As security professionals continue to warn of serious threats facing mobile, wearable, Internet of Things (IoT), and medical devices, a team of researchers has developed a method of sending passwords through the human body that may assist in securing commodity devices.
The researchers generated “on-body” wireless data transmissions using commodity devices sensors such as fingerprint sensors or touchpads on mobile phones and laptops. The findings were detailed in a report entitled ‘Enabling on-body transmissions with commodity devices.’
The research team consists of University of Washington assistant professor of computer science and engineering Shyam Gollakota, Mehrdad Hessar and Vikram Iyer. Gollakota is advisor to Iyer and Hessar, both Ph.D. students at the university. “One of the biggest advantages is that you can just reuse the components that have already been developed into these devices,” Iyer told SCMagazine.com.
Iyer said “no one can listen in on the transmission unless they are physically connected,” whereas traditional Bluetooth or Wi-Fi transmissions can be vulnerable to data sniffing. The research team tested the iPhone 5s and 6s, he said.
The research addresses biometric concerns raised by security pros, such as the risk of stolen biometric information. A report published last month found that cybercriminals are able to hack ATM biometric readers.
Fujitsu Americas head of biometrics Derek Northrope told SCMagazine that the approach is “not very practical at the moment” as a result of the transmission rates. “Even the simplest password would take a couple seconds,” he said.
However, the research provides hope for more secure data transmission, especially across mobile and medical devices. This week, Samsung noted that 68 vulnerabilities will be fixed in this month’s security update. Johnson & Johnson issued a warning letter to consumers that an insulin pump system contains vulnerabilities that could allow a remote attacker to trigger an overdose
. The vulnerabilities in medical devices “can be life threatening,” wrote Senrio CTO/founder Stephen A. Ridley, in an email to SCMagazine.com. Simple radio messages are used to connect everything “from garage door openers to automobiles, pace-makers to power plants,” he said.