It’s hype season again for the Cupertino Fruit and Phone Company. We are mere days away from a press conference that should reveal the specs of a new iPhone, likely to be named the iPhone 5S. As is customary before these events, the public is treated to all manner of Wild Mass Guessing as to what will be contained in the device. WIll it have dual flashes? Will it have a slow-motion camera? NFC? 802.11ac? The list goes on and on. One of the most spectacular rumors comes in a package the size of your thumb.
Apple quietly bought a company called AuthenTec last year. AuthentTec made fingerprint scanners for a variety of companies, including those that included the technology in some Android devices. After the $365 million acquisition, AuthenTec disappeared into a black hole. No one (including Apple) said much of anything about them. Then a few weeks ago, a patent application was revealed that came from Apple and included fingerprint technology from AuthenTec. This sent the rumor mill into overdrive. Now all signs point to a convex sapphire home button that contains a fingerprint scanner that will allow iPhones to use biometrics for security. A developer even managed to ferret out a link to a BiometrickKitUI bundle in one of the iOS 7 beta releases (which was quickly removed in the next beta).
Giving Security The Finger
I think adding a fingerprint scanner to the hardware of an iDevice is an awesome idea. Passcode locks are good for a certain amount of basic device security, but the usefulness of a passcode is inversely proportional to it’s security level. People don’t make complex passcodes because they take far too long to type in. If you make a complex alphanumeric code, typing the code in quickly one-handed isn’t easy. That leaves most people choosing to use a 4-digit code or forgoing it altogether. That doesn’t bode well for people whose phones are lost or stolen.
Apple has already publicly revealed that it will include enhanced security in iOS 7 in the form of an activation lock that prevents a thief from erasing the phone and reactivating it for themselves. This makes sense in that Apple wants to discourage thieves. But that step only makes sense if you consider that Apple wants to beef up the device security as well. Biometric fingerprint scanners are a quick method of inputting a unique unlock code quickly. Enabling this technology on a new phone should show a sharp increase in the number of users that have enabled an unlock code (or finger, in this case).
Not all people thing fingerprint scanners are a good idea. A link from Angelbeat says that Apple should forget about the finger and instead use a combination of picture and voice to unlock the phone. The writer says that this would provide more security because it requires your face as well as your voice. The writer also says that it’s more convenient than taking a glove off to use a finger in cold weather. I happen to disagree on a couple of points.
A Face For Radio
Facial recognition unlock for phones isn’t new. It’s been in Android since the release of Ice Cream Sandwich. It’s also very easy to defeat. This article from last year talks about how flaky the system is unless you provide it several pictures to reference from many different angles. This video shows how snapping a picture on a different phone can easily fool the facial recognition. And that’s only the first video of several that I found on a cursory search for “Android Facial Recognition”. I could see this working against the user if the phone is stolen by someone that knows their target. Especially if there is a large repository of face pictures online somewhere. Perhaps in a “book” of “faces”.
Another issue I have is Siri. As far as I know, Siri can’t be trained to recognize a users voice. In fact, I don’t believe Siri can distinguish one user from another at all. To prove my point, go pick up a friend’s phone and ask Siri to find something. Odds are good Siri will comply even though you aren’t the phone’s owner. In order to defeat the old, unreliable voice command systems that have been around forever, Apple made Siri able to recognize a wide variety of voices and accents. In order to cover that wide use case, Apple had to sacrifice resolution of a specific voice. Apple would have to build in a completely new set of Siri APIs that query a user to speak a specific set of phrases in order to build a custom unlock code. Based on my experience with those kinds of old systems, if you didn’t utter the phrase exactly the way it was originally recorded it would fail spectacularly. What happens if you have a cold? Or there is background noise? Not exactly easier that putting your thumb on a sensor.
Don’t think that means that fingerprints are infallible. The Mythbusters managed to defeat an unbeatable fingerprint scanner in one episode. Of course, they had access to things like ballistics gel, which isn’t something you can pick up at the corner store. Biometrics are only as good as the sensors that power them. They also serve as a deterrent, not a complete barrier. Lifting someone’s fingerprints isn’t easy and neither is scanning them into a computer to produce a sharp enough image to fool the average scanner. The idea is that a stolen phone with a biometric lock will simply be discarded and a different, more vulnerable phone would be exploited instead.
Tom’s Take
I hope that Apple includes a fingerprint scanner in the new iPhone. I hope it has enough accuracy and resolution to make biometric access easy and simple. That kind of implementation across so many devices will drive the access control industry to take a new look at biometrics and being integrating them into more products. Hopefully that will spur things like home door locks, vehicle locks, and other personal devices to being using these same kind of sensors to increase security. Fingerprints aren’t perfect by any stretch, but they are the best option of the current generation of technology. One day we may reach the stage of retinal scanners or brainwave pattern matches for security locks. For now, a fingerprint scanner on my phone will get a “thumbs up” from me.
The Networking Nerd 
Do we get to place bets on how long from release until someone loses a finger in a robbery?
Over two years ago I had a Motorola Atrix, and while as a smartphone it was nothing to shout about, the fingerprint scanner on that thing worked very well and I always thought it would make a re-appearance sooner or later. As for Apple, they’re not usually the first to think up an idea but more often than not they get the implementation right. I’ll be disappointed if they don’t offer anything more than the Atrix had, I’m hoping for some sort of innovation in there somewhere.
As for Android’s facial recognition, there’s a tutorial as you set it up to make sure you’re aware it isn’t very secure, but there was an improvement with Android 4.1 that enabled a “liveness check”. This requires a blink of the eyes as well as a recognised face, stopping still pictures from fooling it but does slow the unlock process back down to about the same time as tapping in a code.
My biggest gripe with BIO is that there is no way to ‘change’ your password other than some form of mutilation.
First off. The mythbuster fooled a very old sensor. The new ones measure the electric resistance in the area below the surface skin and are far more precise. With a laboratory you might succeed if you have the owners finger and cooperation if you spend enough hours.
If you dont, you have no chance.
Secondly as a reply to some of the comments here, a cut off finger changes its resistance. Hence a chopped of finger wont work.