Future iPhones might collect fingerprints, photos of thieves

Posted:
in General Discussion edited August 2016
An Apple patent application published on Thursday describes a method of storing an unauthorized user's biometric information, which can help strengthen security management or assist in device recovery and criminal prosecution in the case of a theft.




As published by the U.S. Patent and Trademark Office, Apple's invention covering "Biometric capture for unauthorized user identification" details the simple but brilliant -- and legally fuzzy -- idea of using an iPhone or iPad's Touch ID module, camera and other sensors to capture and store information about a potential thief.

In practice, the proactive security system works in much the same way as existing Touch ID verification processes.

Currently, users have five attempts to unlock iPhone or iPad with Touch ID before the device defaults to a 6-digit passcode or custom alphanumeric code. Ten failed passcode attempts results in a "cool down" period or a complete data wipe, depending on user settings. Further, passcodes are required after restarting the device, after more than 48 hours has elapsed between unlocks and when an owner wants to manage Touch ID and Passcode device settings.

Apple's patent is also governed by device triggers, though different constraints might be applied to unauthorized user data aggregation. For example, in one embodiment a single failed authentication triggers the immediate capture of fingerprint data and a picture of the user.

In other cases, the device might be configured to evaluate the factors that ultimately trigger biometric capture based on a set of defaults defined by internal security protocols or the user. Interestingly, the patent application mentions machine learning as a potential solution for deciding when to capture biometric data and how to manage it.

Other data can augment the biometric information, for example time stamps, device location, speed, air pressure, audio data and more, all collected and logged as background operations.


Flowcharts illustrating various implementations of Apple's invention. | Source: USPTO


The deemed unauthorized user's data is then either stored locally on the device or sent to a remote server for further evaluation. In some embodiments, stored information is purged at regular intervals to save onboard space. Alternatively, purges can also take place when the system determines the data is no longer needed. For example, a device owner's child who is not provisioned to use the device might attempt to access it anyway, leading to multiple invalid attempts over a given period of time.

As for offloading the biometric data, Apple says server-side systems may be able to cross reference fingerprint and photo information with an online database containing information of known users. Additionally, the system can log keystrokes to determine what operations the unauthorized user was attempting to execute while using the device. Given today's litigious climate and emphasis on personal privacy, however, these last two features feel a bit intrusive.

Apple ushered in the era of tenable biometric security technology with Touch ID, a fingerprint sensor that delivers quick, accurate and consistent results. Most importantly, and especially with zippier hardware introduced in iPhone 6s, Touch ID is integrated seamlessly into iPhone's user experience, meaning more people use it.

Touch ID has in some respects cut down on the scourge that is smartphone theft. Thieves doing risk/reward calculations now think twice before stealing an iOS device that might very well turn into a brick.

That being said, today's invention moves away from industry standard countermeasures and into the gray area of proactive digital forensics. As such, it is unlikely that Apple will introduce the technology in a consumer product anytime soon.

Apple's application for collecting biometric information from unauthorized device users was filed for in April and credits Byron B. Han, Craig A. Marciniak and John A. Wright as its inventors.

