Researchers Develop System To Send Passwords, Keys Through Users' Bodies (onthewire.io) 61
Trailrunner7 quotes a report from On the Wire: Credential theft is one of the more persistent and troubling threats in security, and researchers have been trying to come up with answers to it for decades. A team at the University of Washington has developed a system that can prevent attackers from intercepting passwords and keys sent over the air by sending them through users' bodies instead. The human body is a good transmission mechanism for certain kinds of waves, and the UW researchers were looking for a way to take advantage of that fact to communicate authentication information from a user's phone directly to a target device, such as a door knob or medical device. In order to make that idea a reality, they needed to develop a system that could be in direct contact with the user's body, and could produce electromagnetic signals below 10 MHz. And to make the system usable for a mass audience, the team needed widely available hardware that could generate and transmit the signals. So the researchers settled on the fingerprint sensor on iPhones and the touchpad on Lenovo laptops, as well as a fingerprint scanner and a touchpad from Adafruit. The concept is deceptively simple: generate an electromagnetic signal from the fingerprint sensor or touchpad and transmit that through the user's body to the target device. The signal can carry a typical password or even an encryption key, the researchers said. "We show for the first time that commodity devices can be used to generate wireless data transmissions that are confined to the human body. Specifically, we show that commodity input devices such as fingerprint sensors and touchpads can be used to transmit information to only wireless receivers that are in contact with the body," the researchers, Mehrdad Hessar, Vikram Iyer, and Shyamnath Gollakota, of UW said in their paper, "Enabling On-Body Transmissions With Commodity Devices."
How does that solve anything? (Score:1)
I would just have to steal the phone and use my body and voilÃ, I'm in. If the body and the state of the body (distress) aren't part of the authentication this is useless
Re:How does that solve anything? (Score:4, Insightful)
It's not about adding security. It's about making security convenient.
Re: (Score:1)
This works by turning your body into an antenna. It's convenient all right. But secure?
Steal it, rather get near it (Score:2)
This could have advantages over NFC and similar short-range communications. Someone can read an NFC chip in gour wallet by simply standing behind you in a crowded place. This would require direct contact with skin, rather than only being nearby.
Your smart watch could authenticate you to a fingerprint reader, with little risk that someone standing next to you could eavesdrop, because the signal goes through your flesh, not through the air.
Re: (Score:2)
"Mr. Jobs, you are hugging me wrong!"
Re: (Score:1)
"Show me on the doll where the authenticator touched you."
Re: (Score:2)
"Show me on the doll where the authenticator touched you."
Future News:
"With the rapidly growing use of this new means of transmitting data, the US government embarks today on a program of mass alteration of the human genome through the release of artificial viruses for targeted DNA mutation to make human bodies CALEA-compliant as is the law for all mass communications systems. SCOTUS rules LEO roadside 'reach-arounds' a 'valid data-gathering investigatory method'. Video at 11."
Strat
And they call it... (Score:2, Insightful)
ELECTRICITY. It's a new term that describes using pulses of electrons sent through the sender's body to a receiver that can "decode" the pulses of electrons into data sets.
In a related story, researchers find a means to unlock energy potential in static objects such as rocks and trees. They are tentatively calling this process "fire".
Re: (Score:1)
Old news! Back in the 1960s we used to send passwords back and forth between mainframe rooms via a system of coded farts and intermittent days of not wearing deodorant. It was effective, to this day no one has caught onto it!
Re: (Score:2)
Why do they call this wireless, for that matter... it's not even a good word for marketing anymore. Maybe something catchy like "MeatWire"?
Hands Across America! (Score:3)
I'm stunned (Score:1)
Shocking news!
Re: (Score:3)
Re: (Score:1)
how does that affect cash?
Re: (Score:1)
My guess is you're young.
Had the vaccination, but years later? No scar.
if you're not young, go look for it.
And yes, you called it.
You have been checkmated.
Re:Low Level Electromagnetic Fields (Score:4, Informative)
Does anyone know more info about it?
