iPhone 5s: It Doesn’t Make Sense to Steal Your Finger

| Analysis

The iPhone 5s includes Touch ID, Apple's new fingerprint recognition technology. You can use it to unlock your iPhone and authenticate for iTunes Store payments, but Touch ID is raising concerns that criminals will now cut off your finger when they steal your shiny new iPhone. The crooks that want your iPhone are better off leaving your finger intact because Apple's technology is designed to work with live body parts, not severed digits.

Buying an iPhone 5s? Don't worry. Your finger is probably safe.Buying an iPhone 5s? Don't worry. Your finger is probably safe.

Touch ID uses the iPhone's Home button to scan your finger or thumb print, and then uses that in lieu of a passcode to unlock the device. Instead of simply scanning print pattern on the outer layer of your skin, Touch ID uses an RF signal to look at the sub dermal layers in your finger and read your print pattern from there. For the system to work, your finger needs to be alive -- which also means it needs to be attached to your hand.

The technology Apple uses comes from Authentec, a company it bought over a year ago for US$365 million. The company was known for its fingerprint scanning technology and Near Field Communication (NFC) tech, too. At the time, there was speculation that Apple was bringing NFC to the iPhone for a digital payment system, but in the end it turned out Apple was far more interested in fingerprint scanning than NFC.

Even though you know your finger is worthless to criminals if it isn't still part of your body, that doesn't mean the bad guys who want your iPhone are savvy to that fact. While there's always a chance that someone could decide to cut off your finger, that's actually a lot of work and there are far easier ways to get past your iPhone's security measures.

The most obvious way to get past your passcode is to use some form of coercion, like the threat of physical harm. That's far quicker than finger cutting, far easier, and ultimately far more effective because it actually works.

Keep in mind, PCs have had less sophisticated fingerprint security for years, and we haven't been overrun with reports of finger thefts going along with stolen laptops. That won't likely change when the iPhone 5s ships, although it's a safe bet the media will be all over the reports if it happens even once.

The idea of stealing your fingerprint goes beyond whether or not it's still attached to your hand. Once your print is scanned, it has to be stored somewhere, and that has plenty of people concerned that it could be stolen in digital form.

The Mac Observer's Charlotte Henry pointed out that the scanned version of your print is stored only on your iPhone in what's called the A7 processor's Secure Enclave. It's encrypted, and doesn't ever leave the chip -- no iCloud backup, and no sharing with other servers or services. Since it's encrypted, too, that makes it even more difficult for anyone to steal your print.

As macabre as it sounds, someone could decide to cut off your finger when they steal your iPhone, but they could do that regardless of whether or not your print has been scanned into your phone. What's more likely is that someone will just grab your iPhone and run, and they'll be stuck with a phone they can't ever use.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

Comments

Bosco (Brad Hutchings)

How about cops compelling you to unlock your phone so that they can search it? Practically speaking, an officer could subdue you and touch your finger to the home button to unlock it. In the booking process, they can use necessary force to obtain your prints. Given recent rulings on the cops’ ability to search phones of people they arrest on scene, I wouldn’t be surprised if this is put to the test in short order.

wab95

Jeff:

I’m glad that you’ve pointed this out, namely that the finger must be a living, perfused digit in order for the scan to work.

I don’t recall whether on one of your columns, or perhaps Bryan’s, but someone opined that, post iPhone 5s release, we might see a spate of finger amputations. I thought to make this point, but the press of work provided no time.

While leaders of crime syndicates tend to be intelligent individuals, this does not necessarily extend to petty criminals, but my sense is that the word will reach the street rather quickly, and iPhone owners’ fingers will remain securely attached. Afterall, petty criminals seek the path of least resistance to fast money, which usually does not involve street side surgery.

MacFrogger

C’mon everyone - all of this “thieves cutting off fingers” nonsense to get your fingerprint is complete BS!

It is far easier for a thief - right now - to steal your wallet or purse and get away with all your cash and credit cards than to perform the gruesome task of cutting off your fingers and then what?  Kidnapping you too so you don’t go to the police?  The former gives you some amount of time and should you get caught a robbery charge; the latter probably gives you less time (unless you kidnap the person at the same time) and carries additional charges related to the finger cutting, assault, etc.

mjtomlin

@ Bosco: So it unlocks your phone… that doesn’t necessarily means it gives you access to everything. You may in fact be able to passcode protect the rest of you phone even after it’s “unlocked”.

We don’t know how all this will work yet… BECAUSE NO ONE HAS PHONE IN THEIR HAND THEY CAN TEST.

I’ve heard from several people that someone could just taser you and use your print?

