Last updated February 27th 2017
An Israeli research team has developed a method that detects exactly how you press your touchscreen, so that it can identify someone else using your phone within 14 seconds.
Studies have shown that smartphone passwords are not enough, and can be easily uncovered by hackers, since most people choose passwords that are fairly easy to guess. Annually, more than 3.1 million Americans are victims of smartphone theft; and 68 percent of them aren’t able to restore all of the information that was stolen.
That’s why the Ben-Gurion University (BGU) researchers wanted to find a verification method that detects each person’s exact touch patterns.
Liron Ben Kimon examined the information gathered from 20 users over a two-week period. Her model is based on how the users touch the screen while using the device – where they touch the screen, and how much of the finger touches the screen.
In addition, Ben Kimon’s model takes into account which application is being used, since how one presses on the screen is different for each application – for example, you will touch your screen differently when typing a WhatsApp message, as opposed to scrolling up and down your browser. Moreover, since users often accidentally touch their screen, the model classifies a group of touches to identify a user, as opposed to each touch separately.
Another factor that the model computes is the history of each touch – what was done on the device 30 seconds before the current touch, and more specifically, which areas of the screen the user touched, which buttons they pressed and what the electricity consumption was during that time.
The findings show that unauthorized users can be identified in 14 seconds – after fewer than 35 touches of the screen (on average, a user touches the screen 35 times in 13.8 seconds).
According to the researchers, a criminal who wants to steal information from your device will almost certainly touch the screen more than 35 times, since someone who is not familiar with your phone will have to touch the screen more often to get to the information.
In conclusion, Ben Kimon says that “differentiating the user according to how they touch the screen is a verification method that is hard to imitate, since a thief cannot steal another user’s behavior.”
The team has not yet commercialized its findings, but this may point phone manufacturers into the right direction.
Liron Ben Kimon, a data scientist at PayPal in Beersheba, conducted the research under the supervision of BGU’s Prof. Bracha Shapira, Prof. Lior Rokach and Mr. Israel Mirsky of the Department of Software and Information Systems Engineering.