Hannah Greß, M. Sc.
Personalized Digital Health and Telemedicine
Affiliation:
Department for Epileptology
University Hospital Bonn
Medical Faculty
University of Bonn
Location:
Venusberg-Campus 1,
Building 74, Room 2G-015
53127 Bonn, Germany
Telephone: +49-228/287-51705
Email: hannah.gress@ukbonn.de
Short CV: Hannah Greß earned her Bachelor’s degree in Audiovisual Media (B.Eng.) in 2018 from the Stuttgart Media University and her Master’s degree in Computer Science (M.Sc.) in 2022 from Philipps University of Marburg. She began her Ph.D. studies at Cologne University of Applied Sciences in 2022 and since 2023, she has been continuing her Ph.D. in Computer Science at the University Hospital Bonn/University of Bonn. She is an active member of the gender equality group GIDIS of the Department of Computer Science, former mentee of the MeTra Mentoring Program of the Gender Equality Office and mentor of the MINERVA Mentoring Program of the Department of Computer Science.
Publications
2026
Greß, Hannah; Dahl, Alanis; Tran, Mindy; Popovski, Marija Turkovic; Krüger, Björn
Theory vs. Practice: How Secure are Bluetooth Low Energy-Capable Health Devices Compared to Legal Requirements? Proceedings Article
In: Proceedings of the 16th graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2026), pp. 46-48, German Informatics Society (GI), 2026, ISBN: ISSN 2190-846X.
@inproceedings{gress2026b,
title = {Theory vs. Practice: How Secure are Bluetooth Low Energy-Capable Health Devices Compared to Legal Requirements?},
author = {Hannah Greß and Alanis Dahl and Mindy Tran and Marija Turkovic Popovski and Björn Krüger
},
url = {https://fg-sidar.gi.de/publikationen/sidar-reports},
isbn = {ISSN 2190-846X},
year = {2026},
date = {2026-05-11},
urldate = {2026-05-11},
booktitle = {Proceedings of the 16th graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2026)},
pages = {46-48},
publisher = {German Informatics Society (GI)},
abstract = {In a world becoming increasingly ’smart’, be it in industry, at home, or in medicine, secure data storage and transmission become even more important. But how secure is this in practice, and do vendors comply with current law to adequately protect the users’ or companies’ data? We chose empatica’s EpiMonitor as a ’smart’ and medically certified device to exemplify what such a technical assessment and legal analysis could look and which vulnerabilities may occur. This assessment and analysis are transferable to other wearable devices, possibly with slight modifications.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In a world becoming increasingly ’smart’, be it in industry, at home, or in medicine, secure data storage and transmission become even more important. But how secure is this in practice, and do vendors comply with current law to adequately protect the users’ or companies’ data? We chose empatica’s EpiMonitor as a ’smart’ and medically certified device to exemplify what such a technical assessment and legal analysis could look and which vulnerabilities may occur. This assessment and analysis are transferable to other wearable devices, possibly with slight modifications.
Greß, Hannah; Schreiter, Jonas; Rademacher, Michael; Krüger, Björn
BLE Security Testing: Survey of Attacks and Evaluation of Tools and Frameworks Journal Article
In: IEEE Open Journal of the Communications Society, 2026.
