Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Develop System To Send Passwords, Keys Through Users' Bodies (onthewire.io)

Posted by BeauHD on from the human-contact dept.

Trailrunner7 quotes a report from On the Wire: Credential theft is one of the more persistent and troubling threats in security, and researchers have been trying to come up with answers to it for decades. A team at the University of Washington has developed a system that can prevent attackers from intercepting passwords and keys sent over the air by sending them through users' bodies instead. The human body is a good transmission mechanism for certain kinds of waves, and the UW researchers were looking for a way to take advantage of that fact to communicate authentication information from a user's phone directly to a target device, such as a door knob or medical device. In order to make that idea a reality, they needed to develop a system that could be in direct contact with the user's body, and could produce electromagnetic signals below 10 MHz. And to make the system usable for a mass audience, the team needed widely available hardware that could generate and transmit the signals. So the researchers settled on the fingerprint sensor on iPhones and the touchpad on Lenovo laptops, as well as a fingerprint scanner and a touchpad from Adafruit. The concept is deceptively simple: generate an electromagnetic signal from the fingerprint sensor or touchpad and transmit that through the user's body to the target device. The signal can carry a typical password or even an encryption key, the researchers said. "We show for the first time that commodity devices can be used to generate wireless data transmissions that are confined to the human body. Specifically, we show that commodity input devices such as fingerprint sensors and touchpads can be used to transmit information to only wireless receivers that are in contact with the body," the researchers, Mehrdad Hessar, Vikram Iyer, and Shyamnath Gollakota, of UW said in their paper, "Enabling On-Body Transmissions With Commodity Devices."

61 comments

  1. How does that solve anything? by Anonymous Coward · · Score: 1

    I would just have to steal the phone and use my body and voilÃ, I'm in. If the body and the state of the body (distress) aren't part of the authentication this is useless

    1. Re:How does that solve anything? by Anonymous Coward · · Score: 0

      Hmm, if it catches on, then I can reduce my supermarket grocery bill significantly by charging everything to the sucker at the end of the line...

    2. Re:How does that solve anything? by bondsbw · · Score: 3, Insightful

      It's not about adding security. It's about making security convenient.

      --
      All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
    3. Re: How does that solve anything? by Anonymous Coward · · Score: 0

      Convenient if the FBI (or someone else) wants to break into your phone and doesn't know the password. Biometrics, making everyone's life easier by reducing the barriers og breaking encryption. Yay.

    4. Re:How does that solve anything? by noodler · · Score: 1

      This works by turning your body into an antenna. It's convenient all right. But secure?

  2. what possibly could go wrong by Anonymous Coward · · Score: 0

    while neat, now they just don't need to rob your wallet, they also need to rape you.

    1. Re:what possibly could go wrong by Tablizer · · Score: 2

      "Mr. Jobs, you are hugging me wrong!"

      --
      Table-ized A.I.
    2. Re:what possibly could go wrong by mrbester · · Score: 1

      "Show me on the doll where the authenticator touched you."

      --
      "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
    3. Re:what possibly could go wrong by BlueStrat · · Score: 1

      "Show me on the doll where the authenticator touched you."

      Future News:

      "With the rapidly growing use of this new means of transmitting data, the US government embarks today on a program of mass alteration of the human genome through the release of artificial viruses for targeted DNA mutation to make human bodies CALEA-compliant as is the law for all mass communications systems. SCOTUS rules LEO roadside 'reach-arounds' a 'valid data-gathering investigatory method'. Video at 11."

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
  3. And they call it... by Anonymous Coward · · Score: 2, Insightful

    ELECTRICITY. It's a new term that describes using pulses of electrons sent through the sender's body to a receiver that can "decode" the pulses of electrons into data sets.

    In a related story, researchers find a means to unlock energy potential in static objects such as rocks and trees. They are tentatively calling this process "fire".

    1. Re:And they call it... by Anonymous Coward · · Score: 1

      Old news! Back in the 1960s we used to send passwords back and forth between mainframe rooms via a system of coded farts and intermittent days of not wearing deodorant. It was effective, to this day no one has caught onto it!

