
Our ears may have built-in passwords - muon
http://www.newscientist.com/article/mg20227035.200-our-ears-may-have-builtin-passwords.html?DCMP=OTC-rss&nsref=online-news
======
pavel_lishin
_Stolen cellphones could also be rendered useless by programming them to
disable themselves if they detect that the user of the phone is not the
legitimate owner._

"911? I need help! A man has just collapsed at the bus stop! I'm calling from
his ... hello? Hello? Well, shit."

~~~
anonymousDan
But surely you would only be cut off after the owner of the phone explicitly
tells the phone company that his phone has been stolen? I think this sounds
like a pretty useful idea. Although it remains to be seen what the false
positive/negative rates look like.

~~~
lpellis
But then the phone company can just cut of the phone remotely, what would be
the point of this technology?

~~~
anamax
What phone company can't "just cut off the phone remotely" today, without this
feature?

------
ShabbyDoo
One problem with biometric identification is that the device reading data
(fingerprints, eye "prints", etc.) from the person has to be trusted by the
entity deciding the legitimacy of the user. If I have a digital copy of your
fingerprints and I "own" the fingerprint reader trusted by your bank/whatever,
I can pretend to be you. Given that people generally own the phones they use,
I wonder if this barrier to fraud is any less expensive or more effective than
existing security schemes. For example, have something/know something methods
(RSA random number generator keychain dongles coupled with a known passcode)
that are much easier to implement and don't rely on network effects -- For
people to buy earprint phones, they have to be commonly used as a form of
auth, but enough people must own them for banks, etc. to consider such a
scheme.

Business idea: A problem with the RSA dongle thingy is that a person would
have to carry one for EVERY entity with which he authenticates himself. I'm
sure some sysadmins already have a pocket full of this things. What if there
was a 3rd party that would offer have something/known something authen
services? Or, more generally, authen services with a variety of security
levels? Then, a person would just carry around his "Windows Live" dongle and
could authenticate with all his banks, etc. Not a good startup idea as it
takes a powerful entity to surmount network effects, but it would solve a real
problem for real people.

------
electromagnetic
There's a few problems with this, people regularly hand their phones to people
who aren't themselves and if the phone disables itself every time this
happens, I don't think this technology would ever catch on. The solution to
avoid this is that you'd have to report the phone stolen... at which point the
phone company can just ask you for your IMEI, which is a 15 digit code
(usually hidden under your battery, or enter *#06#) you're supposed to write
down in your handset manual. With this code and a report that your phone is
stolen, the phone company will ban the IMEI number and the phone is useless
(unless the person wants to spend $50 getting your handset unlocked and then
$10 to get a new sim card and then $10 to put time on a stolen phone, which
when you're stealing phones, I doubt you'd go to that trouble).

On CDMA phones it's your MEID number, which if reported will ban the device,
but as CDMA's are tied to one network it means the phone is permanently
useless.

So honestly, I don't see how this technology is useful in protecting a cell
phone from being stolen. My wife's taken my cell for days, I don't really want
my phone getting locked because of it, and when I was younger (before I got a
cell) my parents always handed me one of theirs if I was going to be out late,
which I'm sure many parents still do today. And if you need to report the cell
stolen, then it's pointless because there's already well established systems
for getting cell phones banned from a network.

------
orblivion
Better than a password, I would venture to say that this would closer resemble
a public/private key system. Suppose the bank could run several tests, and
learn the tendency with which your ear reacts, rather than recording a single
response. I am making some assumptions about how the ear works, but I'm going
to guess that it doesn't send the same response to every stimulus.

For authenticating, the bank could then send a randomized sound every time,
and listen for an expected response, which is in effect your ear's signature
on the input sound. This way, a thief wouldn't be able to bypass the system by
simply obtaining a recording of your ear; he would have to be able to mimic
its responses.

------
TAGzYa
Wouldn't you have to use the same phone in order for the "return" sound to
match the previous recording?

