Human body, smartphone passcode may forge better mHealth security

Image Credit: University of Washington

A human body passcode created via wireless data transmission using a smartphone fingerprint reader may provide stronger security for mHealth devices and wearables.

The system could potentially replace today’s password approach that uses data encryption, creating a new physical security layer impenetrable to outside attack, according to new research from the University of Washington’s Networks and Mobile Systems Lab.

The system can send a 256-bit key via the body to a wearable device from a fingerprint sensor in under 15 seconds, according to researchers, and the device can acknowledge key acceptance using Wi-Fi or Bluetooth over the smartphone. That eliminates the need for manually entered passwords.

“For instance, instead of manually typing in a secret serial number or password for wirelessly pairing medical devices such as glucose or blood pressure monitors with smartphones, a smartphone could directly transmit arbitrary secret keys through the human body,” the research says.

The potential for greater security on devices and mHealth data comes at a time when providers and patients are concerned about potential hacks on medical equipment. Earlier this month medical device maker Animas issued an alert to diabetic patients using its OneTouch Ping insulin pumps about potential hacking.

“Our focus here was trying to find a way we could reuse an existing device,” Vikram Iyer, one of the two lead authors, tells The Atlantic. “One of the main problems with adopting this kind of technology into a commercial application is that there’s already so much included in a phone. Any device manufacturer wouldn’t add another radio, because that would take up power, or space that they could use to make the battery a little bigger.”