Apple aims for biometric greatness with new fingerprint scanners, misses

Fingerprint scanners make it into everyone’s wildest dreams for a future of unbelievable convenience. No more digging around for keys in the dead of night in the middle of winter. Open sesame! What you need is quite literally, at your fingertips. And imagine the security! Thieves would have to pry your very fingertips from your cold, dead hands before they could make off with your fingerprint-activated car.

On September 20, 2013, with the release of the iPhone 5S, those dreams inched a little bit closer to reality. Sort of.

Apple released the phone with great fanfare, touting the high tech encryption and security of the home button that could unlock your phone with the press of a fingerprint. And long before the release, the good, but likely biased folks at MacWorld were indulging in some breathless speculation about the technology behind the fingerprint reader.

It’s a capacitance reader, they explained, rather than an optical one. The fingerprint reader built into the home button scans the tiny currents in the subcutaneous layer of your finger tip rather than relying on the visual surface of your fingerprint. These tiny currents are just as unique as your fingerprint, but unlike optical readers, they can’t be fooled with a mere photocopy of your fingerprint.

Over at Wired, they were excited not only by the immediate prospect of being able to text without first tapping out a PIN, which the writer admitted had grown into a “micro-annoyance.” They were also excited about what an Apple-spearheaded fingerprint reader would mean for the embrace of biometrics in general. (Wired points out that PCs have had a fingerprint option on laptops for years, but who uses them?) The iPhone 5S would become the gateway platform for all biometrics, “…if Apple’s actually works, it could help spread biometrics — the use of physical traits instead of PINs or passwords — across so many other parts of our lives.”

But then, the jokes started rolling in. TechCrunch posted a video of  a fluffy grey cat using its paw to unlock an iPhone. Then people started using toes, huge stubby toes. And some wacky individual in Japan posted a video of himself unlocking an iPhone with his nipple.

This crude turn of events certainly undermined the solemn elegance that Apple goes for with its shiniest technologies, but it didn’t mean the fingerprint reader was substantially broken. It just meant that the scanner worked for anything with skin and a heartbeat. If you want to give your cat access to your phone, that’s your business, and exactly the reason why they allow up to five prints to be authenticated on any given phone.

The real problem came from Is Touch ID Hacked Yet (istouchidhackedyet.com) which on September 23, 2013 — just three days after the release of the iPhone 5S — updated their website with an extra large, bolded “Yes!”

Starbug of the Berlin branch of the Chaos Computer Club, posted a video of the hack and won the prize offered by the site, which was made up of several dozen cash pledges, some bitcoin, a few bottles of booze and “one free patent application covering the hack” from @CipherLaw.

What it takes to hack a phone is complicated enough that the person would have to be truly determined to invest the time and resources into it — for example, criminals and thieving syndicates.

A few days and an eternity before the hack, one writer for PC World argued that the fingerprint technology could be a gamechanger, but “If Apple stumbles or falls on its face, though, it could set biometric security back a few years.” And that, it seems, is exactly what happened.

At the very least it could give the law a head start in legislating privacy and security measures for when the time for biometrics actually arrives.

Tags: apple, biometrics, fingerprint readers

Category: News, Trespassing