“Silent” audio could be key to unlocking PCs, new password-beating start-up claims

Password

1

Simply holding your phone a few inches from your PC will be enough to log in to sites and services previously protected by cumbersome two-factor systems, a new start-up claims.

SlickLogin uses sounds inaudible to the human ear so smartphones and PCs can “talk” – once you hold your smartphone near the PC, the machine plays a uniquely generated sound, and the SlickLogin app “hears” and deciphers it, sending a “green light” to the server that you are who you say you are.

The system uses GPS, Wi-Fi, NFC or QR codes to verify that the phone is nearby – and will “wake” the phone itself, rather than users having to launch an app. The app’s three makers are former members of the Israeli Defense Force’s cyber security unit, and claim their method beats many current two-factor systems due to, “The seamlessness for the user. We’re also more cost effective, because we don’t require any new hardware.”

SlickLogin launched into closed beta at Disrupt SF 2013, according to TechCrunch, and aims to work as a secondary security device (ie alongside usernames and passwords), and without the cumbersome use of RSA chips and other two-factor authenticators. SlickLogin claims that its technology can be added easily to existing apps.

“Up to 7 different methods are used to verify the phone’s proximity to the computer.These include GPS, WiFi, Bluetooth, NFC, QR codes, and our unique technology, based on audio signals,” the company says.

“Our technology can operate both natively or in the browser – therefore, we support all smart-devices out there. Adding SlickLogin technology to your existing mobile app takes only 5 lines of code. Have no app? Our default application can be redesigned to fit your brand.”

TechCrunch’s Greg Kumparak says he quizzed the three founders on security, and was told, “Everything is very heavily encrypted, so man in the middle attacks are out. You can’t record the audio signal and just play it back later, as the audio is uniquely tied to that moment.

“You can’t just hold your phone up to someone else’s audio signal (or grab it from across the room with a directional mic) in hopes of getting logged in to their account before they do; your phone wouldn’t have their login credentials stored on it.”

Many companies are offering biometric and two-factor solutions to replace and/or augment current password systems – such as the Bionym bracelet, which uses your unique heartbeat pattern as a password.

ESET Senior Research Fellow David Harley discusses the advantages of biometric systems in a We Live Security blog post, “The sad fact is, static passwords are a superficially cheap but conceptually unsatisfactory solution to a very difficult problem, especially if they aren’t protected by supplementary techniques. Biometrics and one-time passwords and tokens are much more secure, especially when implemented in hardware as a two-factor authentication measure.”

Author Rob Waugh, We Live Security

  • Alex

    Wait a second, what if a miscreant has got my phone and has access to my computer? Where is the second factor auth?

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
10 Sep 2013
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.