disciplines majors who came for graduate engineering study through BU’s LEAP (Late Entry Accelerated Program) initiative. One BUSAT alumnus was a building contractor from San Francisco, who was “perfectly suited for this job,” says Semeter. “He’s used to going to the project site, telling people what to do. That’s all we needed. And he was technically competent.”
By Rich Barlow, BU Today
The movies’ mad genius took something unappetizing—bits and pieces of bodies—and stitched them into an equally unattractive monster. By contrast, ScareBear’s BU student inventors started with an adorable teddy bear and, through the magic of computer science, transformed it into a furry fiend, its eyes flashing demonic red while it growled, “I’ve got something for you,” in ghoulish tones.
But while Frankenstein labored in solitude, ScareBear was born amid 500 student hackers who packed Metcalf Hall for BU’s Halloween weekend hackathon. While competitors worked on their own projects—an app to summon a ride home if you were too drunk to drive, an online stick figure aping the gestures of a person standing before a motion detector—ScareBear’s four BU creators disemboweled their teddy to install hardware, plucked its brown glass eyes to place red lights underneath, and designed the app putting the scare in ScareBear.
“OK, so it smells a little bit,” shrugged Nicholas Maresco (ENG’17), after hot glue spilled on wiring, exuding a burning stink. “Only you can prevent forest fires,” quipped teammate Brian Tan (ENG’16), pushing the bear motif. Later, Maresco confessed, “That’s our second Raspberry Pi. We fried the first one.” He wasn’t talking about lunch. Raspberry Pi is a credit-card sized computer, and the team needed one to communicate with the creature-controlling app.
The project punctuated what the BU organizers called a “Hacky Halloween,” the University’s third annual computer competition. This year’s event outdrew the previous two, with even two busloads of Canadian participants coming in.
The hackathon stretched from Saturday afternoon to Sunday afternoon, when the hackers hunched over their laptops like medieval monks transcribing scripture, racing to complete their projects. (Those who were conscious, that is. Several heads slumped on the tables, napping after little or no sleep overnight. One table had an inflatable mattress on standby on the floor.)
“Sleep isn’t a huge concern,” said Sean Smith (CAS’17), one of the event organizers. “It’s kind of the culture. You get together and you have 24 hours and the time pressure and adrenaline of working with other people, and having this deadline makes you get a lot done.”
Hackathons, which have sprouted on many campuses in the last decade, offer computer enthusiasts opportunities they can’t always get in classes. “It’s really intense, but when you have an idea, it’s fun to go and really knock it out,” said Ben Lawson (CAS’17), whose team project was to use texting, rather than the internet, to code a computer. Lawson pointed out that the event’s corporate sponsors are often a good bet for internship and job possibilities.
“Hackathon” may be a bit of a misnomer, evoking for nontechies an image of information thievery. But “the connotation of the term is changing a lot,” said Smith. “Facebook and Mark Zuckerberg really have championed this term of hacking as a collaborative way of coding quickly. And really, what it means is taking all these tools that you have available and figuring out how to put them together well. Whole companies are built doing the things that people are doing at hackathons.”
Indeed, several major corporations, among them Microsoft, Liberty Mutual, and Capital One, sponsored the hackathon. With some additional funding from BU, the companies covered a budget of about $100,000, including meals and a $12,500 rented generator to power all those computers whose batteries died during the marathon competition. The event was organized by the student group MakeBU, which organizes weekly hack nights on campus and hackathons at BU and elsewhere, along with BUILDS, another student hacking group, and it was sanctioned by Major League Hacking, the NFL of competitive student coding.
Teams came up with their own projects, which were evaluated by 15 judges, mostly from the technology industry. Completing a project was less important that the quality and feasibility of the idea. “If you didn’t finish a project,” Smith said, “but you have this awesome idea and you can show some functionality, then you could probably be a strong contender. Things that are easy, things that have been done before, are generally not going to do that well in the judging.”
The top prize went to a team from Purdue, Carnegie Mellon, and New York University, which built an app that breached the telephone/internet barrier, enabling a telephone caller to converse with a search engine, Bing, and find medical advice. The advice was converted from text to speech and relayed back to the user over the phone.
Neither ScareBear nor any BU team walked away with prizes for top projects, but for the organizers, winning wasn’t the point. “We want it to be fun and collaborative,” said Smith. “We don’t want it to be competitive or cutthroat. We want people to work together and meet new people and learn new things and maybe have something that they can put on their résumé.”
As ScareBear cocreator Doug Roeper (ENG’17) put it, “It’s like, whatever we want, we can implement, whether it works or not. We could try.”
By Bhumika Salwan (Questrom ’16)
ECE Associate Professor Ayse Coskun and Assistant Professor Manuel Egele were awarded $189,000 for their research in data analytics with Sandia National Laboratories for improving energy efficiency and security of high performance computing (HPC) systems. Sandia Labs is one of the nation’s premier science and engineering laboratories for national security, with strategic areas in nuclear weapons, defense systems and assessments, energy and climate, and international, homeland, and nuclear security.
Professor Ayse Coskun’s research group at Boston University is widely-cited, with expertise in the topics of energy-efficient computing, computer system modeling and simulation, design of intelligent scheduling and power management techniques, and green computing in data centers and HPC systems. Professor Manuel Egele is an expert on systems and software security whose research has been published at top-tier peer reviewed conferences including NDSS and CCS.
