New Technology Lets You Transmit Passwords Through Your Body

A small team of electrical engineers at the University of Washington has figured out how to use the body as a medium for transmitting small bits of data, a method they say is more secure than sending information over the air using Wi-Fi or Bluetooth signals.

“Let’s say I want to open a door using an electronic smart lock,” said Mehrdad Hessar, a doctoral student of engineering and member of the UW team, in a statement. “I can touch the doorknob and touch the fingerprint sensor on my phone and transmit my secret credentials through my body to open the door, without leaking that personal information over the air.”

This may sound sci-fi, but the invention is based on present-day tech: it works with the low-frequency signals that travel through your body every time you use your fingerprint to unlock your phone or computer.

Your phone’s fingerprint sensor works by scanning your fingerprint and matching it with information it has saved about your unique fingerprint pattern. The app designed by the UW team is almost unrelated—it does not use the data about your fingerprint, but rather leverages the by-product of the sensor’s function, electric signals, to create its own code.

Those signals, unlike a shock you might receive from a faulty socket, are so low they’re not felt by the body and pose no risk to your health, yet the UW researchers found they are also strong enough to be picked up by a custom receiver if it’s also touching your body.

So far, the team has been able to send data at bit rates of 50 bits per second from laptop touch pads and 25 bits per second from fingerprint sensors—enough to transmit passwords.

In theory, this communication system, which turns your phone (or another wearable device with a fingerprint reader) into a kind of digital key, beats attaching a fingerprint scanner to the door itself, since that would require storing sensitive information within the door’s sensor, or whatever other internet of things device one might want to access, says Shyam Gollakota, assistant professor of computer science and engineering at UW. Gollakota is the senior author on a paper announcing their project, presented with co-authors Hesser and Vikram Iyer, also a PhD student at UW, in Germany last month at the ACM 2016 International Joint Conference on Pervasive and Ubiquitous Computing.

Already, security experts are concerned that the small networked devices that create the IoT are the next frontier for cyber criminals. Gollakota and his students argue it’s safer to store private information in one’s phone or another personal device, and to transmit it through physical touch.

They’ve so far been able to test their system using an iPhone and other fingerprint sensors, like the Lenovo taptop, and they’ve managed to transmit information using the bodies of 10 volunteers of different sizes.

“We tested our system on a range of people of different weights, and we saw some variation in how strong the signal was, but certainly it was always strong enough to build a robust communication system,” Iyer tells Quartz.

The engineers imagine that the technology will one day not only open apartment or car doors, but also, for example, allow people to send identifying data from their phone or a wearable directly to a medical device—no Bluetooth or Wi-Fi connection required.