Phones Can Now Tell Who Is Carrying Them From Their Users' Gaits (economist.com) 94
PolygamousRanchKid shares an excerpt from a report via The Economist: Most online fraud involves identity theft, which is why businesses that operate on the web have a keen interest in distinguishing impersonators from genuine customers. Passwords help. But many can be guessed or are jotted down imprudently. Newer phones, tablets, and laptop and desktop computers often have beefed-up security with fingerprint and facial recognition. But these can be spoofed. To overcome these shortcomings the next level of security is likely to identify people using things which are harder to copy, such as the way they walk. Many online security services already use a system called device fingerprinting. This employs software to note things like the model type of a gadget employed by a particular user; its hardware configuration; its operating system; the apps which have been downloaded onto it; and other features, including sometimes the Wi-Fi networks it regularly connects through and devices like headsets it plugs into.
LexisNexis Risk Solutions, an American analytics firm, has catalogued more than 4 billion phones, tablets and other computers in this way for banks and other clients. Roughly 7% of them have been used for shenanigans of some sort. But device fingerprinting is becoming less useful. Apple, Google and other makers of equipment and operating systems have been steadily restricting the range of attributes that can be observed remotely. That is why a new approach, behavioral biometrics, is gaining ground. It relies on the wealth of measurements made by today's devices. These include data from accelerometers and gyroscopic sensors, that reveal how people hold their phones when using them, how they carry them and even the way they walk. Touchscreens, keyboards and mice can be monitored to show the distinctive ways in which someone's fingers and hands move. Sensors can detect whether a phone has been set down on a hard surface such as a table or dropped lightly on a soft one such as a bed. If the hour is appropriate, this action could be used to assume when a user has retired for the night. These traits can then be used to determine whether someone attempting to make a transaction is likely to be the device's habitual user. If used wisely, the report says behavioral biometrics could be used to authenticate account-holders without badgering them for additional passwords or security questions; it could even be used for unlocking the doors of a vehicle once the gait of the driver, as measured by his phone, is recognized, for example.
"Used unwisely, however, the system could become yet another electronic spy, permitting complete strangers to monitor your actions, from the moment you reach for your phone in the morning, to when you fling it on the floor at night," the report adds.
LexisNexis Risk Solutions, an American analytics firm, has catalogued more than 4 billion phones, tablets and other computers in this way for banks and other clients. Roughly 7% of them have been used for shenanigans of some sort. But device fingerprinting is becoming less useful. Apple, Google and other makers of equipment and operating systems have been steadily restricting the range of attributes that can be observed remotely. That is why a new approach, behavioral biometrics, is gaining ground. It relies on the wealth of measurements made by today's devices. These include data from accelerometers and gyroscopic sensors, that reveal how people hold their phones when using them, how they carry them and even the way they walk. Touchscreens, keyboards and mice can be monitored to show the distinctive ways in which someone's fingers and hands move. Sensors can detect whether a phone has been set down on a hard surface such as a table or dropped lightly on a soft one such as a bed. If the hour is appropriate, this action could be used to assume when a user has retired for the night. These traits can then be used to determine whether someone attempting to make a transaction is likely to be the device's habitual user. If used wisely, the report says behavioral biometrics could be used to authenticate account-holders without badgering them for additional passwords or security questions; it could even be used for unlocking the doors of a vehicle once the gait of the driver, as measured by his phone, is recognized, for example.
"Used unwisely, however, the system could become yet another electronic spy, permitting complete strangers to monitor your actions, from the moment you reach for your phone in the morning, to when you fling it on the floor at night," the report adds.
Cue Monty Python (Score:5, Funny)
Re: (Score:2)
It's not like just anyone can steal and use a device. ...
Every device has a factory reset
Re: Cue Monty Python (Score:4, Funny)
I'll keep asking until somebody answers me
I wasn't expecting the Spanish Inquisition.
Re: (Score:1)
I'll keep asking until somebody answers me
I wasn't expecting the Spanish Inquisition.
