Passwords aren’t enough to keep hackers at bay. So, Ben-Gurion University of the Negev researchers developed a verification method according to how the user presses the touch screen that can identify a thief in 14 seconds.
The research was released to coincide with CyberTech 2017, currently underway in Tel Aviv.
Studies have shown that on average a person uses his or her smartphone 4.7 of the 15 hours they are awake.
In 2013, 3.1 million people in the US were the victims of smartphone theft, and 68% testified that they subsequently had not succeeded in restoring all of the information that was stolen.
Researcher Liron Ben Kimon, under the supervision of Prof. Bracha Shapira, Prof. Lior Rokach and Israel Mirsky of the Department of Software and Information Systems Engineering, tested the model on information gathered from 20 users over a two week period.
The model is based on how the users touch the screen while using the device (where they touch the screen and how much of the finger touches the screen).
Moreover, the model accounts for the application being used – as typing on WhatsApp is not the same as searching for a word on a browser.
The model also computes accidental touches of the phone (regular users always touch the phone by accident) and records the history of each touch –what was done on the device 30 seconds before the current touch, and specifically, which areas of the screen the user touched, which buttons they pressed and what the electricity consumption was during that time.
The findings showed that unauthorized users can be identified in less than 14 seconds, or in less than 35 touches of the screen (on average, a user touches the screen 35 times in 13.8 seconds).
The researchers note that a thief who wants to steal information from the device will almost certainly touch the screen more than 35 times to access information, since the thief is not as familiar with the device as the owner.
Singling out the user according to how he touches the screen is a verification method that is hard to imitate, since a thief cannot steal another user’s behavior.