U.S. Markets closed

Transmitting passwords through the human body could help defeat hackers

Luke Dormehl
Computer scientists at New York University and Michigan State have been working on developing digital “master prints," capable of tricking a variety of fingerprint sensors. Here is how they work.

With connected technologies extending beyond our computers and into medical wearable devices, smart locks on our houses, and more, it makes sense password security is more important than ever.

Unfortunately, the reality is that this is not always the case.

“We all use passwords and passcodes to initiate transmission between devices using Bluetooth and Wi-Fi,” Shyam Gollakota, assistant professor in the Department of Computer Science and Engineering at the University of Washington, told Digital Trends. “But a big problem with this kind of wireless technology is that they broadcast over the air, which means a hacker could be located close by and access whichever transmissions are taking place. From that, they can then reverse-engineer a way to find our your password.”

What Gollakota and fellow researchers have come up with is a proof of concept that could serve as an ingenious solution to this problem. Their work involves sending secure passwords through the human body itself, using low-frequency transmissions generated by fingerprint sensors on smartphones and other consumer devices.

Related: Meet Danger Drone – a flying computer designed to hack into all your unprotected devices

Such on-body transmissions rely on actual connectivity, so that a person unlocking the door to their smart home would have to physically grip their doorknob with one hand, while touching their phone’s fingerprint sensor with the other. The result is that no information is sent wirelessly through the air.

In tests, the team was able to demonstrate their technique using the Touch ID sensor on an iPhone, the trackpad on a Lenovo laptop, and various other fingerprint readers. It was also shown to work with people of different heights, weights and body types — and with users who were in motion.

“The only way this wouldn’t be secure is if there was someone physically touching your body as you entered your password, which would be inconvenient for a hacker and would be very noticeable for the user,” Gollakota said.

The work is described in a paper presented earlier this month at the 2016 Association for Computing Machinery’s International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp 2016) in Germany.

The researchers work has not finished yet, however. “What we’re exploring right now is whether we can use this concept to achieve higher data rates,” Gollakota said. At present, the team has achieved a data transfer rate of 50 bits per second for laptop trackpads and 25 bits per second for smartphone fingerprint sensors. This is good enough for sending a simple password or numerical code, but no more than that.

“Our idea is that it should be possible, instead of sending a password which can then be used to access a particular document, that you could potentially one day transfer a whole document in this way,” he said.

Pretty impressive stuff, even if the idea of holding hands with our boss to transfer a particularly sensitive file sounds like it has a fair bit of embarrassment potential.