Researchers have discovered a way to beam a secure key from fingerprint sensor pads through a person’s body to unlock wearables, smart doors, and other devices using electromagnetic pulses.
Your WiFi and Bluetooth-enabled devices, from smartphones and wireless speakers to pacemakers and glucose monitors, are not secure. WiFi and Bluetooth is used to transmit and receive data, which is helpful when you want to connect to the internet or share your heartbeat with a doctor, but the connectivity makes your device vulnerable to hackers.
Luckily, there’s a new method to securely unlock devices and manage medical devices and smart homes. Researchers from the University of Washington have successfully proved that you can use your body to transport secure passwords from your smartphone in one hand and unlock a smart door with the other hand.
Researchers Mehrdad Hessar, Vikram Iyer, and Shyamnath Gollakota sent secure keys through a person’s body to authenticate identity to unlock or pair a range of internet-connected devices. Using fingerprint sensors and touchpads (on an iPhone and PC laptop), they transmitted passwords through a person’s body to unlock a smart lock and pair wearable devices in a secure way.
The method goes beyond biometrics, the use of facial and voice recognition, iris scanners, and fingerprint scanners to confirm identity. You might never need to remember a password again. But why would you need to do something so sci-fi to unlock your door or pair your pacemaker? The reason is convenience and security. Hessar, Iyer, and Gollakota say transmitting information directly through the body creates “links immune to eavesdropping or man-in-themiddle attacks.”
“For example, by simply touching a doorknob, a user could transmit secret credentials from their smartphone through their body to open the door, without leaking secret information over the air,” the researchers wrote. “It can also be used to create secret keys that are necessary for establishing secure wireless connections for wearable
For people who have medical device implants, instead of typing in the serial number or passwords to pair the medical device with their smartphone (and to wirelessly share medical information with their doctor), a person’s smartphone could transmit a password through their body to pair the device without exposing the password to hackers. With 10 volunteer subjects, Hessar, Iyer and Gollakota showed it was possible to send secure keys through off-the-shelf fingerprint scanners (the iPhone fingerprint sensor, the touchpad on Lenovo laptop, and a Adafruit touchpad). Fingerprint scanners usually take in formation, but the researchers hacked the scanners so the hardware would output an electromagnetic signal to carry the secure key.
The protocol isn’t as complicated as it sounds: The fingerprint scanner generates an electromagnetic signal that travels up the finger, through the body and out the other finger, the researchers explain, thanks to the fact that the human body has conductive tissue beneath the epidermis.
In a world where hackers can stop your heart, crash your car, or take down your business,Hessar, Iyer and Gollakota’s discovery could find some decent market share. Hessar tells Inc. that they plan to work with “select phone companies” to integrate their software technology into new smartphones.