Their project aims to identify which data collected out of HPC systems would be useful for identifying performance characteristics, inefficiencies, and malicious behavior. It will then design methods to leverage these data to design runtime strategies to improve efficiency and security. Professors Coskun and Egele’s research teams will first collect data on real HPC clusters at Sandia Labs and at the Massachusetts Green High Performance Computing Center (MGHPCC). They will then analyze that data to determine the most relevant, minimum set of metrics that are good indicators of energy and normal system behavior, and construct models that can predict performance variations and anomalous behavior resulting from security breaches or fraudulent activities.
The knowledge gained through this project will aid users and admins in answering questions such as the following: How much resources (e.g., how many cores or what size of memory) do I need for my application? Why does the performance of my application wildly vary across different runs? What information can we provide to system administrators to enable more efficient problem diagnosis? Can we determine whether software applications are behaving “normally”?
ECE alums’ class project earns spot at Black Hat USA 2015
By Joel Brown, published in BU Today
The Square Reader, used by millions of businesses in the United States, could at one point be converted in less than 10 minutes into a skimmer that could steal and save credit card information, according to three recent ENG grads. Their findings will be presented today at the Black Hat USA 2015 cybersecurity conference in Las Vegas.
Computer engineering grads Alexandrea Mellen (ENG’15), John Moore (ENG’15), and Artem Losev (ENG’15) discovered the vulnerability last year in a project for their Cybersecurity class, taught by Ari Trachtenberg, an ENG professor of electrical and computer engineering.“The beauty of the hardware attack itself was that there would be no sure way to know if it was the merchant with the Square Reader that actually took your information,” Mellen says.
The trio also found that Square Register software could be hacked to enable unauthorized transactions at a later date.
“The merchant could swipe the card an extra time at the point of sale,” says Moore. “You think nothing of it, and a week later when you’re not around, I charge you $20, $30, $100, $200… You might not notice that charge. I get away with some extra money of yours.”
Moore, who was valedictorian of his ENG class, says the three reported the vulnerabilities to Square last fall, and the company quickly moved to close them. Square also sent Moore a $500 “bounty” for the software hack.
Moore says there is no evidence that either of the vulnerabilities has been used to scam credit card holders, but warns that the group’s findings raise red flags for the fast-growing mobile commerce field in general.
“This isn’t just about Square,” he says. “Over the past six years, mobile point-of-sale has really taken off…and all of these providers are offering new hardware and software to process payments, and customers are trusting their credit card information to new devices that haven’t been tested as much as traditional point-of-sale devices. They’re interacting with the personal cell phone of the merchant in a lot of cases. There’s just a lot going on.”
The three turned their class project into a paper that submitted to the Black Hat conference and waited two months before learning it had been accepted, which was a huge thing, “because Black Hat is the premiere information security conference in the world,” Mellen says. The weeklong event draws everyone from hackers to government officials. Mellen and Moore will give a 25-minute presentation on their work at the conference, where they get free passes to the briefings at the Mandalay Bay Resort and Casino, worth $2,195.
Trachtenberg says students have derived papers from class projects before, but none were undergraduates and none of the conferences have had the stature of Black Hat. “This is a conference with a very high impact,” he says. “There are 10,000 security professionals that pay a lot of money to come to this conference and listen to the latest interesting security research.”
Vulnerabilities in payment software present more of an inconvenience than a financial risk, he says, at least for consumers who check their credit card statements regularly, because losses are generally covered by the credit card companies.
“The bigger reason to be scared is that Square had security in mind from the very beginning and designed these to be secure,” he says. “They should have known better than to have left these kind of holes. It kind of bodes poorly for other vendors who might not be taking security quite as seriously and what kind of problems they might be having.”
Square doesn’t disclose how many businesses use its software or how much revenue it derives by taking a small percentage of their transactions, but Bloomberg quoted one analyst as estimating that the company took in $300 million in merchant fees in 2013.
Mellen and Moore say they made Square aware of the two potential problems late last fall, and the company was receptive to their warning.
Through the winter and spring, Square staffers discussed possible solutions and their difficulties with Moore on a page on the HackerOne platform, and they eventually settled on a solution that would alert the company if the hack was ever used.
Square did not respond in detail and declined to discuss specific solutions on the record with BU Today, but a spokesperson offered a statement: “With so many sellers relying on Square to run their business, we’ve made protecting them a priority. We protect sellers by encrypting transactions at the moment of swipe, tokenizing data once it reaches our servers, and monitoring every transaction to detect suspicious behavior. We’ve also recently migrated the small percentage of remaining sellers who use an out-of-date, unencrypted card reader to new hardware. Today, those unencrypted card readers no longer work. We’re always making advances in security, and we appreciate John Moore’s research, which encouraged us to speed up our deprecation plans.”
All three alums have other plans now. In September, Mellen will return to running her own company, Terrapin Computing LLC in Cambridge, which sells four iOS apps. Moore will start work as a software engineer for Google, and Losev will continue his computer science education at New York University.
Moore says another lesson to draw from their experience has nothing to do with hackers or credit cards and everything to do with the classroom.
“Don’t be afraid to take on a project that goes a little bit above and beyond what’s required,” he says. “We could have done a project that was a lot simpler and easier, but instead we decided to do something that was quite challenging for us. We learned a lot in the process. We put in a lot more time than we expected, and it ended up paying off in the long run.”
Additional press coverage on ECE alums cyber security discovery: