CAMBRIDGE, MA—The human body is becoming a node in the Internet of Things, and that may be creating more of a security threat than most people imagine. The problem goes beyond hackable passwords. Scientists say wearable technologies that rely on over-the-air data sharing could be giving away more personal data than previously suspected.
“We call it malicious eavesdropping,” said William Tomlinson, who completed his PhD as a Draper Fellow and is now a senior member of the technical staff at Draper. “And it’s a potential problem for more people as they adopt wearable devices.”
The technology already exists for such eavesdropping, according to Tomlinson. An attacker can simply make use of readily available methods, like an open source data sniffer, to steal unauthorized data by detecting the signals broadcasted wirelessly from commercial and medical wearable devices.
The capture of personal data isn’t new. Recent news reports describe a breach that occurred when a fitness tracker worn by soldiers in training revealed location patterns of security forces working out at military bases in remote locations. Wearables ranging from smartwatches to Google Glass have been data sniffed as well.
To address this challenge, engineers from Draper, Federal University of Parana and Northeastern University have devised a secure transmission channel that uses the human body as a waveguide. The team did it by developing a prototype system that leverages an intra-body communication technique called galvanic coupling, which is the coupling of low-level electric currents inside the human body, that enabled them to transmit a signal wirelessly through the arm, wrist and palm of a subject to a receiver.
According to the engineers, this approach drastically reduces the over-the-air leakage and detection of signals, making the transmission of biometric data impervious to sniffing attacks while still operating at power levels deemed safe for human operation. They describe the new biometric authentication system in a paper titled “Secure On-skin Biometric Signal Transmission using Galvanic Coupling” that will be presented at IEEE INFOCOM 2019 in Paris, France.
Funding for development of this technology is provided by a U.S. National Science Foundation under Grant No. CNS-1740907.