Cyber criminals are always on the hunt for user and corporate credentials like usernames and passwords with which they can log in to a person’s systems, access valuable data and perform fraudulent transactions. Researchers have been trying to come up with answers to it for decades and now they might have found the safest system to transmit passwords: human body.
A team at the University of Washington has developed a system that can prevent attackers from intercepting passwords and keys sent over the air by sending them through users’ bodies instead.
The UW researchers were looking for a way to take advantage of that fact to communicate authentication information from a user’s phone directly to a target device, such as a door knob or medical device. In order to make that idea a reality, they needed to develop a system that could be in direct contact with the user’s body, and could produce electromagnetic signals below 10 MHz. And to make the system usable for a mass audience, the team needed widely available hardware that could generate and transmit the signals.
Similar to the fingerprint sensor on iPhones, the logic behind the idea is to generate an electromagnetic signal from the fingerprint sensor or touchpad and transmit that through the user’s body to the target device.
“The signal can carry a typical password or even an encryption key,” the researchers Mehrdad Hessar, Vikram Iyer of University of Washington, and Shyamnath Gollakota said in their paper, “Enabling On-Body Transmissions With Commodity Devices”, “We can also get a strong signal throughout your body. The receivers can be anywhere — on your leg, chest, hands — and still work.”
“We show for the first time that commodity devices can be used to generate wireless data transmissions that are confined to the human body. Specifically, we show that commodity input devices such as fingerprint sensors and touchpads can be used to transmit information to only wireless receivers that are in contact with the body,” the researchers said.