时间:2024-09-20 09:08:08 来源:网络整理编辑:娛樂
From fingerprints, to facescans, to possibly even sweat analysis, biometrics have become the default
From fingerprints, to facescans, to possibly even sweat analysis, biometrics have become the default way many of us secure our data and unlock our smart devices. But with that ubiquity also comes risk, as security researchers have demonstrated time and time again that many of these supposed safeguards are susceptible to multiple-step hacks.
But what about, you know, single step hacks? Like, for example, hacking off someone's thumb? The question of whether or not a dead body or missing limb could be used to unlock a phone is not a new one, and has been asked since at least the release of Apple's Touch ID. And yet, despite the years of coverage, no one has been able to agree on an answer.
SEE ALSO:So how worried should we be about Apple's Face ID?The rather morbid debate popped back into the public consciousness this month after the tragic November 5 mass shooting at a Texas church. USA Today subsequently reported that the FBI was attempting to gain access to the shooter's iPhone, and that, if Touch ID was enabled, a specialized reproduction of his dead finger would likely have sufficed to unlock it — assuming it was used within a 48-hour window of the last time the phone was unlocked.
This claim, based on the expertise of Anil Jain, a professor of computer science at Michigan State University, adds a confusing layer to the reporting of numerous outlets — including this one — that a dead hand itself would notbe sufficient to bypass Touch ID. That's because the Apple-developed biometric uses radio frequency waves to check the skin underneath a finger's outer layer, a trick that supposedly prevents a dead one from being used. What's more, the tech also relies on a capacitive sensor which is activated by an electrical charge in living skin. No living skin, no luck.
So can smartphones make a distinction between the living and the dead, or not? The answer matters. If the fingers, eyes, or face of a deceased victim be used either by law enforcement or criminals to unlock a smartphone, then biometric locks have a brutally defined shelf-life. This, of course, would stand in contrast to a strong alphanumeric password which can't (at least yet) be pried from your ever-so-quickly decaying body, and would suggest yet another reason that the security conscious should avoid biometrics like a privacy-violating plague.
Credit: BRITTANY HERBERT/MASHABLEMashable repeatedly asked Apple, Google, and Samsung for comment on the matter, but received not a single response to our numerous inquiries. We also reached out to a host of biometric security experts, hackers, digital law experts, and forensic pathologists in an attempt to get to the bottom of what has passed from the realm of dark thought experiment to serious inquiry, but the responses (or lack thereof) only further muddied the waters.
It's almost as if, when it comes down to it, there's no agreement on whether or not a dead body could pass the biometric test.
There are, of course, many different forms of biometric security. Different devices rely on varying hardware and software solutions for purposes of authentication, and some of those have shown to be substantially less robust than others.
Daniel Edlund of Precise Biometrics, a company that makes and sells software for fingerprint authentication, told Mashable that the dead-body question comes down to a feature known as "liveness detection."
"If the fingerprint technology is equipped with what is called liveness detection, or in professional terms 'Presentation Attack Detection,' it will with a high security reject false fingerprints," he explained over email. "It doesn't matter if it is a copy of a fingerprint, such as a rubber, silicon or plastic replication, or a dead finger."
Touch ID, which relies on the aforementioned capacitive sensor and RF waves, would seem to fall in that category. It's less clear with Face ID, which Apple claims is "attention-aware." However, according to the company, that simply means the phone "recognizes if your eyes are open and looking towards the device." As the 1993 modern American classic Demolition Manmakes clear, an eye doesn't necessarily need to be attached to a living head to fulfill that requirement.
Nate Cardozo, Senior Staff Attorney on the Electronic Frontier Foundation's digital civil liberties team, had a different take based upon his technical knowledge of the systems in question.
"It's my understanding that while Touch ID does work [with a deceased individual], Face ID won't because it detects 'attention' from the user."
Face ID doing its thing.Credit: appleThis sentiment was partially echoed by Phobos Group security researcher Dan Tentler, who likewise gave a conditional response when asked about using the dead to unlock a smartphone.
"Touch ID, definitely," he observed over email. "Face ID? Hard to say, you could probably get it done if you had the body, and were able to open the person's eyes. But then again, there was that one guy who shaved his beard and Face ID quit working, so it's hard to say."
Yet another expert, UnifyID co-founder and CEO John Whaley, went even further. His company specializes in behavioral biometrics — a way to "authenticate you based on unique factors like the way you walk, type, and sit" — and his assessment of dead bodies and biometrics suggests that your digital secrets won't die with you.
"It is certainly possible to authenticate with biometrics even without user consent, or the person even being alive," he explained. "This is especially true if the factor they use is static, like a fingerprint or a face. One attempt to combat this is to use a liveness check, but even those are often easily spoofable."
In other words, in Whaley's mind, even the latest and supposed greatest in biometric security —Face ID — is likely capable of being unlocked with the face of a deceased individual.
Manufacturers around the world love to brag about the biometric locks built into their smartphones, claiming to have found that sweet spot between security and convenience. However, short of someone conducting an extremely unethical experiment, the "severed finger test" is one that companies like Apple and Google may never have to take — let alone prove they can pass.
That won't matter for most consumers, who, if presented with the possibility of having their hand lobbed off by a criminal trying to break into their phone, will likely be more concerned about their digits than their documents. However, as time passes and biometric sensors are added to more and more of the devices that surround us, a new question is presented: who has access to our identity — and our data — after we die?
Much like whether or not a corpse can be used to unlock an iPhone, that question still remains very much unanswered.
TopicsAppleCybersecurityGoogleiPhoneSamsung
Researchers create temporary tattoos you can use to control your devices2024-09-20 08:39
馬特烏斯 :新德國激發球迷熱情 世界杯奪冠有望2024-09-20 08:29
國足團隊開始布置比賽場地 不對外開放營造主場氣氛2024-09-20 08:22
國足團隊早在40強賽就已跟蹤日本隊 全麵分析對手打法2024-09-20 08:11
Honda's all2024-09-20 07:55
沈夢雨替補登場精準傳球造點 完成蘇超女足聯賽首秀2024-09-20 07:44
吳曦 :輕鬆心態麵對日本隊 教練組幫助隊員減壓2024-09-20 07:12
勝利大逃亡 !摩洛哥客場遇幾內亞政變 球隊緊急撤離2024-09-20 07:06
Make money or go to Stanford? Katie Ledecky is left with an unfair choice.2024-09-20 07:05
巴黎4年前為內馬爾燒掉4.89億歐 !西媒暗示他不值2024-09-20 06:42
Metallica to seek and destroy your eardrums with new album this fall2024-09-20 08:58
十佳球:烏克蘭妖鋒淩空吊射 北愛中場逆天穿雲箭2024-09-20 08:57
林加德談模仿C羅慶祝:這是獻給他回歸曼聯的禮物2024-09-20 08:30
中超引援調節費走到十字路口 有隊仍未繳納涉及公平問題2024-09-20 08:19
You will love/hate Cards Against Humanity's new fortune cookies2024-09-20 08:18
董路 :這屆國足全都悶著踢 缺少有領導力的大哥2024-09-20 08:18
滄州雄獅已與古特比解約 新帥主要目標仍為外教2024-09-20 08:01
國足領隊呼籲球迷寄予更多支持 長期海外征戰史上首次2024-09-20 07:43
Samsung Galaxy Note7 teardown reveals the magic behind the phone's iris scanner2024-09-20 07:42
李鐵 :球員已經走出失利陰影 希望隊員當決賽來踢2024-09-20 07:12