Lego Robots Crack Gesture-Based Security (vice.com)

← Back to Stories (view on slashdot.org)

Lego Robots Crack Gesture-Based Security (vice.com)

Posted by EditorDavid on Sunday May 8, 2016 @09:30AM from the mental-blocks dept.

An anonymous reader writes: Lego Robots outfitted with a "finger" made from molded Play-Doh were able to bypass seven different gesture-based security systems at least 70% of the time, according to a new study funded by DARPA. Gestural ID systems "tend to take a rosy view of the security world in which hackers attempt to breach such defenses via crude impersonation," reports Vice, which notes that the systems now turn out to be far less reliable against automated attacks using a careful "forgery" of a user's gestures.

DARPA titled their report "Robotic Robbery on the Touch Screen," writing that it "demonstrates the threat that robots pose to touch-based authentication, and provides compelling evidence as to why the zero-effort attack should cease to be used as the benchmark for touch-based authentication systems."

7 of 13 comments (clear)

Min score:

Reason:

Sort:

So they . . . by Anonymous Coward · 2016-05-08 09:52 · Score: 1

. . . gave gesture-based security the finger . . .
1. Re:So they . . . by davester666 · 2016-05-08 17:10 · Score: 1
  
  somewhere, there is a chick going "let's see what else this finger can do..."
  
  --
  Sleep your way to a whiter smile...date a dentist!
New shiny by Livius · 2016-05-08 13:56 · Score: 1

This kind of tech always struck me as more about a cool technology than about security. I can't flawlessly imitate another person's gait any more than I can magically change my fingerprints to match theirs, but that's very different from circumventing the technology with another, perhaps low-tech, solution. (I believe James Bond did fake fingerprints back in the '60s or '70s.)
Re:These robots? by LifesABeach · 2016-05-09 00:22 · Score: 1

"These are not the Legos we're looking for." apologies to Lucus
Re:Lock up those robots! And the "researchers" too by LifesABeach · 2016-05-09 00:25 · Score: 1

The irony is that DARPA makes a statement, "...demonstrates the threat that robots pose..." and nobody sees the Racism?
Rule 34 to kick-in any time now. by DrYak · 2016-05-09 01:47 · Score: 1

Japanese hardware maker announcing an "adult-toy" version of the finger-bot (complete with pink color scheme) coming in
3...
2...
1...

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Different case of touch-identity by DrYak · 2016-05-09 01:54 · Score: 2

According to TFA, it's not about the "connect-the-dots" gestures used to unlock the screen saver.
It's a different type of touch-identification in play here.
It's about the phone continuously monitoring how you touch the screen and thus how you move your hands and wrists (think the touch-screen equivalent of calligraphy).
It makes the phone able to create a model of the users motions. (Think the touch-screen equivalent of forensic graphanalysis)
If the phone notice a sudden change in style (touch-screen equivalent of change of "hand") chance are high that it's someone new/different handling the phone.
In this case, the finger-bot clicks where you ask it to click, but does it in a style that reminds the phone of its original user (think the touch-screen equivalent of signature forging).
So the phone doesn't notice that an unauthorised user is using it, because the lego finger-bot copies the style of the legitimate user.

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]