It's also unclear how the device might work in the event that the user has a heart attack or other severe medical condition. Create one too loose, and it will become a loophole that attackers will exploit to bypass the system. Create a temporary measure that's too rigid and users will be furious that they're locked out of their digital domains. Engineers have a delicate balancing act ahead of them. If either is lost, people will demand a workaround so they can check e-mail and open car doors until the devices are replaced. Nymi means a user has two things to hold on to. For one, what happens when a user misplaces either his bracelet or the paired mobile device that has to be nearby when a user first puts on the wristband? Just about everyone loses phones, car keys, or other important devices from time to time.
What about convenience?Įven if the Nymi is able to withstand sophisticated attacks, there are other important considerations. AdvertisementĪ fact sheet goes on to say the Nymi is able to sense the proximity of the device being unlocked, another measure that could help prevent hacking. The car door only unlocks if the user's "response" includes that data after it has been decrypted using the corresponding private key. One possible way to do this is for the car door to send a "challenge" in the form of random data that's encrypted with the users' public key. Depending on how the technology is implemented, it might make replay attacks infeasible. He also said the encryption secures the handshake performed between the bracelet and the devices being unlocked. Specifically, it uses elliptic curve cryptography to ensure data traveling between the bracelet and the device can't be monitored by anyone else. Martin, the Bionym CEO, wrote in an e-mail that the device has been designed to withstand such attacks. "So if somebody is able to rebroadcast that to your car. "You're not telling the thing authenticating that it's your computer that you want to authenticate to," said Josh Dustin, who is the director of security at a company called HireVue and an expert in authentication. Once the authentication is complete, it's the attacker who has been authenticated, not the user. The hacker then takes any response sent from the computer and relays it to the user. The hacker intercepts the signal her Nymi sends to the computer and sends it himself.
If a someone uses Nymi to unlock her smartphone while eating in a restaurant, what's stopping a nearby attacker from relaying those signals to unlock the user's car in the parking lot? Yet another closely related hack is to mount a man-in-the-middle attack, in which the attacker sits in between the user bracelet and the device she's logging into. If the attacker can clone the secret data the user beams to the device he's logging in to, the security of the system can be undermined.Ī related hack is known as a relay attack. Replay attacks are similar to obtaining a copy of the key to a target's home or office. A variation on this attack is to capture the data packets that the person's bracelet sends during the authentication procedure and use another set of hardware to resend that data. If the attacker is able obtain a person's unique ECG signal and bracelet, the attacker may be able to hook it up to a simple circuit that replays the heartbeat. The first is what's known as a replay attack.
#BRACELET HEARTBEAT PASSWORD#
A slick promotional video shows someone gliding from bed to airports to hotels to cafes, effortlessly logging into devices and unlocking doors without once having to enter a password or procure a key. It relies on three factors of authentication-that is, two things the user has in the form of the bracelet and a paired mobile device, and one thing the user has in the form of a verified ECG. Once it has verified that the heart signature belongs to the person who registered it, it provides a means of authentication that can in theory be used to access a virtually endless supply of electronic devices, including airport kiosks, hotel room doors, and sensitive computer networks. The Nymi is a small bracelet equipped with a sensor that reads the electrocardiogram (ECG) of the person wearing it. While the device is intriguing, the dearth of key technical details makes it impossible to assess the marketers' promise that it provides "complete security without compromising convenience." A security startup has unveiled a wearable device that's designed to replace the hassle of passwords by using a person's unique heartbeat signature to log on to computers and unlock car doors.
0 kommentar(er)
