Make Your Password Hack-Proof By Sending It Through Your Body
Low-frequency signals inside the body can make data hacker-proof
When wireless signals are sent through the air, there is the possibility that they can be intercepted by a hacker. If this wireless communication contains sensitive information, like a password, this is particularly concerning. While you can’t really have long-distance wireless communication without sending signals through the air, Shyam Gollakota and his colleagues at the University of Washington have figured out an ingenious way to take the air out of short-range communication: Send the signal through the user’s body.
“When you send a wireless WiFi signal, it’s broadcasting everywhere,” Shyam Gollakota, a professor of computer science and electrical engineering at the University of Washington, told Vocativ. “Any eavesdropper who’s listening in on this particular WiFi channel can hack into the stream and try to break that encrypted password.” The only way to get around this problem would be to remove signals from the air altogether.
The team figured out how to turn the fingerprint sensors and laptop touchpads already on consumer devices into transmitters of weak, low-frequency signals.These signals aren’t powerful enough to carry through the air, making it impossible for hackers to intercept them, but they can travel just fine through the body of someone holding onto the phone. Testing the system on 10 different users, they found they could generate usable signals in a variety of body types and positions, including when people were walking around or moving their arms.
The system Gollakota and his team have devised works well with wearable medical devices like glucose monitors, which often ask for a passcode to confirm the wearer’s identity, or something like a smart lock on a door. Current smart lock models will only open when an authorized device — often the user’s smartphone — provides a key. While that’s meant to increase security over traditional physical locks, smart locks are still vulnerable to hackers because the phone wirelessly transmits the code.
While the air is the ideal medium for higher-frequency signals like those we use in WiFi or Bluetooth, a dense, watery mass like the human body is perfect for a very low-frequency signal like the ones Gollakota and his colleagues created using phones’ built-in tech. In their system, these very weak signals move from the phone into the hand of the user, then pass harmlessly through the entire body of the user, largely dissipating as they move into the air. In the example of a smart lock, the user is also holding onto a doorknob, which contains a special receiver in the lock to register the code signal and open the door.
Gollakota stressed that this system doesn’t require any special hardware to work, instead taking advantage of tech already available on phones. “What we’re showing is that same fingerprint sensor can also be used to generate these signals that are going to be propagating around the body,” he said. In a sense, the only real hardware being added to the equation is the user’s own body, which shouldn’t require much by way of upgrade costs. (Maintenance is a whole other issue, we suppose.)
The system itself is still in its infancy, which is part of why its application is relatively limited. Gollakota said his team had made all this progress without getting any special access to the sensors on the phone. “Right now the only access that we have to the fingerprint system on the phone is we can turn it off and on,” he said. Currently, they have reached transfer speeds fast enough to do something basic like transmit a passcode, but their control is too coarse for much more than that. “If we had access to the fingerprint network, we could get to higher data rates, and we can actually enable complete communication.”
While the team’s system only works at an intimate scale, a truly secure method for wireless communication — even just at short range — could unlock new possibilities that go beyond just smart locks and wearable medical devices.
This story originally appeared on Vocativ on September 30th, 2016.