March 22, 2017 By Larry Loeb 2 min read

Hong Kong Baptist University (HKBU) recently announced that one of its researchers had developed with a lip motion password for biometric authentication use. The technology observes a person’s lips to gain security authorization, since a user may have specific motions tied to a certain phrase, for example.

Reading Lips

According to HKBU, this system can authenticate a user’s identity by matching the password content with “the underlying behavioral characteristics of lip movement.” Matching the speaker is done through training an artificial intelligence algorithm. Lip shape, texture and motion are all used as data in the training process.

Researchers think this method of authentication may have a big advantage over classic biometric sensors. If a biometric sensor-generated password is compromised, the password generation method itself is no longer as secure, since something like fingerprints cannot be updated or changed.

However, with the lip motion password, a new functional password can be generated simply by saying a different phrase. Additional security benefits to implementing this type of biometric security include voice-based authentication without background noise interference, low rate of mimicry or password forgery and a nonexistent language barrier for global use.

Professor Cheung Yiu-ming, who led the research, explained that “the same password spoken by two persons is different, and a learning system can distinguish them.” How much of a difference is actually found by the learning system was not stated, but it seems to be enough to get around a simple mimicry attack.

Improving Biometric Authentication

Bleeping Computer noted that if lip passwords were used in conjunction with facial recognition software, these passwords can be “almost impossible to crack.” Since the lip motion in all of the authentication attempts would have to come from the same face to be authenticated, it would almost certainly defeat any malicious attack.

Other kinds of attacks were not addressed by HKBU. Recording a user while setting a lip password would give the attacker both parts of the data needed to fool an authentication sentry, for example. Similarly, a man-in-the-middle attack could wait for a generating occurrence to remotely happen, then record the audio and video output for later use.

HBKU said that the method, which received a U.S. patent in 2015, will find uses in electronic payment situations using mobile devices, ATM transactions and as an extra layer to credit card passwords.

More from

Change Healthcare discloses $22M ransomware payment

3 min read - UnitedHealth Group CEO Andrew Witty found himself answering questions in front of Congress on May 1 regarding the Change Healthcare ransomware attack that occurred in February. During the hearing, he admitted that his organization paid the attacker's ransomware request. It has been reported that the hacker organization BlackCat, also known as ALPHV, received a payment of $22 million via Bitcoin.Even though they made the ransomware payment, Witty shared that Change Healthcare did not get its data back. This is a…

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

How I got started: AI security researcher

4 min read - For the enterprise, there’s no escape from deploying AI in some form. Careers focused on AI are proliferating, but one you may not be familiar with is AI security researcher. These AI specialists are cybersecurity professionals who focus on the unique vulnerabilities and threats that arise from the use of AI and machine learning (ML) systems. Their responsibilities vary, but key roles include identifying and analyzing potential security flaws in AI models and developing and testing methods malicious actors could…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today