NEW YORK — A team of Indian American engineers has devised a way to send secure passwords through the human body using smartphone fingerprint sensors and laptop touchpads — rather than over the air where they’re vulnerable to hacking.
The two University of Washington doctoral students have found a way to send secure passwords through the human body. The “on-body transmissions” use what they call “benign, low-frequency transmissions generated by fingerprint sensors and touchpads on consumer devices”, according to a press release.
The students used smartphone fingerprint sensors and laptop keyboards. “Let’s say I want to open a door using an electronic smart lock,” said co-lead author Merhdad Hessar in the release. Hessar is a UW electrical engineering doctoral student. “I can touch the doorknob and touch the fingerprint sensor on my phone and transmit my secret credentials through my body to open the door, without leaking that personal information over the air.”
The pair is a part of the UW’s Networks and Mobile Systems Lab. They found 30 megahertz transmissions can travel through the human body, but not in the air, the release said.
Sending a password or secret code over airborne radio waves like Wi-Fi or Bluetooth means anyone can eavesdrop, making those transmissions vulnerable to hackers who can attempt to break the encrypted code.
Now, computer scientists and electrical engineers from the Seattle-based University of Washington have devised a way to send secure passwords through the human body — using benign, low-frequency transmissions generated by fingerprint sensors and touchpads on consumer devices.
“Fingerprint sensors have so far been used as an input device. What is cool is that we’ve shown for the first time that fingerprint sensors can be re-purposed to send out information that is confined to the body,” said senior author Shyam Gollakota, assistant professor of computer science and engineering.
These “on-body” transmissions offer a more secure way to transmit authenticating information between devices that touch parts of your body — such as a smart door lock or wearable medical device — and a phone or device that confirms your identity by asking you to type in a password.
“Let’s say I want to open a door using an electronic smart lock,” said co-lead author Merhdad Hessar, an electrical engineering doctoral student. “I can touch the doorknob and touch the fingerprint sensor on my phone and transmit my secret credentials through my body to open the door, without leaking that personal information over the air.”
The research team tested the technique on the iPhone and other fingerprint sensors, as well as Lenovo laptop trackpads and the Adafruit capacitive touchpad. In tests with 10 different subjects, they were able to generate usable on-body transmissions on people of different heights, weights and body types.
The system also worked when subjects were in motion — including while they walked and moved their arms. “We showed that it works in different postures like standing, sitting and sleeping,” said co-lead author Vikram Iyer, an electrical engineering doctoral student. “We can also get a strong signal throughout your body. The receivers can be anywhere — on your leg, chest, hands — and still work.”
The technology could also be useful for secure key transmissions to medical devices such as glucose monitors or insulin pumps, which seek to confirm someone’s i
dentity before sending or sharing data.
The new technique was described in a paper presented at the 2016 Association for Computing Machinery’s International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp 2016) in Germany this month.