{"id":142,"date":"2008-02-10T23:51:50","date_gmt":"2008-02-11T07:51:50","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/2008\/02\/10\/security-review-quiet-care\/"},"modified":"2008-02-10T23:52:30","modified_gmt":"2008-02-11T07:52:30","slug":"security-review-quiet-care","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2008\/02\/10\/security-review-quiet-care\/","title":{"rendered":"Security Review: Quiet Care"},"content":{"rendered":"<p>Home monitoring systems like Quiet Care exist to allow independent living for elderly people. The system works by monitoring the person\u2019s daily movements with wireless activity sensors in each room. The information collected from these sensors is gathered at a communicator and then is sent to the Quiet Care server and is analyzed for patterns. If the server detects unusual behavior, it contacts the caregivers of the individual.<\/p>\n<p><!--more--><\/p>\n<p><strong>Assets<\/strong><\/p>\n<ul>\n<li>The privacy of the individual      monitored<\/li>\n<li>The ability of the system to      respond when an emergency occurs<\/li>\n<\/ul>\n<p><strong>Potential Adversaries<\/strong><\/p>\n<ul>\n<li>A stalker interested in information      about the individual\u2019s daily behavior.<\/li>\n<li>A thief wanting to break in      undetected by the person or the system.<\/li>\n<li>A disgruntled worker at Quiet      Care<\/li>\n<li>A rival company that wishes      to give Quiet Care a bad name<\/li>\n<\/ul>\n<p><strong>Potential Weaknesses<\/strong><\/p>\n<ul>\n<li>The wireless activity sensors      are wireless so signals from these devices can probably be easily picked      up from outside the home, compromising the individual\u2019s privacy<\/li>\n<li>The analysis of the patterns      in behavior and contacting of caregivers is done on the server. If that      server is taken down and an emergency occurs, the monitored individuals      can be in life danger.<\/li>\n<li>If there is no encryption of      data, a person could intercept and interfere with information going to the      server. This could be used to create many false emergency alerts which      would frustrate the caregivers and give the company a bad name.<\/li>\n<\/ul>\n<p><strong>Potential Defenses<\/strong><\/p>\n<ul>\n<li>Using wired instead of      wireless activity sensors<\/li>\n<li>An effective encryption<\/li>\n<li>Backup servers<\/li>\n<\/ul>\n<p><strong>Risk<\/strong><\/p>\n<p>The wireless part of this system makes very open to attacks. This risk can possibly be life threatening.<\/p>\n<p><strong>Conclusion<\/strong><\/p>\n<p>It is difficult to draw a balance between monitoring an individual closely enough to detect an emergency yet not invade a person\u2019s privacy. This is a problem inherent in all home monitoring systems. For Quiet Care\u2019s system, wiring up the detectors and using a good encryption should help with the privacy leaks that a wireless system has. As electronic home monitoring systems develop, it will be interesting to see what will be used to achieve this balance.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Home monitoring systems like Quiet Care exist to allow independent living for elderly people. The system works by monitoring the person\u2019s daily movements with wireless activity sensors in each room. The information collected from these sensors is gathered at a &hellip; <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2008\/02\/10\/security-review-quiet-care\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":30,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,9,5],"tags":[],"class_list":["post-142","post","type-post","status-publish","format-standard","hentry","category-availability","category-privacy","category-security-reviews"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/142","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/30"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=142"}],"version-history":[{"count":0,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/142\/revisions"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=142"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=142"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=142"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}