Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security Communications Earth Network Privacy The Internet News Science Hardware Technology

Researchers Develop System To Send Passwords, Keys Through Users' Bodies (onthewire.io) 61

Trailrunner7 quotes a report from On the Wire: Credential theft is one of the more persistent and troubling threats in security, and researchers have been trying to come up with answers to it for decades. A team at the University of Washington has developed a system that can prevent attackers from intercepting passwords and keys sent over the air by sending them through users' bodies instead. The human body is a good transmission mechanism for certain kinds of waves, and the UW researchers were looking for a way to take advantage of that fact to communicate authentication information from a user's phone directly to a target device, such as a door knob or medical device. In order to make that idea a reality, they needed to develop a system that could be in direct contact with the user's body, and could produce electromagnetic signals below 10 MHz. And to make the system usable for a mass audience, the team needed widely available hardware that could generate and transmit the signals. So the researchers settled on the fingerprint sensor on iPhones and the touchpad on Lenovo laptops, as well as a fingerprint scanner and a touchpad from Adafruit. The concept is deceptively simple: generate an electromagnetic signal from the fingerprint sensor or touchpad and transmit that through the user's body to the target device. The signal can carry a typical password or even an encryption key, the researchers said. "We show for the first time that commodity devices can be used to generate wireless data transmissions that are confined to the human body. Specifically, we show that commodity input devices such as fingerprint sensors and touchpads can be used to transmit information to only wireless receivers that are in contact with the body," the researchers, Mehrdad Hessar, Vikram Iyer, and Shyamnath Gollakota, of UW said in their paper, "Enabling On-Body Transmissions With Commodity Devices."
This discussion has been archived. No new comments can be posted.

Researchers Develop System To Send Passwords, Keys Through Users' Bodies

Comments Filter:
  • by Anonymous Coward

    I would just have to steal the phone and use my body and voilÃ, I'm in. If the body and the state of the body (distress) aren't part of the authentication this is useless

    • by bondsbw ( 888959 ) on Tuesday October 04, 2016 @01:06AM (#53009187)

      It's not about adding security. It's about making security convenient.

      • by noodler ( 724788 )

        This works by turning your body into an antenna. It's convenient all right. But secure?

    • This could have advantages over NFC and similar short-range communications. Someone can read an NFC chip in gour wallet by simply standing behind you in a crowded place. This would require direct contact with skin, rather than only being nearby.

          Your smart watch could authenticate you to a fingerprint reader, with little risk that someone standing next to you could eavesdrop, because the signal goes through your flesh, not through the air.

  • by Anonymous Coward

    ELECTRICITY. It's a new term that describes using pulses of electrons sent through the sender's body to a receiver that can "decode" the pulses of electrons into data sets.

    In a related story, researchers find a means to unlock energy potential in static objects such as rocks and trees. They are tentatively calling this process "fire".

    • by Anonymous Coward

      Old news! Back in the 1960s we used to send passwords back and forth between mainframe rooms via a system of coded farts and intermittent days of not wearing deodorant. It was effective, to this day no one has caught onto it!

    • by skids ( 119237 )

      Why do they call this wireless, for that matter... it's not even a good word for marketing anymore. Maybe something catchy like "MeatWire"?

  • by Required Snark ( 1702878 ) on Monday October 03, 2016 @10:58PM (#53008843)
    A whole new way to reach out and touch some one.
  • Shocking news!

  • Ob. MIB (Score:5, Funny)

    by Jeremi ( 14640 ) on Monday October 03, 2016 @11:50PM (#53008995) Homepage

    Slashdotter: You want my passwords? You'll only get them over my dead body!
    Researchers: Your terms are acceptable.

  • They had a "Java ring" which used that technology to communicate with others. That way you could exchange contact information just by shaking hands with someone.

    In reality this isn't constrained to ones body, just like coaxial cables you do have a certain leakage to the outside.

    • Actually the big advantage would be if you didn't actually transmit the password, but had some public key authentication scheme... unfortunately browser vendors care more about binary Javascript and USB access from the browser than making client side TLS authentication usable.

  • Which exchange bitcoin in real-time as services are rendering.
  • Anal probe validator, South Park style.
  • by DJ Jones ( 997846 ) on Tuesday October 04, 2016 @03:02AM (#53009415) Homepage

    We show for the first time that commodity devices can be used to generate wireless data transmissions that are confined to the human body

    This isn't "wireless" you've simply turned the human body into a "wire" and no, this isn't the first time that's been done.

    See: Texas' criminal sentencing laws for murder...

  • Eat your password, wait a couple of hours, then OCR the output.
  • Saw something like this about 15+ years ago on a mainstream TV (France2).

    At this time, it was scientists at IBM who transmitted non secret data while shaking hands.

    ~Same L1. Nothing new.

  • ...shall be called Man WITHIN the middle attacks.
  • RFID is new?

    As well, they conveniently left out the word "chipped". This is just installing chips in people.

  • That Starner had a system like that already in place at MIT for his wearables research he called it PAN (the first real use of PAN) and ad it via touch.

  • Hey baby, come get some of my dead skin cells. Oh yeah.

  • back when business cards were the big thing.

    *yawn*

  • Well i would think it's ok to treat this like any other insecure channel an transmit challenge and response.

    But for sure not a cryptographic key.

I am a computer. I am dumber than any human and smarter than any administrator.

Working...