Mandrake, NSA identifies users based on how they type on their devices

According to a senior fellow for Lockheed IT, the National Security Agency has tested the use of smartphone-swipe recognition technology dubbed Mandrake.

The NSA has developed a new technology, dubbed “Mandrake“, that can identify users from the way they swipe strokes and text on a smartphone screen. The news was reported by officials with Lockheed Martin who helped design the technology.

According to John Mears, a senior fellow for Lockheed IT and Security Solutions, that Lockheed Martin has recently tested swipe recognition technology that allow the identification of smartphone users based on how they type on their mobile devices.

“The National Security Agency has tested the use of smartphone-swipe recognition technology, according to the tool’s manufacturer. The mobile device feature, created by Lockheed Martin, verifies a user’s identity based on the swiftness and shape of the individual’s finger strokes on a touch screen.” reported by Nextgov.

Mandrake is able to remotely analyze the curve, unique speed and acceleration of a person’s finger stroke across the touch screen of their smartphone, this information are unique for each individual as explained Mears.

“Nobody else has the same strokes,” explained Mears. “People can forge your handwriting in two dimensions, but they couldn’t forge it in three or four dimensions.” “Three is the pressure you put in, also to the two dimensions on the paper. The fourth dimension is time. The most advanced handwriting-type authentication tracks you in four dimensions.“Officially, the NSA has developed the Mandrake technology for authentication purpose and it is already available to the Agency, but privacy advocates fear a possible use for surveillance activities.

“We’ve done work with the NSA with that for secure gesture authentication as a technique for using smartphones,” Mears said. “They are actually able to use it.”John Mears added that the Mandrake technology could be used for emergency responders who do not have the capability to access an incident command website.“If you are going 100 miles down the road, you are not going to enter a complex 12-character password to authenticate yourself,” he said. “We have some customers who deal with radioactive material and they can’t touch things” that small with gloves on — “How do they authenticate?”

Nextgov reported that Lockheed Martin was involved in other projects with the US Government that could represent a serious threat for people’s privacy, the news agency referred a project committed by the FBI for a $1 billion facial, fingerprint, palm print, retina scan and tattoo image biometric ID system. The FBI’s project, dubbed the Next Generation Identification system, could allow in a short future to identify a person from its voice and on how it walks.

Pierluigi Paganini

(Security Affairs – Mandrake , authentication)