The Stack Archive

Passwords can be transmitted through body rather than Bluetooth

Thu 29 Sep 2016

Computer researchers and electrical engineers from the University of Washington have found a way to confirm a user’s identity through the human body, from a touch device like a fingerprint sensor to an input device that requires a password.

The new method leverages the signals used by fingerprint sensors, already commonly used for authentication on smartphones, laptops and mobile devices to transmit secure password data through the body. Avoiding transmissions through WiFi or Bluetooth reduces the risk of eavesdropping or interception of secure password data by a malicious entity.

The research team devised a method by which secure passwords can be sent through the body, rather than through the air by WiFi or Bluetooth, where they are vulnerable to hacking. Using low-frequency transmissions, communications may be sent from a device that physically confirms identity to one that requires a password to confirm identity harmlessly, through the human body.

Fingerprint sensors are generally used to receive input about your finger, and use that data to authenticate identity. However, the UW team uses that data as output, corresponding to the data in a password. The data that authenticates identity through touch travels securely through the body to a receiver in a device that requires authentication by password.

For example, your phone can communicate with your smart door lock, or your FitBit with your laptop, by transmitting data through your body rather than through the air. Authenticating your identity on one devices sends the required passcode to authenticate your identity with the other.

Merhdad Hessar, a doctoral student and co-author of the study said, “Let’s say I want to open a door using an electronic smart lock. I can touch the doorknob and touch the fingerprint sensor on my phone and transmit my secret credentials through my body to open the door, without leaking that personal information over the air.”

The research team believes that the technology can be useful to authenticate user identity for medical devices that require confirmation, including glucose monitors and insulin pumps.

The body transmission system was tested on fingerprint sensor including the iPhone, Lenovo laptop trackpad, and Adafruit touchpad. The tests were successful regardless of body type, or position or motion of the subject. While the team confirms that these tests are preliminary, they do believe that transmission speed and effectiveness can be improved if researchers are given more access to fingerprint sensor manufacturing technology and software.


hacking news research security smartphones US
Send us a correction about this article Send us a news tip