The dead can un­lock iPhones

When seek­ing clues to a killer’s plans, time is of the essence

Chicago Sun-Times - - MONEY - El­iz­a­beth Weise

SAN FRAN­CISCO – Your shiny new smart­phone may un­lock with only your thumbprint, eye or face. But it turns out you don’t need to be alive to get past this unique se­cu­rity bar­rier, open­ing new fron­tiers for in­di­vid­ual pri­vacy and law en­force­ment.

The FBI is strug­gling to gain ac­cess to the iPhone of Texas church gun­man Devin Kel­ley, who killed 25 peo­ple, in­clud­ing a preg­nant woman whose un­born baby also died. The tragedy has un­earthed a grue­some idio­syn­crasy of mod­ern bio­met­ric tech­nol­ogy: A living per­son isn’t nec­es­sary to un­lock many de­vices.

It turns out the agency likely could have un­locked Kel­ley’s phone with his thumbprint, if he had en­abled Touch ID to un­lock it and of­fi­cials had done so within 48 hours of Kel­ley’s death by his own hand. That time limit passed, and the phone re­mains locked, but it raises a ques­tion — does some­one need to be alive for to­day’s in­creas­ingly com­mon bio­met­ric recog­ni­tion sys­tems to work?

In many sit­u­a­tions they don’t, said Anil Jain, a pro­fes­sor of com­puter sci­ence at Michi­gan State Uni­ver­sity and ex­pert on bio­met­ric tech­nol­ogy.

Bio­met­rics has to do with body mea­sure­ments. In com­puter cir­cles it’s about us­ing spe­cific in­di­vid­ual body mea­sure­ments as a way to con­firm iden­tity. These in­clude fin­ger­prints and fa­cial recog­ni­tion soft­ware. Beyond com­put­ers, some so­phis­ti­cated se­cure en­try­way sys­tems make use of iris recog­ni­tion, hand ge­om­e­try and voice recog­ni­tion.

In the case of Kel­ley’s iPhone, the lim­it­ing fac­tor was the 48- hour clock on how long a fin­ger­print can be used to un­lock the phone. This pre­sumes Kel­ley had Touch ID en­abled on his phone, which the FBI has not con­firmed. How­ever, about 80% of iPhone users do, ac­cord­ing to Ap­ple. Touch ID has been on iPhones since the 5S was re­leased in 2013 un­til the iPhone X, which re­places the Touch ID fin­ger­print with fa­cial recog­ni­tion.

If the FBI had tried in that 48- hour pe­riod, would it have worked?

Prob­a­bly, Jain said, de­pend­ing on how de­com­posed Kel­ley’s body was. A rot­ting body changes shape which dis­torts fin­ger­prints.

A 2016 study at Oak Ridge Na­tional Lab­o­ra­tory found that both iris and fin­ger­print bio­met­ric data could be ob­tained from bod­ies up to four days af­ter death in warmer sea­sons and for as many as 50 days in win­ter.

The other hur­dle is what kind of fin­ger­print reader is be­ing used: op­ti­cal or ca­pac­i­tive. Op­ti­cal sys­tems, such as those used on iPhones, use im­ages to build up highly spe­cific dig­i­tal maps of the ridges and whorls of the fin­ger. There have been mul­ti­ple re­ports of peo­ple us­ing sim­ple den­tal mold mod­els of fin­gers to re­pro­duce ex­act fin­ger pat­tern and open smart­phones. So it might have been pos­si­ble for the FBI to sim­ply make a cast of Kel­ley’s fin­ger to at­tempt to open his phone.

More so­phis­ti­cated sys­tems use scan­ners that use the elec­tri­cal prop­er­ties of the hu­man skin as part of the mea­sure­ment. These are harder to spoof, as af­ter death the con­duc­tive prop­erty of the skin is quickly lost.


Anil Jain, a pro­fes­sor of com­puter sci­ence at Michi­gan State Uni­ver­sity, cre­ated a con­duc­tive model of a fin­ger, used to spoof a fin­ger­print ID sys­tem.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.