You really don’t think AuthenTec (and Apple) thought of that in this cop-taser-happy day and age? No one knows if it checks for pulse rate… is the pulse none existent… maybe the finger isn’t attached or the person isn’t aware, i.e. cut off or incapacitated?

Lee Dronick

As Wab95, the Doctor in residence, said:

  I’m glad that you’ve pointed this out, namely that the finger must be a living, perfused digit in order for the scan to work.

I had to look up the word perfused, thank God for “digital” dictionaries.

 

wab95

Many thanks, Lee.

As MacFrogger points out, Apple’s iOS users should view as nonsense the idea that someone could gain access to their device and data by amputating their finger(s). It’s not the tech-literate public, however, that is the issue, but the criminally minded who need to understand this, which as I’ve argued above, I think they will in very short order.

In the meantime, I must confess that I am bemused that Apple’s inveterate critics haven’t mounted their propaganda war steeds and charged with this theme, while the fog of misunderstanding still hangs.

Think of it. They could broadcast throughout the blogosphere that this finger scan technology that Apple are trying to foist upon all of us is all one cynical ploy to protect market share by locking in current users, and increase market share by taking users from other vendors. How? Simple, would be their rejoinder. Thieves, being the clever fellows that they are, would figure out that to break into your iPhone, all they need is your finger, or two or three (just in case one doesn’t work). Once they’ve pinched your pinkies, and you’re down by a couple digits, how’re you supposed to use that replacement phone? You can still log in with your remaining fingers, but try tapping out text, or zooming in on a map. Pretty tough going. And how about that stylus (eh, Samsung? Et tu, MS?) You can see what Apple’s doing here, can’t you? You’d have to use Siri! Just to use navigate your smartphone! See what they did here? You’d be locked in, forever, into Apple’s damn-ed ecosystem. Fiendishly foresightful.

How would they increase market share? Simple. You know it’s just a matter of time (weeks) before Samsung ‘innovates’ this infernal finger scan. Then what? That’s right. Snip! Off go their fingers, and then they’ll have to replace their Galaxies with iPhones, just so they can use Siri. Diabolical! In fact, given the rapid expanse of smartphone marketshare, why there could soon be millions of digitally challenged geeks planet-wide, all flocking to Apple’s Siri, just so that they can stay connected (which is more than we can say about their fingers, poor bastards). This is really Apple’s dirty little game, their cunning plan.

Seriously, I think Apple’s arch enemies are missing an opportunity here before people really understand how this technology works; so here’s my attempt to, um, lend them a hand. All it would require is one pundit with moxie, guts, massive cojones, and no sense of shame. Where is Rob Endrele?

Bosco (Brad Hutchings)

@mjtomiln: Funny, I haven’t seen anyone anywhere, including Apple, address that issue. I simply noted that this cops accessing your phone thing when you are detained is a very hot 4th Amendment issue right now. I also noted that getting a fingerprint to unlock your phone might not require the force of beating a password out of you. I certainly think that if you think there is a possibility that you might be detained or searched by a police or other government officer, that you make/keep it as difficult as possible for them to access data readily available on your phone and that you keep data on your phone to a minimum. This is regardless of whether you have ever done anything remotely wrong. They have no right to be in your stuff, don’t make it easy for them. That’s all.

amanda@eyeverify

Fingerprint and Touch ID are getting a lot of traction in the news these days as Apple is set to roll out the new iphone 5S with this biometric add-on on September 20th. Touch ID will all but eliminate the need for passwords and pins when using your iphone 5s. But, what happens if you don’t have the new phone? What options do users who have an Android, Blackberry or Microsoft device or a iphone 4s, 5 or even new 5c have available to them? EyeVerify!

EyeVerify is the exclusive provider of Eyeprint Verification, a highly accurate biometric for mobile devices. Eyeprint Verification delivers a password-free mobile experience and secure authentication at a glance. This patented solution uses existing cameras on smartphones to image and pattern match the blood vessels in the whites of the eyes. Best of all, you can get this technology right now for your existing device as long as your device has a 1 mega pixel camera.

Apple’s TouchID and the Eyeprint accomplish the same ultimate end goal. It is an accurate, secure & simple way to answer the question “Who is holding the phone?” Eyeprint Verification just happens to be more accessible to more of the population trying to solve the password problem.

To learn more about the differences in these technologies:
Check us out online www.eyeverify.com
Read our blog http://eyeverify.com/blog/
Follow us on twitter @eyeverify
Watch us on YouTube https://www.youtube.com/watch?v=Rv2PavHmtkY
Contact us to schedule an interview at denise.myers@eyeverify.com

Log-in to comment