Sending passwords securely…through your body
We all know the risks of sending passwords over Wi-Fi connections. Researchers at the University of Washington have come up with a way to avoid that hazard by sending passwords through the human body, beyond the reach of wireless sniffers.
Better yet, the password technology doesn’t require any new hardware. It works using the hardware already available on most smartphones and notebooks.
According to Vikram Iyer, a doctoral student in electrical engineering, the idea arose when he was “playing around in the lab” with an iPhone’s fingerprint sensor.
“I had been reading about signals that are produced by a lot of the devices that we use,” Iyer said. The iPhone fingerprint sensor, he said, was actually producing a consistent and reliable signal. “Then we started investigating some other devices -- a couple of other fingerprint sensors and some touchpads on laptops,” he said. “We found that [the signal] was pretty consistent, and it traveled well through the body.”
Specifically, the team found that fingerprint sensors and touchpads generate signals in the 2 to 10 MHz range, which travel well through the body but don’t transmit through the air.
Next, Iyer and his colleagues found that they could control the low-frequency “noise” of the fingerprint sensor to send an authentication code through the user’s body to, say, a smart lock on a door. When the user touches the door knob, the authenticating information passes from the phone to the user’s body to the lock.
A hacker would have to tap into the user’s body to pick up the password. Besides securing facilities, the team suggested the technology could be used to control access to wearable medical devices.
The team has not yet taken any steps to create a product for the market, though according to Iyer there is certainly interest in doing so.
This technology is that it doesn’t require manufacturers to build or add any other components that take up space and use power. “One of the big advantages is that we’re reusing a component that is already built into a lot of phones,” Iyer said.
Posted by Patrick Marshall on Oct 14, 2016 at 10:09 AM