    2. Re:And they call it... by Anonymous Coward · · Score: 0

      They indicate the frequency is less than 10MHz. Well, audio frequency sure fits the bill. I can just hear it now. In a low voice straight from those old TV game shows, the device could say something like

      "The secret word is 'refrigerator'"

    3. Re:And they call it... by skids · · Score: 1

      Why do they call this wireless, for that matter... it's not even a good word for marketing anymore. Maybe something catchy like "MeatWire"?

      --
      Someone had to do it.
  4. ...using various species of digestive tract flora. by Anonymous Coward · · Score: 0

    That's right. By passing various fecal gases in the exact proper order, an individiual will have a unique, convenient biometric encryption key, provided that he maintains a regular diet of beans and cabbage. Breaking the encryption is only possible after an FMT and changes to the diet.

  5. Hands Across America! by Required+Snark · · Score: 2

    A whole new way to reach out and touch some one.

    --
    Why is Snark Required?
  6. I'm stunned by Tablizer · · Score: 1

    Shocking news!

    --
    Table-ized A.I.
  7. I don't want a smartphone by the_Bionic_lemming · · Score: 0

    Can I just pay with cash ?

    Not all of us want to be tethered by a mark. Which coincidentally is exactly what the bible predicted. And Orwell.

    --
    _ _ _ Go for the eyes Boo! GO FOR THE EYES!
    1. Re:I don't want a smartphone by Chrontius · · Score: 2

      Too late - it's called a credit score.

    2. Re:I don't want a smartphone by the_Bionic_lemming · · Score: 1

      how does that affect cash?

      --
      _ _ _ Go for the eyes Boo! GO FOR THE EYES!
    3. Re:I don't want a smartphone by Anonymous Coward · · Score: 0

      Increasingly, it affects many peoples' ability to secure or retain employment, which tends to have a direct impact on access to cash. -PCP

      Captcha: expunge

  8. Absolutely nothing can go wrong here. by Anonymous Coward · · Score: 0

    I personally have zero concerns about a culture where every time I touch a freaking doorknob it gets logged by Google et. al.

  9. Low Level Electromagnetic Fields by Anonymous Coward · · Score: 0

    Low level electromagnetic fields cause cancer, especially to younger kids. Scientists aren't sure why, but the studies are too highly correlated to ignore. I'm not sure what level is low-level, but I figured I should toss this info out there. Does anyone know more info about it?

    1. Re:Low Level Electromagnetic Fields by Shane_Optima · · Score: 3, Informative

      Does anyone know more info about it?

      Yes, I do recall having read something somewhere about it being total bullshit.

      But wait, there's this new study I heard about...

      If there does turn out to be a small link, I'll be shocked if the risk is going to be too minuscule to obsess over. People only care about cell phones causing cancer because invisible EM / radio waves are freaky. It's weird magical stuff flying through the air that I can't see or hear or smell --> We need to be paranoid about it. That is the basis of the concern over non-ionizing EM causing cancer. Here are a list of things that we're almost certain cause cancer:

      * Barbecued food with any black "grill marks" or other carbonization on it.
      * Smoked foods
      * Regularly being around lit candles
      * Being around a lit fireplace, even if it's just occasionally.
      * Drinking your coffee (or any other drink/food) while it's too hot.
      * The sun--anything over the minimum amount required for your body to manufacture the vitamin D you need (just a few minutes per day, at least for lower-melanin people in lower latitudes).

      * Possibly anything that causes prolonged or repeated inflammation.


      I'm not saying you shouldn't worry about your kids or err on the side of caution, but if you aren't at all concerned about everything on the above list... don't kid yourself. You're not a safe, informed conscientious parent. You're simply unduly afraid of what you don't understand.

    2. Re:Low Level Electromagnetic Fields by evilviper · · Score: 1

      People only care about cell phones causing cancer because invisible EM / radio waves are freaky. It's weird magical stuff flying through the air that I can't see or hear or smell --> We need to be paranoid about it. That is the basis of the concern over non-ionizing EM causing cancer.

