A group of engineers found a way to send a password through your skin
A man with one hand in his pocket approaches a locked door and places his other hand on the doorknob. A second later, the deadbolt clicks open, as if by magic, and he lets himself in. A would-be burglar casing the house watches this sequence of events unfold.
The next day, after the man has left for work, the burglar approaches the door and places his hand on it, expecting it to pop open. Instead, it stays stubbornly locked. It’s not outfitted with a typical “smart lock,” which uses Wi-Fi or Bluetooth to open when a paired phone or watch is nearby. It’s not reading his fingerprint, either. So what’s going on?
A similar scenario recently unfolded in the University of
Washington’s Networks and Mobile Systems Lab, where researches
are experimenting with a new technology that sends passcodes
through the human body. The technology uses touchpads and
fingerprint readers to create signals that travel through
skin—and, unlike wireless broadcasts, the “on-body” transmissions
can’t be intercepted over the air.
Using their method, a person just needs to be touching a
transmitter—the fingerprint reader on an iPhone, for example—when
he or she comes in contact with a receiver. In the doorknob
example, the metal handle is hooked up to a reader that listens
for electromagnetic pulses. A code sent from the iPhone’s
fingerprint reader travels across a layer of particularly
conductive tissue right beneath the outer layer of human skin. It
quickly propagates to every part of the body, so that your entire
epidermis glows, invisibly, with data. (The researchers were able
to detect signals sent from one arm to the opposite leg, and
could accurately read them whether the person was standing,
sitting, or lying down.) When the signal arrives at the doorknob,
the reader makes sure it’s the right passcode and, if it is, it
opens.
This same approach could also be used to securely pair wearable
devices—everything from calorie counters to insulin pumps—with
their owners and each other. The technique takes advantage of the
fact that most devices give off faint electromagnetic signals
when they’re used normally. Some gadgets, like fingerprint
readers and trackpads, produce particularly reliable signals,
said Vikram Iyer, one of the two lead authors on the paper that presented the findings.
Iyer and his colleagues jury-rigged those electronic devices into
transmitters. For the fingerprint scanners, they rapidly
activated and deactivated them to send a signal pattern through
the skin; for the touchpads, they created patterns simply by
power cycling them—that is, quickly turning them off and on over
and over again.
The improvised transmitters get the job done, but not
terribly efficiently. The maximum transfer rate the researchers
were able to attain was 50 bits per second. At that speed, it
would take nearly two days to download a three-megabyte photo—but
it’s enough bandwidth to send a four-digit code in well under a
second.
(The trackpad on an IBM Thinkpad had the fastest transfer rate,
said Mehrdad Hessar, the paper’s other co-author, but the
fingerprint reader on an iPhone 6S sent the most powerful
signal.)
If the researchers used custom hardware, they could’ve gotten
speeds that were orders of magnitude faster. So why didn’t they?
“Our focus here was trying to find a way we could reuse an
existing device,” said Iyer. “One of the main problems with
adopting this kind of technology into a commercial applications
is that there’s already so much included in a phone. Any device
manufacturer wouldn’t add another radio, because that would take
up power, or space that they could use to make the battery a
little bigger.”
Better to find a way to use a technology that’s already found its
way into most phones—the fingerprint reader—rather than reinvent
the wheel. But if device manufacturers like Apple gave developers
more access to the fingerprint readers, beyond the capability to
activate and deactivate them, it would make using them as
transmitters much easier.
Avoiding a custom setup also means that on-body transmission
doesn’t pose any health hazard beyond simply using a phone or a
computer, Hessar said. It’s just using the electromagnetic noise
that’s already being produced by everyday devices in a clever
way.
While security is one the main benefits of on-body
transmission—there’s no airborne signal for a hacker to
intercept—there is one way to hijack a signal as it’s traveling
across someone’s skin: Just come in contact with it. Multiple
devices touching a body that’s conducting a charge can all read
the signal, raising the possibility that malware on a
smartwatch could be used to eavesdrop on a passcode as it moves
from limb to limb.
But absent a compromised smartwatch or fitness band, coming touching an object during transmission would be “fairly conspicuous,” Iyer said, so it’s not much of a worry.
Comments
Post a Comment