WASHINGTON : Researchers, including one of Indian-origin, are developing sensor-packed smartphones that can read a user’s mood, guard data, protect financial transactions and render passwords obsolete.
Ragib Hasan, an assistant professor in the Department of Computer and Information Sciences at University of Alabama at Birmingham, is developing software that uses information from a phone’s camera, microphone, accelerometer and other sensors to gauge a user’s attentiveness and respond appropriately.
When it detects that a person is driving, for example, it could silence all but the most important alerts. If it decides from the way that you are walking and talking that you are drunk, it could prevent you from making bank transactions.
Nitesh Saxena, director of the Security and Privacy In Emerging computing and networking Systems (SPIES) lab at the university, is using accelerometers, gyroscopes and proximity sensors to chart the characteristic gestures a user makes when answering a call or snapping a selfie.
Once his software learns your moves, it could unlock your phone automatically – and freeze when it is in wrong hands.
Newer phones can measure temperature, humidity and even barometric pressure. A combination of these readings could offer a secure way to log in to your computer and make passwords obsolete.
“Zero-interaction” authentication systems rely on Bluetooth or other signals from a smartphone to grant a user access.
But existing systems are vulnerable to relay attacks. A team of criminals – one close to the user, the other near his or her computer – can relay/eavesdrop on the verification process and defeat the system, Saxena said.
His team has found that combining readings from multiple sensors, including GPS, audio, temperature and altitude, can thwart relay attacks.
They have developed an Android-based app, called BlueProximity++, that uses these readings to instantly – and securely – unlock laptops and other devices as soon as the user’s phone gets within range.
Researchers are also working towards making financial transactions safer.
Apple Pay, Google Wallet and other mobile payment systems rely on near-field communications (NFC) technology. With NFC chips, users can make payments by tapping their phones against a reader at retail stores.
NFC is vulnerable to “ghost and reader” attacks (a form of relay attack), where a criminal intercepts a user’s credentials at one location and transmits them to a confederate waiting to make a purchase at another location.
Saxena’s team has developed a countermeasure to verify that the payment request is actually coming from a user in the same location as the reader.
Their system uses signals from a combination of sensors, including lists of nearby WiFi hotspots and their signal strengths, and short audio snippets captured by the phone’s microphone. The NFC reader compares notes with the phone – if the signals match, the payment is authorised. (AGENCIES)