@article{gress2026c,
title = {BLE Security Testing: Survey of Attacks and Evaluation of Tools and Frameworks},
author = {Hannah Greß and Jonas Schreiter and Michael Rademacher and Björn Krüger },
doi = {10.1109/OJCOMS.2026.3691569},
year = {2026},
date = {2026-05-08},
urldate = {2026-05-08},
journal = {IEEE Open Journal of the Communications Society},
abstract = {Nowadays, more and more areas of our lives are becoming ‘smart,’ including homes, industrial
sites, and medical devices. Since sensitive data is transmitted over various protocols, manufacturers must
ensure that the data is adequately secured. To do so, penetration testing on these devices is an option,
ideally before market launch. Depending on the protocol, various tools and frameworks exist. We chose
the Bluetooth Low Energy (BLE) protocol for analysis due to its widespread use and started our work by
classifying possible threats to BLE into four categories based on the attacks executable by the identified
tools and frameworks. Threats targeting BLE Mesh and BLE privacy and localization were identified
through a literature review and added to the corresponding categories of our taxonomy. Subsequently, we
conducted an in-depth evaluation of these tools and frameworks targeting BLE (excluding BLE Mesh,
and BLE privacy and localization) on four medical devices to empirically determine which tools and
frameworks remain usable for pentesting BLE devices. Furthermore, we analyzed which threats in our
taxonomy remain feasible. Our results show that only eight out of 21 (38%) attacks can still be carried
out. The tools and frameworks capable of conducting these attacks are mostly still maintained, emphasizing
the importance of keeping such tools and frameworks up to date for future use. Nevertheless, current BLE
pentesting requires a patchwork of multiple, often unmaintained frameworks to realize all known attacks
— this demonstrates an urgent need for a single, extensible, actively maintained framework that allows
attacks to be integrated modularly.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Nowadays, more and more areas of our lives are becoming ‘smart,’ including homes, industrial
sites, and medical devices. Since sensitive data is transmitted over various protocols, manufacturers must
ensure that the data is adequately secured. To do so, penetration testing on these devices is an option,
ideally before market launch. Depending on the protocol, various tools and frameworks exist. We chose
the Bluetooth Low Energy (BLE) protocol for analysis due to its widespread use and started our work by
classifying possible threats to BLE into four categories based on the attacks executable by the identified
tools and frameworks. Threats targeting BLE Mesh and BLE privacy and localization were identified
through a literature review and added to the corresponding categories of our taxonomy. Subsequently, we
conducted an in-depth evaluation of these tools and frameworks targeting BLE (excluding BLE Mesh,
and BLE privacy and localization) on four medical devices to empirically determine which tools and
frameworks remain usable for pentesting BLE devices. Furthermore, we analyzed which threats in our
taxonomy remain feasible. Our results show that only eight out of 21 (38%) attacks can still be carried
out. The tools and frameworks capable of conducting these attacks are mostly still maintained, emphasizing
the importance of keeping such tools and frameworks up to date for future use. Nevertheless, current BLE
pentesting requires a patchwork of multiple, often unmaintained frameworks to realize all known attacks
— this demonstrates an urgent need for a single, extensible, actively maintained framework that allows
attacks to be integrated modularly.
sites, and medical devices. Since sensitive data is transmitted over various protocols, manufacturers must
ensure that the data is adequately secured. To do so, penetration testing on these devices is an option,
ideally before market launch. Depending on the protocol, various tools and frameworks exist. We chose
the Bluetooth Low Energy (BLE) protocol for analysis due to its widespread use and started our work by
classifying possible threats to BLE into four categories based on the attacks executable by the identified
tools and frameworks. Threats targeting BLE Mesh and BLE privacy and localization were identified
through a literature review and added to the corresponding categories of our taxonomy. Subsequently, we
conducted an in-depth evaluation of these tools and frameworks targeting BLE (excluding BLE Mesh,
and BLE privacy and localization) on four medical devices to empirically determine which tools and
frameworks remain usable for pentesting BLE devices. Furthermore, we analyzed which threats in our
taxonomy remain feasible. Our results show that only eight out of 21 (38%) attacks can still be carried
out. The tools and frameworks capable of conducting these attacks are mostly still maintained, emphasizing
the importance of keeping such tools and frameworks up to date for future use. Nevertheless, current BLE
pentesting requires a patchwork of multiple, often unmaintained frameworks to realize all known attacks
— this demonstrates an urgent need for a single, extensible, actively maintained framework that allows
attacks to be integrated modularly.
2025
Greß, Hannah; Demidova, Elena; Meier, Michael; Krüger, Björn
SecureNeuroAI: Advanced Security Framework for AI-Powered Multimodal Real-Time Detection of Medical Seizure Events Proceedings Article
In: Ohm, Marc (Ed.): Proceedings of the 15th graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2025), pp. 22-24, GI SIG SIDAR, Nuremberg, April, 2025, ISSN: 2190-846X.
