Risk
3/15/2010
04:54 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Bacteria Trail Betrays Identity Of Computer Users

Raising new privacy concerns, research shows that the DNA signatures of bacteria transferred to objects by human touch can be used for identification.

Scientists at the University of Colorado at Boulder have found that the bacteria trail left behind on objects like computer keyboards and mice can analyzed and used to help identify users of those devices.

"Your body is coated with bacteria inside and out," says CU-Boulder assistant professor Noah Fierer in a video on YouTube. "You're basically a walking microbial habitat. And we found that the diversity of bacteria just on the skin surface is really pretty incredible. You habor hundreds of different bacteria species just on your palm, for example. We've also found that everybody is pretty unique. So of those let's say hundred or so bacteria species, very few are of them are shared between individuals."

What Fierer and his colleagues have demonstrated in a new study is that the distinctive combination of bacteria each of us carries and distributes can be used to help identify what we've touched.

Such work may one day help link individuals to malicious computer use or other crimes.

The study, "Forensic identification using skin bacterial communities," appears in the March 15 Proceedings of the National Academy of Sciences. It describes how the researchers swabbed bacterial DNA from the keys of three personal computers and matched them to the bacteria on the fingertips of the owners of the keyboards. It also details a similar test conducted on computer mice that had not been touched for over 12 hours.

The study indicates that the technique is 70% to 90% accurate and Fierer expects that accuracy will improve as the technique is refined. Until accuracy is extremely high, the technique is most likely to be useful as a way to augment more established forensic techniques, like fingerprinting and DNA identification.

"There's still a lot of work we need to do to assess the validity of the technique and how well we can recover bacteria from surfaces and how well we can match objects to the individual how touched that object," Fierer explains in the video.

In a University of Colorado at Boulder news release, Fierer said that the new technique raises bioethical issues, including privacy. "While there are legal restrictions on the use of DNA and fingerprints, which are 'personally-identifying,' there currently are no restrictions on the use of human-associated bacteria to identify individuals," he said.

Fierer was not immediately available to comment.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0972
Published: 2014-08-01
The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write ...

CVE-2014-2627
Published: 2014-08-01
Unspecified vulnerability in HP NonStop NetBatch G06.14 through G06.32.01, H06 through H06.28, and J06 through J06.17.01 allows remote authenticated users to gain privileges for NetBatch job execution via unknown vectors.

CVE-2014-3009
Published: 2014-08-01
The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct ph...

CVE-2014-3302
Published: 2014-08-01
user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708.

CVE-2014-3534
Published: 2014-08-01
arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a c...

Best of the Web
Dark Reading Radio