Your heartbeat is a password written in bone and tissue.
En el umbral entre el mundo físico y el virtual, el cuerpo humano guarda secretos que ni siquiera percibe: las vibraciones únicas que el corazón y los pulmones imprimen sobre el cráneo. Investigadores de la Universidad de Rutgers han convertido esa firma invisible en una llave digital, desarrollando VitalID, un sistema que autentica a los usuarios de gafas de realidad virtual a través de los sensores que ya llevan incorporados, sin hardware adicional ni interrupciones en la experiencia inmersiva. Con una precisión del 95% en la identificación y del 98% en el rechazo de intrusos, esta tecnología plantea una pregunta más amplia: ¿estamos aprendiendo, por fin, a escuchar lo que el cuerpo ya lleva tiempo diciéndonos?
- La seguridad en los dispositivos de realidad virtual es un eslabón débil: los auriculares económicos como Meta Quest no tienen cámaras de iris, y escribir contraseñas rompe la inmersión que define la experiencia.
- VitalID propone una solución que ya existe dentro del propio dispositivo: los acelerómetros y giroscopios que rastrean el movimiento de la cabeza también pueden captar las microvibraciones craneales únicas de cada usuario.
- Durante diez meses y con 52 participantes, el sistema demostró que puede distinguir a una persona autorizada de un impostor con una fiabilidad que supera a muchos métodos biométricos convencionales.
- La adopción no requeriría rediseñar ningún producto: bastaría una actualización de software, lo que convierte a VitalID en una solución lista para escalar si fabricantes como Meta o Apple deciden implementarla.
Tu corazón late y tus pulmones se expanden sin que lo notes, pero esos movimientos envían pequeñas vibraciones a través de tus huesos y tejidos, incluido el cráneo. Porque cada persona tiene una forma, grosor y densidad craneal distintos, esas ondas viajan de manera única en cada individuo, como una huella dactilar invisible. Investigadores de la Universidad de Rutgers han encontrado la manera de leer esa firma y convertirla en contraseña para las gafas de realidad virtual.
El proyecto, liderado desde 2019 por Yingying Chen, profesora y directora del departamento de ingeniería eléctrica y computacional, nació de una necesidad concreta: los dispositivos de realidad extendida necesitan seguridad que no rompa la inmersión. Las gafas de Apple Vision Pro escanean el iris con cámaras infrarrojas, pero los auriculares más asequibles, como Meta Quest, no tienen esa capacidad. Los usuarios se ven obligados a quitarse el dispositivo para escribir una contraseña o conformarse con una seguridad menor.
La respuesta del equipo fue VitalID, un sistema que no añade ningún componente nuevo. Los auriculares de realidad virtual ya incorporan acelerómetros y giroscopios para rastrear el movimiento de la cabeza. Chen y su equipo desarrollaron algoritmos capaces de filtrar el ruido de los movimientos externos y aislar únicamente las vibraciones que provienen del interior del cráneo. Modelos de aprendizaje automático analizan esos patrones para confirmar la identidad del usuario.
Las pruebas, realizadas con 52 participantes durante diez meses usando Meta Quest y HTC Vive Pro Eye, arrojaron resultados contundentes: más del 95% de acierto al autenticar usuarios autorizados y más del 98% de rechazo a impostores. El sistema funcionó en ambas plataformas, lo que sugiere que podría integrarse en productos existentes sin grandes cambios de diseño.
Si la realidad extendida se convierte en parte del día a día, como muchos anticipan, la seguridad tendrá que ser continua y transparente. Las vibraciones craneales están siempre presentes, son siempre únicas y ya están siendo medidas. Solo falta que los fabricantes decidan escucharlas.
Your heartbeat and breathing are constantly sending tiny vibrations through your skull. You can't feel them, but they're there—a unique rhythm that belongs only to you, as distinctive as your fingerprint or the pattern of your iris. Researchers at Rutgers University in New Jersey have figured out how to read those vibrations, and they're proposing it as a password for virtual reality glasses.
