Electric prints have criminals fingered

TECHNOLOGY Insight

Time to take control of your personal information The team gives the example of a sound-meter app funded by adverts, which has access to a phone’s microphone to monitor sound levels and to the internet to download ads. Any app with these permissions can also record and upload sound without the user’s knowledge, they say. Tools to halt data leaks already exist, such as WhisperMonitor, an Android

Static charge provides a clue to the age of fingerprints JUSTICE will be done more often: a new method of fingerprint analysis could not only detect prints but also reveal when they were made. Techniques for capturing a fingerprint are far from perfect. Besides the well-known method of dusting, there are several more sophisticated ways of detecting fingerprints, but all have limitations. Software analysis and chemical agents can often enhance a fingerprint, but can sometimes muddle the pattern instead. And while atomic force microscopy can 22 | NewScientist | 14 May 2011

Who’s accessing your data when you sign up to websites or apps?

plainpicture/Johner

THE iPhone secretly tracks your location. Amazon has lost your files in the cloud. Hackers have stolen the details of 100 million customers from Sony. This string of revelations has left many people wondering who they can trust with their data. Step forward David Wetherall at the University of Washington in Seattle and colleagues, who are developing tools to monitor the data transmission of apps and provide easy-to-understand “privacy revelations” about each one. “There is much value in simply revealing to users how they are being tracked,” says Wetherall, who presented the concept at the HotOS conference in Napa, California, this week. Whenever you sign up to a website or install an app, you are potentially giving the company behind the service access to your personal data – even if you don’t realise it. Tech companies take steps to protect and inform their users about data usage, for example Apple vets iPhone apps sold through its store, and Google’s Android lists the permissions granted to an app prior to installation. But Wetherall’s team believes these don’t go far enough.

app released last week that allows users to monitor and prevent outbound traffic. But Wetherall’s team wants to predict data leaks before they happen. To do so, they are developing an app that would run in the background on smartphones or browsers and analyse the flow of information, alerting users before an app tries to access data or pass it to other parties. Crowdsourcing user experiences could also help, allowing people who experience a leak

pick up fingerprint residues precisely, the technique scans such a small area at a time that it can often take hours to assemble a single print. Now Robert Prance and colleagues at the University of Sussex in Brighton, UK, have developed a way to capture fingerprints by looking at the small amount of static charge left behind when a finger makes contact with an insulating surface such as plastic or glass. The team passed an electrode over two fingerprints on a piece of plastic and measured the change in voltage

as it passed over the surface. Within 75 minutes, the technique had revealed the prints with “comparable quality to conventional fingerprint images”, says Prance. By performing the same measurement each day for 14 days, the team was also able to show how the charge decayed over time

“The technique could rule out suspects if it shows that their prints were left before a crime took place” (Forensic Science International, DOI: 10.1016/j.forsciint.2011.02.024). While the method still needs to be tested on different surfaces and under various conditions, Prance

to warn others against using an app. Unknown data access is just one problem, however. Trusting companies to look after legitimately collected data is also a concern, as shown by the Sony customers who now find themselves at risk of phishing and other types of fraud. Millions more passwords were also put in danger last week when the online password manager service LastPass admitted it had suffered a potential data breach. With password leaks now a regular occurrence, a switch to biometric “passwords” might be tempting. But a study due to be presented at the IEEE Symposium on Security and Privacy in Oakland, California, later this month suggests this can actually make a system less secure. Lorie Liebrock and Hugh Wimberly at New Mexico Tech in Socorro asked 96 volunteers to create two user accounts, one secured by just a password, the other by a password and fingerprint reader. They found the passwords chosen for use with the fingerprint reader were 3000 times easier to break, potentially making the overall security of the system lower than simple password use alone. As these latest leaks illustrate, believing others will keep your data secure can have disastrous consequences. Jacob Aron n

says it could be used to work out when a fingerprint was made. The technique could therefore provide clues as to when a crime was committed, or exclude people from an investigation if their fingerprints were made before or after the crime is known to have taken place. “This is a significant advantage over more conventional fingerprint enhancement methods,” says Glenn Porter, a forensic scientist at the University of Western Sydney, Australia. The main limitation of the technique is that it only works with prints left on insulating surfaces. If a fingerprint is left on a conducting material, such as a metal bullet casing, the charge deposited would simply flow away. Wendy Zukerman n