Nobody expects the Spanish Inquisition!
Re: (Score:1)
I have to ask: what is with Monty python?
I'll keep asking until somebody answers me or I don't care anymore
If your question was more specific it would be easier to answer. What do you mean "what is with Monty Python"? Do you not understand the joke that was made and how it relates to the posted article? Do you not understand why anyone would like the show at all? There are lots of ways to interpret your question so if you are looking for a serious answer you should be more specific. Otherwise it's like someone phoning you and saying "My Internet's not working on my computer. How can I fix it?"
Why quote Monty Python so often? (Score:2)
If this were Stack Overflow, I'd edit the question to rephrase it in a more answerable form:
What about Monty Python's body of work causes Slashdot users to allude to their skits so often?
Re: (Score:2)
I have to ask: what is with Monty python?
I'll keep asking until somebody answers me or I don't care anymore
Well I told you once...
Re: (Score:1)
I came here for a good argument..
Re: (Score:2)
I'm here for an argument!
No you're not.
Re: (Score:2)
Monty Python is strange and creative, like nerds. Nerds often embrace absurd humor, possibly because they can see the contradictions inherent to existence.
Drunk stumble (Score:2)
So when I'm hammered I can't pay the bar or the Taxi?
Easy to fool? (Score:1)
Re:Easy to fool? (Score:5, Funny)
What if I get injured and my gait changes
You may lose access to your cellphone, but at least the random changes to your gait will protect you from the sand worms.
Re: (Score:1)
Re: (Score:2)
So much THIS. Just had surgery on my foot and I've been limping for a week and a half. This kind of stuff is garbage "technology" that NO ONE ASKED FOR. Companies need to start doing stuff that we really need -- like a filthy-bathroom cleaning bot that sells for under $200 and doesn't sell the GPS layout of your house.
Re: (Score:2)
The only thing gait detection is used for on your phone is to keep it unlocked. If it doesn't detect your gait, you will simply have to unlock with your face, or your thumbprint, or your PIN.
Everyone, stop being stupid. (Score:5, Insightful)
It's somehow an unpopular opinion but i think that if you don't want to be tracked then the best way to do that is to not carry around the most advanced surveillance device known to mankind. If you can't manage that basic task then at the very least you should insist on having the full source code for both OS and applications. If you can't even manage that well... at least now you know what makes it the most advanced surveillance device known to mankind: it's made you psychologically incapable of not having it with you.
Re: (Score:2)
privacy laws and penalties seem better solution, many of us are required to have the smart phone
Re: (Score:3)
many of us are required to have the smart phone
What the hell kind of job needs you to have a smartphone?
Re: (Score:2)
Uber
Re: (Score:2)
And not just for the driver. Last I checked, someone who rides Lyft or Uber to and from work also needed an iPhone or Android phone to run the app. It's cheaper than buying a car.
Re: Everyone, stop being stupid. (Score:2)
Re:Everyone, stop being stupid. (Score:4, Informative)
Not sure if serious.
One answer: anyone who delivers the food that you're too lazy to cook or pick up yourself. There are many, many more.
But white collar slaves have been issued phones for decades.
Re: (Score:2)
Every job that requires you to run certain apps ...
You had a point if you said: requires you a "not so smart" or "more smart" phone without GPS or other geo tracking options, aka without GMS/G3/G4/G5/ WiFi ... unfortunately everything that connects to a phone tower can be tracked, either with apps inside the phone or via the network operators.
So?
Re: (Score:1)
Re: (Score:3)
Re: (Score:3)
Software can not detect if it is running in a virtual machine.
Unless the installation process leaves files around which not be there in a "non virtual machine".
Re:Everyone, stop being stupid. (Score:3)
https://superuser.com/question... [superuser.com]
https://kb.vmware.com/s/articl... [vmware.com]
https://stackoverflow.com/ques... [stackoverflow.com]
Re: (Score:2)
The examples you gave are equivalent by leaving a stray file.