@inproceedings{Greß2025,
title = {SecureNeuroAI: Advanced Security Framework for AI-Powered Multimodal Real-Time Detection of Medical Seizure Events},
author = {Hannah Greß and Elena Demidova and Michael Meier and Björn Krüger},
editor = {Marc Ohm},
url = {https://fg-sidar.gi.de/publikationen/sidar-reports},
issn = {2190-846X},
year = {2025},
date = {2025-05-12},
urldate = {2025-05-12},
booktitle = { Proceedings of the 15th graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2025)},
pages = {22-24},
publisher = {GI SIG SIDAR},
address = {Nuremberg, April},
abstract = {In today's interconnected world, medical devices are increasingly equipped with novel digital technologies and AI-powered methods to improve the users' quality of life.
Despite the increased possibilities and features these devices offer due to the technical progress, cyberattacks on medical devices will increase as well with possibly severe outcomes for the patients.
At the same time, AI-based technologies could help to detect and mitigate these attacks on medical systems and their data in real-time.
Therefore, our project "SecureNeuroAI" aims to detect epileptic seizures using multimodal sensor data and AI models while also considering possible cyberattacks on this system resulting in an IT-secure system.
Our results will serve as an example for future AI-supported medical devices and systems to enhance their security and to strengthen their trustworthiness towards their (future) users.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In today's interconnected world, medical devices are increasingly equipped with novel digital technologies and AI-powered methods to improve the users' quality of life.
Despite the increased possibilities and features these devices offer due to the technical progress, cyberattacks on medical devices will increase as well with possibly severe outcomes for the patients.
At the same time, AI-based technologies could help to detect and mitigate these attacks on medical systems and their data in real-time.
Therefore, our project "SecureNeuroAI" aims to detect epileptic seizures using multimodal sensor data and AI models while also considering possible cyberattacks on this system resulting in an IT-secure system.
Our results will serve as an example for future AI-supported medical devices and systems to enhance their security and to strengthen their trustworthiness towards their (future) users.
Despite the increased possibilities and features these devices offer due to the technical progress, cyberattacks on medical devices will increase as well with possibly severe outcomes for the patients.
At the same time, AI-based technologies could help to detect and mitigate these attacks on medical systems and their data in real-time.
Therefore, our project "SecureNeuroAI" aims to detect epileptic seizures using multimodal sensor data and AI models while also considering possible cyberattacks on this system resulting in an IT-secure system.
Our results will serve as an example for future AI-supported medical devices and systems to enhance their security and to strengthen their trustworthiness towards their (future) users.
Greß, Hannah; Krüger, Björn; Tischhauser, Elmar
The Newer, the More Secure? Standards-Compliant Bluetooth Low Energy Man-in-the-Middle Attacks on Fitness Trackers Journal Article
In: Sensors, vol. 25, no. 6, 2025, ISSN: 1424-8220.