The idea emerged from a simple observation: every person's body resonates at its own frequency. The lungs expand and contract. The heart pumps. These movements create waves that ripple through tissue and bone, including the skull itself. Because each person's skull has a different shape, thickness, and density—and because facial tissues vary in muscle and fat distribution—the way these vibrations travel through the head is unique to each individual. Scientists have already demonstrated that respiratory patterns alone can identify a person with 96.8% accuracy. Add the heartbeat into the equation, and you have a biological signature that's nearly impossible to forge.
Yingying Chen, a professor and department chair of electrical and computer engineering at Rutgers, led the project that began in 2019. Her team recognized a problem facing the next generation of computing: as virtual and augmented reality glasses become everyday devices, they need security systems that don't break the immersive experience. Apple's Vision Pro uses infrared cameras to scan the iris. Meta Quest headsets, which are cheaper, don't have that capability. Users either have to remove their glasses to enter a password or accept weaker security. Chen's team proposed a different approach. They called it VitalID.
The elegance of VitalID lies in its simplicity. It doesn't require new hardware. Virtual reality headsets already contain motion sensors—accelerometers and gyroscopes—that track head movement and orientation. The innovation is entirely software. Chen's team developed algorithms that filter out the noise created by a user's movements and external vibrations, isolating only the subtle patterns coming from inside the skull. Advanced machine learning models then analyze those patterns to confirm the user's identity.
To test the system, the researchers recruited 52 participants and ran the experiment over ten months using two commercially available headsets: Meta Quest and HTC Vive Pro Eye. The results were striking. VitalID correctly authenticated authorized users more than 95% of the time. It rejected unauthorized users more than 98% of the time. The system worked across different hardware platforms, suggesting it could be integrated into existing devices without major redesign.
The implications are substantial. Extended reality—the umbrella term for virtual, augmented, and mixed reality—is expected to become a central part of daily life. If that happens, security needs to be seamless, continuous, and trustworthy. A password you type defeats the purpose of immersion. Facial recognition requires cameras and processing power. But cranial vibrations are always present, always unique, and already being measured by sensors that serve other functions. A user could authenticate simply by wearing the glasses, without interrupting whatever they're doing in the virtual world.
For manufacturers, adoption would be straightforward. No additional components. No redesign of existing products. Just a software update. For users, it means one fewer friction point between themselves and the technology they're wearing. The question now is whether companies like Meta and Apple will choose to implement it. The technology works. The hardware is already there. What remains is the decision to use it.
Citas Notables
If immersive systems are going to integrate into daily life, authentication must be secure, continuous, and simple.— Yingying Chen, Rutgers University electrical and computer engineering department chair
La Conversación del Hearth Otra perspectiva de la historia
Why does the shape of someone's skull matter for this to work?
Because vibrations travel differently through different materials. A thicker skull, a different bone density, the amount of muscle and fat in the face—all of that changes how the waves from your heartbeat and breathing propagate. It's like how sound travels differently through wood versus metal. Your unique anatomy becomes a fingerprint.
Can someone else's heartbeat fool the system?
Not really. The system isn't just reading a heartbeat—it's reading how that heartbeat moves through your specific skull structure. Someone else's heart might beat at the same rate, but the vibration pattern traveling through their different head would be completely different. That's why the rejection rate for unauthorized users was over 98%.
Why hasn't this been done before?
The sensors existed, but nobody thought to use them this way. It took researchers specifically looking at biometric authentication and asking: what else is unique about a person that we could measure? Once you know to look for it, the vibrations are always there. But you need the right software to filter out the noise and find the signal.
What happens if someone is sick, or their breathing changes?
That's a fair question. The study ran for ten months, so it captured some variation in people's states. But it's something that would need more testing in real-world conditions—people with respiratory conditions, people who are anxious, people at different times of day. The system might need to adapt or learn individual variation over time.
Could this replace passwords entirely?
For VR glasses, potentially yes. You'd authenticate just by putting them on. But this is specific to devices with motion sensors. Your laptop or phone would still need different security. Though who knows—maybe accelerometers will become standard everywhere.
What's the catch?
The main one is adoption. The technology works, but companies have to decide it's worth implementing. Meta and Apple have already chosen their authentication methods. Changing that requires convincing them the benefit is worth the engineering effort. The other catch is privacy—you're essentially creating a biometric database of people's internal vibrations. That data would need protection.