Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lego Robots Crack Gesture-Based Security (vice.com)

Posted by EditorDavid on from the mental-blocks dept.

An anonymous reader writes: Lego Robots outfitted with a "finger" made from molded Play-Doh were able to bypass seven different gesture-based security systems at least 70% of the time, according to a new study funded by DARPA. Gestural ID systems "tend to take a rosy view of the security world in which hackers attempt to breach such defenses via crude impersonation," reports Vice, which notes that the systems now turn out to be far less reliable against automated attacks using a careful "forgery" of a user's gestures.

DARPA titled their report "Robotic Robbery on the Touch Screen," writing that it "demonstrates the threat that robots pose to touch-based authentication, and provides compelling evidence as to why the zero-effort attack should cease to be used as the benchmark for touch-based authentication systems."

13 comments

  1. So they . . . by Anonymous Coward · · Score: 1

    . . . gave gesture-based security the finger . . .

    1. Re: So they . . . by Anonymous Coward · · Score: 0

      Different AC because I'm too lazy to log in on my pfone but, basically... Yes

    2. Re:So they . . . by davester666 · · Score: 1

      somewhere, there is a chick going "let's see what else this finger can do..."

      --
      Sleep your way to a whiter smile...date a dentist!
  2. These robots? by Anonymous Coward · · Score: 0

    Lego robots

    1. Re:These robots? by LifesABeach · · Score: 1

      "These are not the Legos we're looking for." apologies to Lucus

  3. Priority by Anonymous Coward · · Score: 0

    ... a careful "forgery" ...

    Does this mean the robot already had the key? I don't want to enter a 30-stroke gesture into my mobile device every 5 minutes, so of course, the screen-saver login is easy to copy. The point is, it stops immediate tampering and makes the benefit of stealing it, much lower, since immediate gratification is not possible.

  4. New shiny by Livius · · Score: 1

    This kind of tech always struck me as more about a cool technology than about security. I can't flawlessly imitate another person's gait any more than I can magically change my fingerprints to match theirs, but that's very different from circumventing the technology with another, perhaps low-tech, solution. (I believe James Bond did fake fingerprints back in the '60s or '70s.)

  5. Lock up those robots! And the "researchers" too! by Anonymous Coward · · Score: 0

    Because they are obviously "hackers", by their own admission. They belong in jail! It's the law!

  6. Re:Lock up those robots! And the "researchers" too by Anonymous Coward · · Score: 0

    "I, for one, welcome our new Lego robot overlords..."

  7. "Gesture ID" was invented by retards for retards by Anonymous Coward · · Score: 0

    If people are too stupid to simply WRITE DOWN A PASSWORD in a pocket book, then tough luck. Anybody can create a very secure password of about 15 - 20 letters just by writing random words down, add a random number here and there, and that's it, it's as secure as it needs to be. Why don't people write down their passwords in a pocket book? If somebody breaks into your house (highly unlikely), they are highly unlikely to start reading through a notebook that is stuffed in your drawer by your desk, why would they? They are going to look for goods they can sell, and money, and that's it. So it's almost completely safe.

  8. Re:Lock up those robots! And the "researchers" too by LifesABeach · · Score: 1

    The irony is that DARPA makes a statement, "...demonstrates the threat that robots pose..." and nobody sees the Racism?

  9. Rule 34 to kick-in any time now. by DrYak · · Score: 1

    Japanese hardware maker announcing an "adult-toy" version of the finger-bot (complete with pink color scheme) coming in
    3...
    2...
    1...

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  10. Different case of touch-identity by DrYak · · Score: 2

    According to TFA, it's not about the "connect-the-dots" gestures used to unlock the screen saver.
    It's a different type of touch-identification in play here.

    It's about the phone continuously monitoring how you touch the screen and thus how you move your hands and wrists (think the touch-screen equivalent of calligraphy).
    It makes the phone able to create a model of the users motions. (Think the touch-screen equivalent of forensic graphanalysis)
    If the phone notice a sudden change in style (touch-screen equivalent of change of "hand") chance are high that it's someone new/different handling the phone.

    In this case, the finger-bot clicks where you ask it to click, but does it in a style that reminds the phone of its original user (think the touch-screen equivalent of signature forging).
    So the phone doesn't notice that an unauthorised user is using it, because the lego finger-bot copies the style of the legitimate user.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]