@article{2025gressBT,
title = {The Newer, the More Secure? Standards-Compliant Bluetooth Low Energy Man-in-the-Middle Attacks on Fitness Trackers},
author = {Hannah Greß and Björn Krüger and Elmar Tischhauser},
url = {https://www.mdpi.com/1424-8220/25/6/1815},
doi = {10.3390/s25061815},
issn = {1424-8220},
year = {2025},
date = {2025-03-14},
urldate = {2025-01-01},
journal = {Sensors},
volume = {25},
number = {6},
abstract = {The trend in self-tracking devices has remained unabated for years. Even if they record a large quantity of sensitive data, most users are not concerned about their data being transmitted and stored in a secure way from the device via the companion app to the vendor’s server. However, the secure implementation of this chain from the manufacturer is not always given, as various publications have already shown. Therefore, we first provide an overview of attack vectors within the ecosystem of self-tracking devices. Second, we evaluate the data security of eight contemporary fitness trackers from leading vendors by applying four still partly standards-compliant Bluetooth Low-Energy Man-in-the-Middle (MitM) attacks. Our results show that the examined devices are partially vulnerable against the attacks. For most of the trackers, the manufacturers put different security measures in place. These include short and user-initiated visibility and connectivity or app-level authentication to limit the attack surface. Interestingly, newer models are more likely to be attackable, underlining the constant need for verifying the security of BLE devices, reporting found vulnerabilities, and also strengthening standards and improving security awareness among manufacturers and users. Therefore, we finish our work with recommendations and best practices for law- and regulation-makers, vendors, and users on how to strengthen the security of BLE devices.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The trend in self-tracking devices has remained unabated for years. Even if they record a large quantity of sensitive data, most users are not concerned about their data being transmitted and stored in a secure way from the device via the companion app to the vendor’s server. However, the secure implementation of this chain from the manufacturer is not always given, as various publications have already shown. Therefore, we first provide an overview of attack vectors within the ecosystem of self-tracking devices. Second, we evaluate the data security of eight contemporary fitness trackers from leading vendors by applying four still partly standards-compliant Bluetooth Low-Energy Man-in-the-Middle (MitM) attacks. Our results show that the examined devices are partially vulnerable against the attacks. For most of the trackers, the manufacturers put different security measures in place. These include short and user-initiated visibility and connectivity or app-level authentication to limit the attack surface. Interestingly, newer models are more likely to be attackable, underlining the constant need for verifying the security of BLE devices, reporting found vulnerabilities, and also strengthening standards and improving security awareness among manufacturers and users. Therefore, we finish our work with recommendations and best practices for law- and regulation-makers, vendors, and users on how to strengthen the security of BLE devices.
2024
Krüger, Björn; Weber, Christian; Müllers, Johannes; Greß, Hannah; Beyer, Franziska; Knaub, Jessica; Pukropski, Jan; Hütwohl, Daniela; Hahn, Kai; Grond, Martin; Jonas, Stephan; Surges, Rainer
Teleconsultation to Improve Epilepsy Diagnosis and Therapy Book Chapter
In: Herrmann, Wolfram J.; Leser, Ulf; Möller, Sebastian; Voigt-Antons, Jan-Niklas; Gellert, Paul (Ed.): pp. 18-23, Future-Proofing Healthcare for Older Adults Through Digitalization, 2024.
@inbook{krueger2024a,
title = {Teleconsultation to Improve Epilepsy Diagnosis and Therapy},
author = {Björn Krüger and Christian Weber and Johannes Müllers and Hannah Greß and Franziska Beyer and Jessica Knaub and Jan Pukropski and Daniela Hütwohl and Kai Hahn and Martin Grond and Stephan Jonas and Rainer Surges},
editor = {Wolfram J. Herrmann and Ulf Leser and Sebastian Möller and Jan-Niklas Voigt-Antons and Paul Gellert},
doi = {10.14279/depositonce-20417},
year = {2024},
date = {2024-08-01},
urldate = {2024-08-01},
pages = {18-23},
edition = {Future-Proofing Healthcare for Older Adults Through Digitalization},
abstract = {Teleconsultation in epileptology significantly enhances patient diagnosis and treatment, often eliminating the necessity for physical referral to a specialized clinic. In this paper, we detail the typical teleconsultation process, exploring its technical requirements and legal boundaries. Notably, we focus on the groundwork for establishing a teleconsultation specifically between the University Hospital Bonn and the Klinikum Siegen. Additionally, we provide an overview of currently implemented teleconsultations in epileptology in Germany, concluding with research questions stemming from these advancements. },
keywords = {},
pubstate = {published},
tppubtype = {inbook}
}
Teleconsultation in epileptology significantly enhances patient diagnosis and treatment, often eliminating the necessity for physical referral to a specialized clinic. In this paper, we detail the typical teleconsultation process, exploring its technical requirements and legal boundaries. Notably, we focus on the groundwork for establishing a teleconsultation specifically between the University Hospital Bonn and the Klinikum Siegen. Additionally, we provide an overview of currently implemented teleconsultations in epileptology in Germany, concluding with research questions stemming from these advancements.
