2013-09-12

Co.Labs

The Biomorphic Reason Why Dismembered Fingers Can't Unlock Your iPhone 5S

Let's all chill out about the chance someone'll chop off your finger to get access to your iPhone 5S's juicy innards.



It didn't take long after Apple announced the iPhone 5S and its swift and secure fingerprint-sensing technology for nonsensical articles like this one at the Guardian to appear: "iPhone 5s; Would thieves really chop off your fingers to access it?" Satirical, and possibly serious, tweets to much the same end have also flourished on Twitter and I've heard so-called "jokes" in person on the matter. Can we just apply some science, logic, and clear thinking and nip this in the bud right now?

Yes, we all know that some fingerprint sensors of old can be fooled by using gummy bears, molded gelatin, or even just a photocopy of a valid fingerprint. There's a wonderful MythBusters episode all about this, and it's the reason why many security-conscious services around the world won't rely on optical fingerprint scanners to secure property or data. The keyword is "optics," of course: This scam is all about creating a believable image of a valid fingerprint to fool the sensor. Fooling an iPhone scanner of this design would take some clever thinking, and access to a fingerprint--something the super-shiny surface of a typical smartphone is very likely to serve up on a platter.

But Apple's sensor doesn't work like that. The company's taken some time out to explain just a few details of how it works, and this is enough to make us believe the sensor is the novel one we at CoLabs talked about just a few weeks ago. In its tech explanations, Apple points out the sensor scans just beneath external skin layers to see the real living fleshy wrinkles that comprise the loops and whorls of your unique print patterns to get a more reliable "reading" (one that ignores effects something like fluff on your fingertip). Apple also points out that the sensor is fallible, and if your fingertip is wet, for example, or perhaps is heavily scarred the high resolution capacitance-scanning sensor will be unable to get a good image of your print.

The keyword there is "capacitance," since it tells us about how the sensor works. Let's talk about the physics of fingertips and touchscreens to show why this is important. Modern touchscreens look for the presence of a material with a particular dielectric quality above a sensor pixel. The material changes the capacitance of some of the thousands of tiny circuits on the display, and that's how the screen knows you're touching it at a particular point.

This is why you can't simply prod at your iPhone screen with a pencil or a gloved finger: The electrical signature of these objects near the screen won't trigger the sensors simply because they don't "feel" right. The screen is really crying out for flesh. That's why some smart-thinking individuals in chilly Korea discovered that carrying a frozen sausage around is a handy iPhone alternative to un-gloving your fingers in the snow--the meat in the sausage has just about the right electrical properties.

So, the iPhone's new sensor will likely be looking for a substance with all the right electrical properties to activate its fingerprint scanning systems. You won't be able to fool it with a simple low-tech photocopy of a fingerprint. That should dismiss worries that your iPhone 5S will be vulnerable to fast-and-simple fingerprint hacks...even a fake print stuck onto a real finger wouldn't work.

But what about molding a fingerprint in ballistic gel, or a gummy bear or some other material? That may or may not work, depending on the precise electrical characteristics the sensor is tuned to detect. But given that Apple's noted that a real-life wet, human fingertip may cause a sensing failure, we're guessing you'd have to get the bio-electrical parameters of that gummy bear to match human flesh pretty darn well. That would take significant time and effort.

How could you fool this sensor then? Maybe, just maybe, you could somehow pattern a real piece of meat with the patterns of a valid fingerprint. That would require that you have an accurate 3-D scan of a print, and both the time, technology, and inclination to try the trick. These aren't the characteristics of a typical mugger or opportunist thief, who would seem more likely to sell a stolen iPhone as quickly as possible without even trying to crack its access code. Even someone like the NSA isn't going to try this, as they've probably got swifter, more electronic ways to hack in. The whole idea may not work anyway if the 5S's sensor is particularly tuned to "living" flesh.

Which is also one reason simply snipping a finger off may not work. If Apple says scarred human tissue isn't ideal for the sensor, then--how to put this?--a "dead" finger may not work either.

That doesn't mean folks wouldn't try, though. But let's be honest: Someone who mugs you for your phone is pretty unlikely to also be unhinged and/or stupid enough to steal your finger too. And if you meet a crazy person of that magnitude, then you've probably got much more life-threatening things to worry about. It'd be less risky to simply coerce you into unlocking the phone...and that's something they could do even if the phone's locked with a simple code.

So let's all be calm about this.

[Image via Flickr user: Kristaps B.]






Add New Comment

6 Comments

  • Tim Parsons

    I'm not sure how the argument that a dead finger won't work can be made if you're saying that a frozen sausage does have the correct properties? Surely a dead finger is pretty close to a frozen sausage? (that has to be one of the strangest comments I've ever made)

    Surely the way to ensure that it is a live finger is to use the scanning technology to look for blood flow, rather than just relying on the 'dielectric' properties?

  • Gest

    It would be appropriate to assume that the fingerprint scanner looks for vital signs in the finger, unlike the screen which doesn't need that, just requires a "Dielectric properties", this would require that AND a living thumb, i.e receiving blood (or maybe even lower requirements such as warmth.

  • Andrei Volgin

    Instead of carrying a sausage, you can switch to Nokia Lumia phones and keep your gloves on when it's cold.

  • takethingsliterally

    Yes you can if you hold the dismembered finger with your actual fingers