They are deliberatly provided options to detect a VM.
So again: software can not know if it is running in a VM or on real iron, same way, we don't know if we are simulated or not.
Re: (Score:2)
Same way it's known about now. When your personal information pops up at a 3rd party and becomes part of their marketing campaigns via email and phone, there is a trail.
You're funny with your closed box geek thinking. Think outside the box, this is bigger than what's running and detectable on your phone.
Re: (Score:1)
You can carry it around or not depending on whether the advantages of being tracked outweigh the disadvantages. That's probably going to take a while to sort out, and there are a lot of situations where carrying the device makes everything a whole lot easier. The source code question is an interesting one: if you have it, how sure are you that someone didn't bury something interesting inside it? We know that people who want information and control are hiring programmers to help them get and maintain it. Som
Re: (Score:2)
How much would the full source code help the average person, or you in particular?
Re: (Score:2)
It wouldn't help most people but it would make it possible for /some/ people to actually look to see if they are stealing information. That gets reported and soon someone forks it with just the info stealing removed. See also: LineageOS.
Nothing wrong with "badgering" (Score:1)
"Badgering" customers for a password? What a ridiculous and lowly reason for inventing a new fancy and inaccurate way of identifying somebody. The amount of time used to "badger" a customer for some id will be more than exceeded by annoying customers pissed off that they have not been properly identified. If you want proof that most of the world has totally lost the plot then this is a fine example.
That's gonna go well (Score:1)
- Break your ankle in a car crash.
- Limp to the curb.
- Phone perma-locks.
At least the emergency call feature doesn't need unlocking.
Good way to get in shape (Score:2)
Re: (Score:2)
It makes me jump through a hoop every goddamn time I try to log in again from the same goddamn device.
Do you have your web browser set to clear all cookies on close or daily? Some privacy-obsessed users of Slashdot have mentioned this tactic. When you clear your cookies daily, the server cannot so easily distinguish your device from a new device.
Next you will have to do a silly dance to (Score:1)
unlock your phone...
Not fun to type and walk (Score:2)
While I do some modest reading while walking from car to work, the vast majority of the time, I'm sitting/stationary when I use my phone. Any authentication challenge that requires me to get up and walk around is not something I'd be a fan of :).
BULLSHIT. (Score:2)
I don't believe you, and I say you're full of shit.
WTF is going on with /.?
Kung Fu School of Surveillance Avoidance (Score:2)
Sign up today!
"Looked for, he cannot be seen. Listened for, he cannot be heard. Touched, he cannot be felt."
Here at the KFSSA you'll learn all the latest techniques for leaving no online footprint while easily accessing any strategic area of interest.
Sign up today and receive the 30% discount awarded Slashdot insiders!
Let me fix that for you (Score:2)
Used as intended, however, the system will become yet another electronic spy, permitting complete strangers to monitor your actions, from the moment you reach for your phone in the morning, to when you fling it on the floor at night
There...
sensor calibration attack (Score:2)
https://it.slashdot.org/story/... [slashdot.org]
"Our approach works by carefully analysing the data from sensors which are accessible without any special permissions to both websites and apps," the research team said in a research paper published yesterday. "Our analysis infers the per-device factory calibration data which manufacturers embed into the firmware of the smartphone to compensate for systematic manufacturing errors [in their devices' sensors]," researchers said. This calibration data can then be used as a fing
Surprised (Score:2)
I guess I'm the only one that is surprised that this stuff is available without permission. I mean, what could possibly go wrong when your phone is also running code checked in 3 minutes ago and hot deployed by some script kiddie.
Certainly (Score:2)
I'm sorry... (Score:2)
...I couldn't call you back because I sprained my ankle and can't use my phone.
Gimbal phone holder? (Score:2)
Great now I have to buy a gimbal just to hide from google.
Stroll down the street with a can of paint (Score:2)
Injury and Recovery - Can I use my phone?? (Score:1)