Has the coronavirus pandemic affected Apple’s hardware design?

Security

Remember Apple’s TouchID sensor, which created quite a stir way back in 2013 when the iPhone 5s came out with a home button that could also read your fingerprint?

It wasn’t that having a fingerprint scanner was a new thing, even in 2013, but that the integration of the home button and the biometric sensor was a neat move by Apple.

After all, the first thing iPhone users typically did in 2013 was to click the home button to wake up their phone, popping up the unlock screen if they had been diligent enough to set a lock code.

But lots of users – notably including Marissa Mayer, then CEO of Yahoo! – didn’t set lock codes, because just pressing the home button was time-consuming enough.

So making the home button double up as a biometric authentication device was a handy way of bypassing the resistance of users who were determined to resist the use of lock codes…

…because it gave them a way to have their cybersecurity cake without having to take the time to eat it too.

Of course, not everyone was delighted at the idea, for several intriguing reasons, including:

  • What if a court compelled you to unlock your phone with your fingerprint? In the USA, for example, would fingerprint unlock “codes” enjoy the same Fifth Amendment protection against self-incrimination as numeric or alphabetic lock codes? Would “something you have” be protected under the right to silence in the same way as “something you know”?
  • What if your fingerprint data were stolen? Lock codes and passphrases can easily be changed if you think someone else has phished or stolen them. In the USA, even social security numbers – once regarded as immutable unless you entered a witness protection program – can now be reissued after a cybersecurity compromise. But how would you get new fingerprints?
  • What if someone cut off your finger to unlock your phone? The good news here is that dead fingers don’t work for electrical reasons, so there’s not much point in taking such a desperate step. But what if the criminals don’t know that it doesn’t work and try it anyway?
  • What if someone were to copy your fingerprint? After all, even though we now know how to do DNA matching, fingerprint evidence is still a handy investigative technique in law enforcement for the very simple reason that we leave copies of our fingerprints quite literally on everything we touch. Gloves might help, but how would you unlock and use your phone then?

Interestingly, the last concern turned out to be well-founded, given that just one week after writing about the launch of the iPhone 5s and its biometric home button, we wrote about how the Chaos Computer Club (CCC) in Germany had announced a way to make fake fingerprints that would fool Apple’s sensor.

Despite the CCC’s widely publicised hack, however, locking your phone with a fingerprint was certainly better than not locking it at all, and the TouchID feature quickly caught on.

How the CCC hack worked. Photograph a fingerprint, e.g. from the glass surface of the phone itself. Invert image to swap round black and white so the valleys are dark and the raised parts are light. Print on laser printer with the toner setting turned right up so the maximum amount of powder gets deposited to form a sort of 2.5-dimensional mould. Cover with wood glue and allow to dry fully. Carefully peel rubbery “fingerprint” off the “mould”. Place fake “fingerprint” on end of real finger. Breathe onto glue so the moisture makes it a tiny bit conductive. Swipe to unlock phone (maybe).

Plus ça change…

But TouchID didn’t last long, except on low-end Apple devices.

The problem was not so much that users fell out with the idea of using fingerprints as a shortcut to unlock their devices, but that they fell out with the idea of having a pesky home button at all, right where there could otherwise be more screen space.

So TouchID morphed into FaceID, using the front-facing camera, now integrated into a notch at the top of the screen.

Instead of matching some kind of digital hash of your fingerprint, the phone matched up a post-processed image of your face instead.

Swipe on the screen instead of pressing home, look into the camera instead of positioning your finger, and “boop,” you’re in.

…plus c’est la même chose

So we were surprised to see the rumour mill going into overdrive recently to claim that this year’s new iPhone models, presumably the “iPhone 13” (assuming that’s not considered unlucky in the North American market, where hotel elevators always seem to skip from level 12 to level 14), will be going back to TouchID.

Why, you might ask?

Well, the explanatory rumours behind the product rumours are surprisingly believable: even though FaceID seems to manage OK if you’re wearing things like hats, headscarves, headphones or hoodies (specatacles, too)…

…it doesn’t deal well with facemasks, which are commonplace these days as a sensible precaution against accidentally coughing or sneezing out coronavirus germs all over other people or products.

The humble blue paper facemask, it seems, is a great leveller, making us look all-too-similar as far as computer “vision” is concerned.

(Human brains, apparently, have a special section dedicated entirely to distinguishing faces, which is why babies can recognise their mothers long before they can focus their eyes fully.)

Presumably, if the rumours are true, FaceID will not go away (because which mobile phone vendor would ever consider introducing a new device without a front-facing selfie camera?), but Touch ID will be back.

You won’t have to use it

Frankly, we prefer typed-in lock codes anyway – long enough that every digit is used at least once so that the grease-spots on the screen don’t give away which numbers aren’t in the passcode.

We find it easier to tap in the passcode with one hand while the phone is sitting flat on our desk next to our laptop, than needing to angle the phone towards us, or lean over the camera, in order to line up our dial with its dial so it can figure out who we are.

It also means we can put duct tape over the selfie camera if we feel like it. (To be honest, we’ve never bothered, but we could if we wanted!)


Products You May Like

Articles You May Like

Fake Vaccine Domain Seized
Naked Security Live – Beware ‘Flubot’: the home delivery scam with a difference
Early bird extension gives you more time to save on passes to TC Early Stage 2021: Marketing and Fundraising
Stupid Is as Stupid Does: XDR Is About the Journey, Not the Destination
PHP community sidesteps its third supply chain attack in three years

Leave a Reply

Your email address will not be published. Required fields are marked *