Tech Talk: Why your heart could be the next biometric security feature for your smartphone


(Ray Nelson) #1

TechRepublic.com has posted an interesting update regarding the future of biometrics. A research team at the University of Buffalo has come up with a way to verify a user’s identity based on their heart. Not their heartbeat, but the size and shape of the heart, which is so far thought to be entirely unique for each person.

A lot of us are using fingerprint and facial scanners already to unlock our smartphones, but this would use radar technology to determine your heart’s dimensions. Once the initial scan is done for a user, it can continuously monitor for that user’s heart geometry from up to about 30 feet away.

This seems very cool to me, but I know some may have privacy concerns. If anyone would like to poke holes in this, I’d be glad to hear them!


#2

Simple: Proximity does not signal intent.

Just because you’re close enough to be scanned does not signal your intent to be scanned.

Think about a pick-pocket grabbing your phone. They can pretty much do what they want while hovering around you in a crowd while you’re unaware.


(Ray Nelson) #3

That’s a great point that I completely missed. Thanks for bringing it up! Would you consider proximity-based keyless entry systems on cars to have a similar flaw? I guess in theory you could have your back turned to the car, allowing a thief to access it right under your nose.


#4

Honestly, keyless entry for cars (where I have the most experience) are require both proximity to the car and the physical contact from the car on the same side as the key - with slightly different policies for what the “open” operation does. For a Toyota 2011 Prius if you’re on the driver’s side of the car with the key then when you touch the door handle ONLY the driver’s car will unlock. If you’re on the passenger side of the car then all doors unlock. It’s an interesting compromise between security and usability. If you’re on the driver’s side then anyone breaking into your car will need to be pretty much physically touching you. Not so on passenger side.

That said, I suspect the design is there to enable a couple of use cases for ease of use. And if you see the wrong person enter the car when you’re on the passenger side then just don’t get in. But nothing’s perfect there: if they steal the key then they can take the car.

For me, my smartphone has way too much critical information on it to want physical proximity to be the only factor. If they steal the car then they get the car (at least temporarily). If they steal the phone then open it while I’m still around, then there’s a richness to what they have access to - even if 95% of my passwords are kept in an encryption app (not trusted to any browser).

One things for sure: I sure hope that proximity does not grant change rights to the smartphone security settings. That would be simple “game over”.