      I'd say the biggest reason people are afraid of it is because it's commonly called EM "radiation". Radiation is unfortunately the same term used to describe those dangerous alpha/beta/gamma rays. And the term isn't ever used to refer to other common radiation sources people are more familiar with... like the lights in their homes.

      --
      Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
    3. Re:Low Level Electromagnetic Fields by burtosis · · Score: 1

      You're simply not afraid of what you think you understand to be harmless

      Fixed that for you. Most people are unduly afraid of many things they don't understand like gluten in foods (for people without celiac or an actual allergy). Most people also are terrible at risk assessment and minimizing risk; most everyone thinks actuarials are boring and serve a nearly pointless function. Reality is always what you believe it to be, it's a basic tautology. However when that perceived reality does not line up with what is actually real, something few people are taught since birth is extremely important, that's when the massive inadvertent harm really starts.

    4. Re:Low Level Electromagnetic Fields by Anonymous Coward · · Score: 0

      Right, but I sure do sleep better knowing I've gotten rid of my radiant heating.

    5. Re:Low Level Electromagnetic Fields by Anonymous Coward · · Score: 0

      Me too! And I now have cats that surround me at night- pinning me warmly in place.

      Oddly enough, the cats are solar powered, (so I wonder if they radiate onto me at night?). News at 11!

  10. Ob. MIB by Jeremi · · Score: 4, Funny

    Slashdotter: You want my passwords? You'll only get them over my dead body!
    Researchers: Your terms are acceptable.

    --


    I don't care if it's 90,000 hectares. That lake was not my doing.
    1. Re: Ob. MIB by Anonymous Coward · · Score: 0

      Just have the device be a cock ring and instead of scanning a finger scan your dick! Nobody has ever wanted to mess with nerd dick so we're safe now.

    2. Re: Ob. MIB by Anonymous Coward · · Score: 0

      And the dick must be hard (and right temp, pulse, etc) for the cock ring keystore to submit a key. Making it a bit more difficult to compromise than a fingerprint. Of course normal operation by the wearer is a bit different.

    3. Re: Ob. MIB by noodler · · Score: 1

      If you really want to take it to the next level tho you'd encode the messages into haploid DNA...

  11. Sun presented that years ago by Casandro · · Score: 1

    They had a "Java ring" which used that technology to communicate with others. That way you could exchange contact information just by shaking hands with someone.

    In reality this isn't constrained to ones body, just like coaxial cables you do have a certain leakage to the outside.

    1. Re:Sun presented that years ago by Casandro · · Score: 1

      Actually the big advantage would be if you didn't actually transmit the password, but had some public key authentication scheme... unfortunately browser vendors care more about binary Javascript and USB access from the browser than making client side TLS authentication usable.

  12. yawn by Anonymous Coward · · Score: 0

    Not all of us want to be tethered by a mark. Which coincidentally is exactly what the bible predicted..

    Assuming you're old enough, what do you call your Smallpox scar?
    And if you're not old enough, what do you call your your parents' and/or your grandparents' smallpox scars?

    Looks like a mark to me. And let's see... it happened because scientists played God on a global scale to interfere with one of God's purposely designed wraths.
    Either you're already marked, or you're the evil incarnate offspring of marked heathen parents.

    Checkmate.

    1. Re:yawn by the_Bionic_lemming · · Score: 1

      My guess is you're young.

      Had the vaccination, but years later? No scar.

      if you're not young, go look for it.

      And yes, you called it.

      You have been checkmated.

      --
      _ _ _ Go for the eyes Boo! GO FOR THE EYES!
  13. Privates Exchange Public Keys by wasteoid · · Score: 1

    Which exchange bitcoin in real-time as services are rendering.

  14. Dammit, I shit my password. Now what? by Anonymous Coward · · Score: 0

    I guess it will make brute forcing that much more... gross...

  15. just cant get it out of my head by dimko · · Score: 1

    Anal probe validator, South Park style.

