Blog Date: 3/23/2017
Author: Ray Coulombe
Biometrics are a newer solution to an age old problem when it comes to cellphones. But using your fingerprint to unlock your phone is no longer a novelty. Have you thought about what happens when your fingerprints are stolen? When your photo is cloned?
Cyber security experts are trying new technology for cellphones and computer that actually recognize you from a variety of factors. Actually, your phone probably knows you better than you think.
In fact, the average smartphone has ten sensors measuring exact details about you, your habits and your location. Think: GPS, Bluetooth, Wi-Fi, a gyroscope, accelerometer, magnetometer and much more.
John Whaley, the chief executive of UnifyID, has a master’s degree in computer science from MIT and a doctorate from Standford. His start-up, UnifyID, is offering new authentication technology, that Whaley says can identify you after merely a few seconds of walking with a phone in your pocket. “We can tell what floor of a building you’re on,” he says in an interview with the News Observer. “We can tell if you are inside or outside of that building.”
Your smartphone knows the angle in which you hold your device, how much pressure you use, how much of your finger touches the sensor, your type speed, your swiping angles, what time you move around in the morning and more. “Once you combine a large number of these factors together, we can actually get to 99.999 percent accuracy about it being you versus not you,” Whaley said in the interview. “At that threshold, you can actually use this for authentication and you don’t have to use passwords anymore.”
But UnifyID isn’t the only company understanding your behavior on your phone. A professor at the University of Maryland helped create an app to determine when people are most vulnerable to cybercrime with their phones. The app, MADCAP, tracks your location and the apps you’re using to determine when and where you are when your phone is most susceptible to hacking.
The researcher’s goal is to “understand how folks apply security on their smartphones and to understand if we can nudge them to behave more security on their phones,” he said in an interview with University of Maryland newspaper. It turns out that most people don’t understand how public, unprotected Wi-Fi networks are unsafe, or that you can get a virus on your phone similar to a virus on your computer.
But more than just understand how we are vulnerable to cybercrime, Whaley and his team at UnifyID are providing ways to make it safer when we’re on any form of technology. What Whaley calls “implicit authentication” may change the way humans interact with all kinds of technology. Think: ATMs may recognize us as we approach by recognition through our cellphone.
Overall, Whaley says the downside to using biometrics in cyber security isn’t fully understood because of the gap between their perceived value and the true value. Fingerprints aren’t 100 percent secure! In fact, the Federal Office of Personnel Management was hacked in 2015, leaving 5.6 million people with stolen fingerprints. Ever seen a spy movie? Fingerprints can actually be lifted quite easily from glass doors, cups, and more. And, stealing biometrics isn’t like stealing passwords: You can’t change your fingerprints or your face—yet, you can change a password.
The difference with companies like UnifyID is that “implicit authentication,” where the user doesn’t actively verify his or her identity. Instead, the security is in the background always and the smartphone is taking constant data to test against the regular patterns of the user.
This is another form and interesting implementation of behavioral analytics, promising a more effective way to make your devices less susceptible to cybercrime.