Yes, I do recall having read something somewhere about it being total bullshit.
But wait, there's this new study I heard about... [xkcd.com]
If there does turn out to be a small link, I'll be shocked if the risk is going to be too minuscule to obsess over. People only care about cell phones causing cancer because invisible EM / radio waves are freaky. It's weird magical stuff flying through the air that I can't see or hear or smell --> We need to be paranoid about it. That is the basis of the concern over non-ionizing EM causing cancer. Here are a list of things that we're almost certain cause cancer:
* Barbecued food with any black "grill marks" or other carbonization on it.
* Smoked foods
* Regularly being around lit candles
* Being around a lit fireplace, even if it's just occasionally.
* Drinking your coffee (or any other drink/food) while it's too hot.
* The sun--anything over the minimum amount required for your body to manufacture the vitamin D you need (just a few minutes per day, at least for lower-melanin people in lower latitudes).
* Possibly anything that causes prolonged or repeated inflammation.
I'm not saying you shouldn't worry about your kids or err on the side of caution, but if you aren't at all concerned about everything on the above list... don't kid yourself. You're not a safe, informed conscientious parent. You're simply unduly afraid of what you don't understand.
Re: (Score:2)
I'd say the biggest reason people are afraid of it is because it's commonly called EM "radiation". Radiation is unfortunately the same term used to describe those dangerous alpha/beta/gamma rays. And the term isn't ever us
Re: (Score:2)
You're simply not afraid of what you think you understand to be harmless
Fixed that for you. Most people are unduly afraid of many things they don't understand like gluten in foods (for people without celiac or an actual allergy). Most people also are terrible at risk assessment and minimizing risk; most everyone thinks actuarials are boring and serve a nearly pointless function. Reality is always what you believe it to be, it's a basic tautology. However when that perceived reality does not line up with what is actually real, something few people are taught since birth is
Ob. MIB (Score:5, Funny)
Slashdotter: You want my passwords? You'll only get them over my dead body!
Researchers: Your terms are acceptable.
Re: (Score:1)
If you really want to take it to the next level tho you'd encode the messages into haploid DNA...
Sun presented that years ago (Score:2)
They had a "Java ring" which used that technology to communicate with others. That way you could exchange contact information just by shaking hands with someone.
In reality this isn't constrained to ones body, just like coaxial cables you do have a certain leakage to the outside.
Re: (Score:2)
Actually the big advantage would be if you didn't actually transmit the password, but had some public key authentication scheme... unfortunately browser vendors care more about binary Javascript and USB access from the browser than making client side TLS authentication usable.
Privates Exchange Public Keys (Score:2)
just cant get it out of my head (Score:1)
News Flash (Score:3)
We show for the first time that commodity devices can be used to generate wireless data transmissions that are confined to the human body
This isn't "wireless" you've simply turned the human body into a "wire" and no, this isn't the first time that's been done.
See: Texas' criminal sentencing laws for murder...
Re: (Score:2)
Also see: SONET
Also light can be used! (Score:2)
Not new. Not high tech. (Score:1)
Saw something like this about 15+ years ago on a mainstream TV (France2).
At this time, it was scientists at IBM who transmitted non secret data while shaking hands.
~Same L1. Nothing new.
I can see an attack vector to this scheme... (Score:1)
Re: (Score:2)
Or perhaps (for any simulation geeks out there): Human in the Loop
Huh? (Score:2)
As well, they conveniently left out the word "chipped". This is just installing chips in people.
welcome to 2005.... (Score:2)
That Starner had a system like that already in place at MIT for his wearables research he called it PAN (the first real use of PAN) and ad it via touch.
So, I've been sharing my DNA for years (Score:2)
Hey baby, come get some of my dead skin cells. Oh yeah.
IBM did this in the 80's (Score:2)
*yawn*
Challenge and response (Score:2)
Well i would think it's ok to treat this like any other insecure channel an transmit challenge and response.
But for sure not a cryptographic key.