As a follow-up to research that several grad students did last semester, we're investigating the permissions system in the Android operating system (i.e. what a given application has "permission" to do with the phone). We suspect that there are ways to get around the permissions, or even that they're not implemented as fully as the documentation says they are.
Steve and Prof Dawn are working with two professors at the University of Massachusetts to investigate security in the field of medicine. This project is broad and ongoing, but one thing we hope to do is to visit hospitals and conduct assessments of ways that security could be improved in them.
We're investigating whether or not conducting banking on mobile phones is significantly riskier than banking on a PC. Rather than dealing with anything incredibly technical, we're approaching this practically, and considering things like: most mobile phone screens aren't large enough to display the full URL of a website, so it's easier for an attacker to set up a similar URL to maliciously collect information from people.