Greß, Hannah; Krüger, Björn
Security of Bluetooth-capable devices in the healthcare sector Proceedings Article
In: Ohm, Marc (Ed.): Proceedings of the 14th graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2024), pp. 13-14, GI SIG SIDAR, Bonn, Germany, 2024, ISSN: 2190-846X.
@inproceedings{Greß2024,
title = {Security of Bluetooth-capable devices in the healthcare sector},
author = {Hannah Greß and Björn Krüger},
editor = {Marc Ohm},
url = {https://fg-sidar.gi.de/publikationen/sidar-reports},
issn = {2190-846X},
year = {2024},
date = {2024-06-30},
urldate = {2024-06-30},
booktitle = { Proceedings of the 14th graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2024)},
journal = {Proceedings of the 14th graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2024) },
pages = {13-14},
publisher = {GI SIG SIDAR},
address = {Bonn, Germany},
abstract = {The steady growth of Internet of Medical Things (IoMT) devices collecting, storing and transmitting sensitive data, mostly over Bluetooth Low Energy (BLE), increases also the demand to test them regarding their security. Therefore, this work aims to give an overview of already existing Bluetooth pentesting tools and frameworks, BLE specific attacks and their countermeasures as well as to develop a framework which implements all of these to fasten the security testing process of IoMT wearables.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The steady growth of Internet of Medical Things (IoMT) devices collecting, storing and transmitting sensitive data, mostly over Bluetooth Low Energy (BLE), increases also the demand to test them regarding their security. Therefore, this work aims to give an overview of already existing Bluetooth pentesting tools and frameworks, BLE specific attacks and their countermeasures as well as to develop a framework which implements all of these to fasten the security testing process of IoMT wearables.
2023
Xu, Jing; Greß, Hannah; Seefried, Sabine; van Drongelen, Stefan; Schween, Raphael; Sommer, Claudia; Endres, Dominik; Krüger, Björn; Stief, Felix
Diagnosing Rare Diseases by Movement Primitive-Based Classification of Kinematic Gait Data Proceedings
Bernstein Conference, 2023.
@proceedings{JingXu2023,
title = {Diagnosing Rare Diseases by Movement Primitive-Based Classification of Kinematic Gait Data},
author = {Jing Xu and Hannah Greß and Sabine Seefried and Stefan van Drongelen and Raphael Schween and Claudia Sommer and Dominik Endres and Björn Krüger and Felix Stief},
url = {https://abstracts.g-node.org/conference/BC23/abstracts#/uuid/31c21041-91a0-46bd-87dc-46271501fdc0},
doi = {10.12751/nncn.bc2023.313},
year = {2023},
date = {2023-01-10},
urldate = {2023-01-10},
booktitle = { Bernstein Conference 2023},
abstract = {Of over 6.000 known rare diseases, a considerable portion involves motor symptoms [1]. Whereas aiding diagnosis by artificial intelligence based on non-motor symptoms has shown promise [2], the potential of using movement data to this purpose has not yet been fully investigated. We therefore aim to implement a machine learning algorithm inspired by biological motor control to aid diagnosis of rare diseases by classifying data from standard kinematic clinical gait analysis.
Starting from 42-degrees-of-freedom time series of joint angles extracted from motion capture data with custom routines [3], we employ a Gaussian process-based temporal movement primitive algorithm [4] in order to reduce the data to sets of movement primitives and weight vectors that capture the essential characteristics of the gait movement. The primitives are participant (and disease) -independent and represent general human gait. The weights are participant-specific and thus contain disease-specific information. A weighted combination of the primitives can thus generate participant specific gait data. We then apply standard classification tools such as Support Vector Machines and Random Forests to the weights to distinguish the disease from the control gait. The primary goal is to reliably differentiate patients from age-matched controls in an existing data set on patients with Legg–Calvé–Perthes disease (LCPD). A secondary goal is to allow the classifier to expand the set of diseases using nonparametric methods such as the Dirichlet process.
