Password and credential security and respectively theft is a dangerous element of an infection chain. Luckily, security researchers at the University of Washington may have found a solution to prevent malicious hackers from intercepting passwords and keys, a rather unusual way indeed.
The idea is that, instead of sending over this sensitive information over the air, it could be sent through the users’… bodies. Yes, you read correctly.
Human Bodies, iPhone’s Fingerprint Sensors and Innovative Thinkers
As it turns out, our bodies are good transmission mechanisms for specific waves. The researchers were just trying to find a way to use that fact to transmit authentication data from a user’s phone to a target device, like a medical device. For that idea to take place in reality, the team of experts needed to develop a system that could communicate directly with the human body, and could produce electromagnetic signals below 10 MHz.
Of course, a crucial moment of every innovation is making it user-friendly meaning that team also had to think towards making their idea widely available. Eventually, the researchers decided to use the fingerprint sensor on iPhones and the touchpad on Lenovo laptops. They also added in a fingerprint scanner and a touchpad from Adafruit. It’s as simple as that: generate an electromagnetic signal from the fingerprint sensor or touchpad and transmit it through the user’s body to a specified device. This signal can carry an average user password or even an encryption key, as explained by the researchers.
Building on our observations, we design an on-body communication system that modulates the EM signals produced by fingerprint sensors and touchpads. We design receiver algorithms to filter the EM signals and decode the data transmitted by these input devices. To evaluate our design, we first characterize the signal propagation on the human body using fingerprint sensors on the iPhone 5s, the iPhone 6s and the Verifi P5100 USB fingerprint scanner as well as a Lenovo T440s touchpad and the Adafruit touchpad.
The research team was able to generate transmission rates of up to 50 bits per second through the on-body system. They even said that they could send a 256-bit encryption key in about 15 seconds. Of course, there’s still plenty room for speed improvements that involves adjustment of the API that the iPhone fingerprint sensor uses for communication.
The researchers also ran experiments to test the effect of placing the wireless receiver at different locations on the body. The results indicated that devices placed anywhere on the surface of the body can receive transmissions from fingerprint sensors and touchpads.
Have a look at the original research paper for full technical disclosure and empirical analysis.