Researchers from the Georgia Institute of Technology have created a new touch-based smartphone security system that protects your phone even if an unauthorized user manages to unlock it.
The technology, known as LatentGesture, was tested in a Georgia lab tech study using Android phones. Results were promising: it was accurate for 98 percent of phones and 97 percent of tablets.
In the test, researchers had subjects fill out a form by swiping and tapping various commands on a smartphone or tablet installed with LatentGesture. The security technology collected minute data about each subject, including the pressure used to press a button or the speed to swipe a ribbon, and stored it as his/her “touch signature.” By setting these touch signatures to “owner,” LatentGesture was able to consistently and correctly identify the owner and reject all other users based upon their unique touch signatures.
LatentGesture is promising not only as a first line of defense but also as a deeper, more comprehensive layer of smartphone security.
Recently, Frédéric Fraces, a security consultant at Enfocus, contributed an article to Information Security Buzz in which he warns about the security risks associated with smartphones. He lists a number of recommendations that can counter these threats, including the use of a strong password or pattern to lock a phone after 2-5 minutes of inactivity.
But passwords and patterns only go so far. As Fraces notes, there is a danger of other people “shoulder surfing,” or looking at a phone when a user least expects it in an attempt to steal information, including a smartphone’s pattern or password. Also, each phone has administrative codes that allows subscribers to unlock their phones should they forget their passwords. These codes could theoretically be stolen by hackers.
Clearly, smartphones are not impenetrable. Hackers can get in. But that is the promise of LatentGesture: the technology could ultimately be used to monitor a user’s touch signature while he/she is active on the phone; if the signatures do not match, LatentGesture can lock them out.
However, this too has its drawbacks. Amparo Lasen, the late Vodafone Surrey Scholar at the Digital World Research Centre, University of Surrey, argues in his paper that mobile devices are “affective technologies” in that subscribers express their emotions on a phone via verbal and non-verbal behavior, including touch. This poses a potential problem for LatentGesture in that a touch signature collects one session of activity and projects this across all future sessions for a user. A touch signature therefore might not account for, among other things, variations in mood in which a user might be tapping or swiping at different degrees of speed or pressure. To counter this, LatentGesture should build a composite touch signature over multiple sessions, which would make users’ touch signatures more dynamic and flexible.
Despite some potential flaws, LatentGesture is a promising step forward in the future of smartphone security.
David Bisson | @DMBisson
Bio: David is currently a senior at Bard College, where he is studying Political Studies and writing his senior thesis on cyberwar and cross-domain escalation. He also works at the Hannah Arendt Center for Politics and Humanities at Bard College as an Outreach intern. Post-graduation, David would like to leverage his extensive journalism experience as well as his interest in computer coding and social media to pursue a career in cyber security, both its practice and policy
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.