Lego Robots Crack Gesture-Based Security (vice.com) 13
An anonymous reader writes: Lego Robots outfitted with a "finger" made from molded Play-Doh were able to bypass seven different gesture-based security systems at least 70% of the time, according to a new study funded by DARPA. Gestural ID systems "tend to take a rosy view of the security world in which hackers attempt to breach such defenses via crude impersonation," reports Vice, which notes that the systems now turn out to be far less reliable against automated attacks using a careful "forgery" of a user's gestures.
DARPA titled their report "Robotic Robbery on the Touch Screen," writing that it "demonstrates the threat that robots pose to touch-based authentication, and provides compelling evidence as to why the zero-effort attack should cease to be used as the benchmark for touch-based authentication systems."
DARPA titled their report "Robotic Robbery on the Touch Screen," writing that it "demonstrates the threat that robots pose to touch-based authentication, and provides compelling evidence as to why the zero-effort attack should cease to be used as the benchmark for touch-based authentication systems."
So they . . . (Score:1)
. . . gave gesture-based security the finger . . .
Re: (Score:1)
somewhere, there is a chick going "let's see what else this finger can do..."
Rule 34 to kick-in any time now. (Score:2)
Japanese hardware maker announcing an "adult-toy" version of the finger-bot (complete with pink color scheme) coming in
3...
2...
1...
Re: (Score:2)
Different case of touch-identity (Score:3)
According to TFA, it's not about the "connect-the-dots" gestures used to unlock the screen saver.
It's a different type of touch-identification in play here.
It's about the phone continuously monitoring how you touch the screen and thus how you move your hands and wrists (think the touch-screen equivalent of calligraphy).
It makes the phone able to create a model of the users motions. (Think the touch-screen equivalent of forensic graphanalysis)
If the phone notice a sudden change in style (touch-screen equival
New shiny (Score:2)
This kind of tech always struck me as more about a cool technology than about security. I can't flawlessly imitate another person's gait any more than I can magically change my fingerprints to match theirs, but that's very different from circumventing the technology with another, perhaps low-tech, solution. (I believe James Bond did fake fingerprints back in the '60s or '70s.)
Re: (Score:2)