Identity thefts are very common in online frauds. Sometimes passwords can be hacked or guessed – that’s why newer phones, tablets, and computers often implement biometric security features such as fingerprint and facial recognition. The next level of security is called behavioral biometric: it involves identifying people using their distinctive behavioral traits – such as the way they walk.
Several online services are currently using a technique called device fingerprinting. It works by gathering information about a device used by a particular user – specifically hardware configuration, operating system, the apps installed and other features. The results are used to create the device’s and user’s profile of habits. If some unusual activity is detected (for example a device different from the usual one is used to access a bank account) additional safety measures might be taken.
However, device fingerprinting is becoming less effective. Firms such as Apple and Google, as well as other makers of digital equipment and operating systems, are steadily reducing the range of features that can be remotely accessed. Businesses are somehow forced to do this in an attempt to regain user’s trust and to limit the amount of information that could end up in the wrong hands. This reduction in data gathered makes it more difficult to identify illegitimate users.
Under these premises, newer approaches like behavioral biometrics are gaining popularity. If powered by the right software, data from accelerometers and gyroscopic sensors can reveal how users keep their phones and how they carry them. Touch-screens, keyboards, and mice can reveal the distinctive way in which users type and move their hands.
Accelerometers detect if a phone is lying on a hard surface or on a sofa. If matched with other data such as the time of the day, it could reveal for example the sleeping habits of a person.
John Whaley, head of Unifyid – a firm involved in behavioral biometrics – stated that it is possible to identify a user’s “unique motion fingerprint” – with details as which part of the foot strikes the pavement first and how hard, the length of a stride, the number of strides per minute and the distinctive swing of the hips and step.
When combined with information about the typing speed and pressure, and regular places of use as revealed by the GPS, a user’s identity can be determined with a great degree of accuracy.
Behavioral biometrics could prove helpful. As Neil Costigan of BehavioSec noted, the software could be running in the background to continuously authenticate account-holders, saving them from remembering passwords, first pet’s names etc.
It could also prove to be another “great” way to spy on people’s habits and behaviors, invading their privacy and allowing perfect strangers to monitor their daily life, gather data, profile them and sell to the highest bidder.