Are Touch ID and Face ID a match for dead bodies? Experts disagree.
From fingerprints, to facescans, to possibly even sweat analysis, biometrics have become the default way many of us secure our data and unlock our smart devices. But with that ubiquity also comes risk, as security researchers have demonstrated time and time again that many of these supposed safeguards are susceptible to multiple-step hacks.
But what about, you know, single step hacks? Like, for example, hacking off someone's thumb? The question of whether or not a dead body or missing limb could be used to unlock a phone is not a new one, and has been asked since at least the release of Apple's Touch ID. And yet, despite the years of coverage, no one has been able to agree on an answer.
SEE ALSO:So how worried should we be about Apple's Face ID?The rather morbid debate popped back into the public consciousness this month after the tragic November 5 mass shooting at a Texas church. USA Today subsequently reported that the FBI was attempting to gain access to the shooter's iPhone, and that, if Touch ID was enabled, a specialized reproduction of his dead finger would likely have sufficed to unlock it — assuming it was used within a 48-hour window of the last time the phone was unlocked.
This claim, based on the expertise of Anil Jain, a professor of computer science at Michigan State University, adds a confusing layer to the reporting of numerous outlets — including this one — that a dead hand itself would notbe sufficient to bypass Touch ID. That's because the Apple-developed biometric uses radio frequency waves to check the skin underneath a finger's outer layer, a trick that supposedly prevents a dead one from being used. What's more, the tech also relies on a capacitive sensor which is activated by an electrical charge in living skin. No living skin, no luck.
So can smartphones make a distinction between the living and the dead, or not? The answer matters. If the fingers, eyes, or face of a deceased victim be used either by law enforcement or criminals to unlock a smartphone, then biometric locks have a brutally defined shelf-life. This, of course, would stand in contrast to a strong alphanumeric password which can't (at least yet) be pried from your ever-so-quickly decaying body, and would suggest yet another reason that the security conscious should avoid biometrics like a privacy-violating plague.
Credit: BRITTANY HERBERT/MASHABLEMashable repeatedly asked Apple, Google, and Samsung for comment on the matter, but received not a single response to our numerous inquiries. We also reached out to a host of biometric security experts, hackers, digital law experts, and forensic pathologists in an attempt to get to the bottom of what has passed from the realm of dark thought experiment to serious inquiry, but the responses (or lack thereof) only further muddied the waters.
It's almost as if, when it comes down to it, there's no agreement on whether or not a dead body could pass the biometric test.
The experts
There are, of course, many different forms of biometric security. Different devices rely on varying hardware and software solutions for purposes of authentication, and some of those have shown to be substantially less robust than others.
Daniel Edlund of Precise Biometrics, a company that makes and sells software for fingerprint authentication, told Mashable that the dead-body question comes down to a feature known as "liveness detection."
"If the fingerprint technology is equipped with what is called liveness detection, or in professional terms 'Presentation Attack Detection,' it will with a high security reject false fingerprints," he explained over email. "It doesn't matter if it is a copy of a fingerprint, such as a rubber, silicon or plastic replication, or a dead finger."
Touch ID, which relies on the aforementioned capacitive sensor and RF waves, would seem to fall in that category. It's less clear with Face ID, which Apple claims is "attention-aware." However, according to the company, that simply means the phone "recognizes if your eyes are open and looking towards the device." As the 1993 modern American classic Demolition Manmakes clear, an eye doesn't necessarily need to be attached to a living head to fulfill that requirement.
Nate Cardozo, Senior Staff Attorney on the Electronic Frontier Foundation's digital civil liberties team, had a different take based upon his technical knowledge of the systems in question.
"It's my understanding that while Touch ID does work [with a deceased individual], Face ID won't because it detects 'attention' from the user."
Face ID doing its thing.Credit: appleThis sentiment was partially echoed by Phobos Group security researcher Dan Tentler, who likewise gave a conditional response when asked about using the dead to unlock a smartphone.
"Touch ID, definitely," he observed over email. "Face ID? Hard to say, you could probably get it done if you had the body, and were able to open the person's eyes. But then again, there was that one guy who shaved his beard and Face ID quit working, so it's hard to say."
Yet another expert, UnifyID co-founder and CEO John Whaley, went even further. His company specializes in behavioral biometrics — a way to "authenticate you based on unique factors like the way you walk, type, and sit" — and his assessment of dead bodies and biometrics suggests that your digital secrets won't die with you.
"It is certainly possible to authenticate with biometrics even without user consent, or the person even being alive," he explained. "This is especially true if the factor they use is static, like a fingerprint or a face. One attempt to combat this is to use a liveness check, but even those are often easily spoofable."
In other words, in Whaley's mind, even the latest and supposed greatest in biometric security —Face ID — is likely capable of being unlocked with the face of a deceased individual.
Death and your data
Manufacturers around the world love to brag about the biometric locks built into their smartphones, claiming to have found that sweet spot between security and convenience. However, short of someone conducting an extremely unethical experiment, the "severed finger test" is one that companies like Apple and Google may never have to take — let alone prove they can pass.
That won't matter for most consumers, who, if presented with the possibility of having their hand lobbed off by a criminal trying to break into their phone, will likely be more concerned about their digits than their documents. However, as time passes and biometric sensors are added to more and more of the devices that surround us, a new question is presented: who has access to our identity — and our data — after we die?
Much like whether or not a corpse can be used to unlock an iPhone, that question still remains very much unanswered.
Featured Video For You
Sorry, but you just can't erase yourself from the internet
相关文章
- Max B. Sawicky ,August 6, 2024 Courting Di2024-09-23
- “英派斯杯”山东省第三届半岛蓝色经济区健身联动活动昨天在石老人海水浴场和崂山区世纪广场同步举行。本次活动旨在配合山东半岛蓝色经济区建设,进一步培育打造区域群众体育品牌赛事,努力2024-09-23
闈掓槬鏃犵晱锛岀悆鍦虹浉浼 闈掑矝绉诲姩缁勭粐寮€灞曟柊鑰佸憳宸ョ鐞冨鎶楄禌
銆€銆€涓浗灞变笢缃?mdash;鎰熺煡灞变笢9鏈?鏃ヨ閲戣壊鍏湀锛岀楂樻皵鐖斤紝纭曟灉椋橀銆傞潚宀涚Щ鍔ㄩ殢鐫€鏂板憳宸ョ殑鍏ヨ亴锛屽張杩庢潵浜嗕竴鎵规湞姘旇摤鍕冪殑鏂板姏閲忥紝绗竴灞婇2024-09-23- 国家大剧院“醇·萃古典”系列又来大腕儿啦!11月29日,被《纽约太阳报》称为“世界顶尖的花腔女高音”的女高音歌唱家戴安娜·达2024-09-23
- In 2007, Flickr was the most popular dedicated photo-sharing site on the web, and growing exponentia2024-09-23
- 9日上午,青春校园励志电影《如果我是你》在青岛大学开机。影片讲述了两位性格迥异的大学生,在一次偶然的情境下身体互换引发的一连串趣味横生又励志动人的故事,是当代大学生励志追求梦想的缩影。本片由传世影业出2024-09-23
最新评论