Lifting Prints and Watching Codes
12th September 2013
Fingerprint sensor technology is nothing new. It has been around for decades and yet when Apple chooses to put one of its past acquisitions sensors in its top of the line iPhone 5S, suddenly the subject of fingerprint "security" is all the rage once more.
Security systems are a component of my job and fingerprint scanners are something I’ve come across both personally and industrially. Biometric scanners are generally NOT used in industry as they are generally too easy to fool and can also be very unreliable (false rejections being quite common). The other problem is that once a fingerprint is compromised for an individual, it can never be changed. Hence the first breach of a fingerprint is a permanent breach forever. Of course centralised databases with approval/rejection lists can tackle this problem in closed systems however there is a great public anxiety regarding this information being available to non-government organisations1 and Apple have chosen not to let it leave the device.
Rather than rehash the volumes already written in the last 48 hours or so, it’s more interesting to focus on the only part that matters: Just how hard is it to break into an iPhone using either a passcode or a fingerprint? Famously the Mythbusters showed that it could be done in Season 4, Episode 16. (It’s a great episode and well worth a watch if you have a spare 45 minutes). If you haven’t watched the episode, what follows a summary of the key points.
How The Mythbusters Beat The FingerPrint Scanner
The issue begins with getting a clean print. It’s much harder than people think to get a viable fingerprint in a normal living or working environment. You MUST start with a clean surface without dust or contaminants and how they did this in the Mythbusters episode was by handing Grant a brand new CD and then removing that CD after he’d touched it but before it could be contaminated by anything or anyone else.
They tried a basic scanner and then a professional security lock. First they tried paper, then they used an old printed circuit board etching technique to photo-resist then etch a raised fingerprint and then used a silicone mould of that. The cheaper fingerprint scanner didn’t recognise their first attempt, but after they manually enhanced the fingerprint samples and they re-etched the board and tried again: it worked. Trying to break the professional lock merely required a thinner moulding applied to a persons thumb, licked (to simulate sweat/conductivity) and they beat the scanner (19min 45sec in if you’re impatient). There were a few steps they didn’t screen however it’s likely that the trick may lie in the material used for the improved, thinner moulding.
In the real world one would have to carefully plan how and where to extract a print without being detected; then extract the print using a vacuum/super glue/fingerprint powder mixture, enlarge the image, trace it, etch it, create a mould from the etch, then apply that mould to someones thumb to break in. The possibility of 3D printing a fingerprint is interesting and may cut down some of the work, however this would only replace the etching steps. You still need a viable print and you still need to mould it properly.
A common misconception is that it’s easy to "lift prints" off a multitude of different surfaces. That simply isn’t true. Door handles are terrible because they will have dozens or even hundreds of partial, overlapping prints on them. Walls, Desks, Keyboards and mice are all a mess of smudges and a bit of powder or dust is a big problem. Go to the bathroom and wash your hands well and dry them and most residue is removed for a period following that. When my house faced a break-in attempt a few years ago the police reminded me that CSI has little bearing on real life - good prints are hard to find. They came up empty handed on multiple points of entry.
Obtaining the prints to one side, the Mythbusters episode was screened in 2006 and in the intervening years advancements in fingerprint scanning technology have surely been made. The sensor Apple acquired is likely to be more advanced that the ones the Mythbusters cracked however we can’t be sure of that yet. The final judgement of whether these techniques will work on Apples sensor will have to wait until it’s released to the general public in a few weeks time.
The Traditional Passcode
The alternative to the fingerprint scanner is the traditional passcode. You can select longer codes but my observation is that most people prefer the simple 4-digit code especially if they are constantly unlocking and relocking their phones all day long. There are 10^4 = 10,000 possibilities and the cracker has 10 attempts to get it right before they are locked out. The most likely possibility for breaking a code is to surreptitiously observe the user entering the code. When people are entering their code in public it’s actually quite easy to see what they’re entering as it’s difficult to obscure what you are typing in (unlike an ATM where there are privacy guards fitted around the keypads of many ATMs). Most people are holding the device in one hand whilst typing in the code with the other. Perhaps they are using their thumb on the hand that is holding the phone but then they can only shield one side with their other hand.
FingerPrints are Harder to Crack but once they are, it’s over
Between the two methods it could be argued that it is easier and less likely to be detected by simply observing the user entering the code than in trying to obtain a clean fingerprint by removing an item they have touched or if it can’t be removed, dusting for a fingerprint in a public place.
Still, if one goes to the considerably greater effort to extract a fingerprint then they could have access for life, whereas a passcode can be changed at any time2. Either way, neither method is truly safe but for entry-level crooks, the fingerprint is much better as it raises the difficulty of cracking it higher than the passcode can.
That’s Not The Point
As fun as this has been, let’s stop for just a moment. Perhaps seeing the fingerprint scanner as an improved security measure isn’t the point of it at all. Think back to the keynote (56min 05sec) where Phil Schiller explains that approximately 50% of their users did NOT set a passcode3.
If we accept that both passcodes and fingerprint scans can be beaten with varying levels of effort, then it’s obvious that Apple aren’t just implementing the fingerprint scanner for those of us that use a passcode all the time - they’re trying to get the other 50% of users to start locking their devices by lowering the barrier of entry. Without having to worry about setting a code or setting one then worrying about forgetting it later, a fingerprint scan makes securing your device a no-brainer4. If those of us already using passcodes are happy to live with a fingerprint scan even though we know it’s not infallible then that’s a bonus.
Apple know that a secured device that keeps out the majority of casual thieves is one that will keep customers happier if they lose their device or it is stolen. A fallible but present security measure is better than no security measure at all. With the iPhone 5S Apple have done what they always do: take an existing technology and integrate it in such a way that it makes it easier and more useful for the average person to enjoy. If it proves popular, expect to see it appear in all of their other products, desktops included, at some point in the future.
You’d be surprised just how many government departments have your fingerprints. Anyone that has a passport is just one example. ↩
How often people change their passwords is another analysis and discussion for another day. ↩
He wasn’t specific about whether they were iPhone/iPod Touch/iPad users. ↩
I’m assuming 5S owners will be greeted with a prompt asking them to submit a fingerprint for securing their phone during initial setup. ↩