  16. News Flash by DJ+Jones · · Score: 2

    We show for the first time that commodity devices can be used to generate wireless data transmissions that are confined to the human body

    This isn't "wireless" you've simply turned the human body into a "wire" and no, this isn't the first time that's been done.

    See: Texas' criminal sentencing laws for murder...

    1. Re:News Flash by Anonymous Coward · · Score: 0

      I too, took issue with the use of the term 'wireless'.

    2. Re:News Flash by TexNex · · Score: 1

      Also see: SONET

  17. Re:Ob. MIB. ISIL by Anonymous Coward · · Score: 0

    I wonder if ISIS-Daesh is not beheading people on YT because they are psycho medieval brutes, but rather they are hackers harvesting passwords from the infidels?

  18. This is not new - done years ago by Anonymous Coward · · Score: 0

    Look up Microchip Bodycom doing exactly this about 3 years ago.

  19. Also light can be used! by LordHighExecutioner · · Score: 1

    Eat your password, wait a couple of hours, then OCR the output.

  20. Not new. Not high tech. by ze_jua · · Score: 1

    Saw something like this about 15+ years ago on a mainstream TV (France2).

    At this time, it was scientists at IBM who transmitted non secret data while shaking hands.

    ~Same L1. Nothing new.

  21. Does not replace crypto by Anonymous Coward · · Score: 0

    I'm sure this can be picked up at a distance with enough effort. Maybe more difficult than NFC, but I'd still not want to transmit a cleartext password / shared secret over it. So manufacturers should bite the bullet and include crypto anyway. Hopefully there will be a standard soon, as it's hard to implement anything from cryptographic primitives and do it well.

  22. Let's put data in it. by Anonymous Coward · · Score: 0

    That's what happens when scientists discover physical contact.

    Imagine what we will have when they discover sex... :-)

  23. just cant get it out of my head: 666 by Anonymous Coward · · Score: 0

    "Out of your head"? That's about were the Mark Of The Beast goes. This invention completes the puzzle. Wanna do business? Shake my hand, the chip will do the rest.

  24. I can see an attack vector to this scheme... by garompeta · · Score: 1

    ...shall be called Man WITHIN the middle attacks.

    1. Re:I can see an attack vector to this scheme... by sconeu · · Score: 1

      Or perhaps (for any simulation geeks out there): Human in the Loop

      --
      General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
  25. Bad idea by Anonymous Coward · · Score: 0

    It will cause cancer, you just wait.

  26. Huh? by Ol+Olsoc · · Score: 1
    RFID is new?

    As well, they conveniently left out the word "chipped". This is just installing chips in people.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  27. welcome to 2005.... by Lumpy · · Score: 1

    That Starner had a system like that already in place at MIT for his wearables research he called it PAN (the first real use of PAN) and ad it via touch.

    --
    Do not look at laser with remaining good eye.
  28. So, I've been sharing my DNA for years by jsepeta · · Score: 1

    Hey baby, come get some of my dead skin cells. Oh yeah.

    --
    Remember kids, if you're not paying for the service, YOU ARE THE PRODUCT THAT IS BEING SOLD.
  29. Steal it, rather get near it by raymorris · · Score: 1

    This could have advantages over NFC and similar short-range communications. Someone can read an NFC chip in gour wallet by simply standing behind you in a crowded place. This would require direct contact with skin, rather than only being nearby.

        Your smart watch could authenticate you to a fingerprint reader, with little risk that someone standing next to you could eavesdrop, because the signal goes through your flesh, not through the air.

    1. Re:Steal it, rather get near it by Anonymous Coward · · Score: 0

      Not just direct contact with skin, but direct contact with skin, while you are using the device.

      Or, just stealing the device.

  30. We already have this by Anonymous Coward · · Score: 0

    It's called a shotgun!

  31. This is how it starts by Anonymous Coward · · Score: 0

    The mark of the beast!

  32. IBM did this in the 80's by thinkwaitfast · · Score: 1
    back when business cards were the big thing.

    *yawn*

  33. Challenge and response by drolli · · Score: 1

    Well i would think it's ok to treat this like any other insecure channel an transmit challenge and response.

    But for sure not a cryptographic key.