Importantly, our movement primitive algorithm is inspired by current theories of biological motor control with a potential edge over standard algorithms in training on small case numbers. The temporal primitives are analogous to central pattern generators in the spinal cord [5], whereas the weights reflect activation of these central patterns by more central mechanisms in a hierarchical control scheme. In such a control scheme, disease-specific changes in weights may be caused directly by disease-specific influences on neural signaling, such as in the Stiff Person Syndrome [6], or indirectly through pain-avoidance in orthopedic conditions such as LCPD.
With further development, our approach holds potential for facilitating early detection and improving treatment strategies across a wide range of rare movement disorders and orthopedic conditions.},
howpublished = {Bernstein Conference},
keywords = {},
pubstate = {published},
tppubtype = {proceedings}
}
Of over 6.000 known rare diseases, a considerable portion involves motor symptoms [1]. Whereas aiding diagnosis by artificial intelligence based on non-motor symptoms has shown promise [2], the potential of using movement data to this purpose has not yet been fully investigated. We therefore aim to implement a machine learning algorithm inspired by biological motor control to aid diagnosis of rare diseases by classifying data from standard kinematic clinical gait analysis.
Starting from 42-degrees-of-freedom time series of joint angles extracted from motion capture data with custom routines [3], we employ a Gaussian process-based temporal movement primitive algorithm [4] in order to reduce the data to sets of movement primitives and weight vectors that capture the essential characteristics of the gait movement. The primitives are participant (and disease) -independent and represent general human gait. The weights are participant-specific and thus contain disease-specific information. A weighted combination of the primitives can thus generate participant specific gait data. We then apply standard classification tools such as Support Vector Machines and Random Forests to the weights to distinguish the disease from the control gait. The primary goal is to reliably differentiate patients from age-matched controls in an existing data set on patients with Legg–Calvé–Perthes disease (LCPD). A secondary goal is to allow the classifier to expand the set of diseases using nonparametric methods such as the Dirichlet process.
Importantly, our movement primitive algorithm is inspired by current theories of biological motor control with a potential edge over standard algorithms in training on small case numbers. The temporal primitives are analogous to central pattern generators in the spinal cord [5], whereas the weights reflect activation of these central patterns by more central mechanisms in a hierarchical control scheme. In such a control scheme, disease-specific changes in weights may be caused directly by disease-specific influences on neural signaling, such as in the Stiff Person Syndrome [6], or indirectly through pain-avoidance in orthopedic conditions such as LCPD.
With further development, our approach holds potential for facilitating early detection and improving treatment strategies across a wide range of rare movement disorders and orthopedic conditions.
Starting from 42-degrees-of-freedom time series of joint angles extracted from motion capture data with custom routines [3], we employ a Gaussian process-based temporal movement primitive algorithm [4] in order to reduce the data to sets of movement primitives and weight vectors that capture the essential characteristics of the gait movement. The primitives are participant (and disease) -independent and represent general human gait. The weights are participant-specific and thus contain disease-specific information. A weighted combination of the primitives can thus generate participant specific gait data. We then apply standard classification tools such as Support Vector Machines and Random Forests to the weights to distinguish the disease from the control gait. The primary goal is to reliably differentiate patients from age-matched controls in an existing data set on patients with Legg–Calvé–Perthes disease (LCPD). A secondary goal is to allow the classifier to expand the set of diseases using nonparametric methods such as the Dirichlet process.
Importantly, our movement primitive algorithm is inspired by current theories of biological motor control with a potential edge over standard algorithms in training on small case numbers. The temporal primitives are analogous to central pattern generators in the spinal cord [5], whereas the weights reflect activation of these central patterns by more central mechanisms in a hierarchical control scheme. In such a control scheme, disease-specific changes in weights may be caused directly by disease-specific influences on neural signaling, such as in the Stiff Person Syndrome [6], or indirectly through pain-avoidance in orthopedic conditions such as LCPD.
With further development, our approach holds potential for facilitating early detection and improving treatment strategies across a wide range of rare movement disorders and orthopedic conditions.