Comments

  • Reply 1 of 18
    Last year, for reasons I can't explain, I completely forgot my passcode. Something about my brain screwing up the order of the numbers and trying to second-guess my muscle memory caused me to enter the wrong code over 10 times. When I finally remembered the right sequence, I was able to unlock my now-wiped phone. Didn't lose any data, restored everything from backup, invented a new code so I wouldn't fall into that rut ever again, and no it's like nothing ever happened. It was just an accident, the phone never left my person. But with this, TouchID enabled or not, my face and fingerprint would now be on file with law enforcement, even though I no criminal record whatsoever. Just because I caught a bad case of the stupid one night. I hope this is another copyright-and-bury patent that Apple filed explicitly to prevent anyone from doing such an NSA thing.
    irelandmobius
  • Reply 2 of 18
    Last year, for reasons I can't explain, I completely forgot my passcode. Something about my brain screwing up the order of the numbers and trying to second-guess my muscle memory caused me to enter the wrong code over 10 times. When I finally remembered the right sequence, I was able to unlock my now-wiped phone. Didn't lose any data, restored everything from backup, invented a new code so I wouldn't fall into that rut ever again, and no it's like nothing ever happened. It was just an accident, the phone never left my person. But with this, TouchID enabled or not, my face and fingerprint would now be on file with law enforcement, even though I no criminal record whatsoever. Just because I caught a bad case of the stupid one night. I hope this is another copyright-and-bury patent that Apple filed explicitly to prevent anyone from doing such an NSA thing.
    wow. where did you read that if you entered your passcode wrongly, your photo would be sent to the police?! The only mention I saw was cross referencing a database but surely that would only be even considered once the iphone was registered as stolen and police were already involved. Paranoid much?
  • Reply 3 of 18
    irelandireland Posts: 17,798member
    Just tested it. Passcode is required after three failed Touch ID requests.
    jay-tSpamSandwich
  • Reply 4 of 18
    irelandireland Posts: 17,798member
    Last year, for reasons I can't explain, I completely forgot my passcode. Something about my brain screwing up the order of the numbers and trying to second-guess my muscle memory caused me to enter the wrong code over 10 times. When I finally remembered the right sequence, I was able to unlock my now-wiped phone. Didn't lose any data, restored everything from backup, invented a new code so I wouldn't fall into that rut ever again, and no it's like nothing ever happened. It was just an accident, the phone never left my person. But with this, TouchID enabled or not, my face and fingerprint would now be on file with law enforcement, even though I no criminal record whatsoever. Just because I caught a bad case of the stupid one night. I hope this is another copyright-and-bury patent that Apple filed explicitly to prevent anyone from doing such an NSA thing.

    Wouodn't it be great if Apple had a department who phoned the registered owner of the phone in this scenario to check somehow if their phone was stolen or missing before proceeding to the next level?
    SpamSandwich
  • Reply 5 of 18
    crowleycrowley Posts: 10,453member
    ireland said:
    Last year, for reasons I can't explain, I completely forgot my passcode. Something about my brain screwing up the order of the numbers and trying to second-guess my muscle memory caused me to enter the wrong code over 10 times. When I finally remembered the right sequence, I was able to unlock my now-wiped phone. Didn't lose any data, restored everything from backup, invented a new code so I wouldn't fall into that rut ever again, and no it's like nothing ever happened. It was just an accident, the phone never left my person. But with this, TouchID enabled or not, my face and fingerprint would now be on file with law enforcement, even though I no criminal record whatsoever. Just because I caught a bad case of the stupid one night. I hope this is another copyright-and-bury patent that Apple filed explicitly to prevent anyone from doing such an NSA thing.

    Wouodn't it be great if Apple had a department who phoned the registered owner of the phone in this scenario to check somehow if their phone was stolen or missing before proceeding to the next level?
    Or sent the fingerprint and photo of the supposed thief to the phones actual owner so they can decide what to do with it.
  • Reply 6 of 18
    Apple has boasted that the iPhone cannot record fingerprints and the sensor only provides a generic code used to find a match.  Seems to me the Apple device would need the ability to capture a real fingerprint for this security measure to work which could be a privacy issue for many.
    aeronprometheus
  • Reply 7 of 18
    gatorguygatorguy Posts: 24,176member
    I don't think most members here would like this:
    "Apple says server-side systems may be able to cross reference fingerprint and photo information with an online database containing information of known users."
    singularity
  • Reply 8 of 18
    ireland said:

    Wouodn't it be great if Apple had a department who phoned the registered owner of the phone in this scenario to check somehow if their phone was stolen or missing before proceeding to the next level?

    ...Call them on what? The missing phone?
    cali
  • Reply 9 of 18
    The solution to worries about recording data of legitimate users are easily solved.

    Through Find my iPhone with an extra setting similar to Lost Mode. This would start the procedure of collecting data. A message on the lock screen stating the device is in "Theft Mode" would warn people the iPhone is recording data.

    All that's left is a way to disable Airplane Mode such that a phone that's missing can't be put into Airplane Mode by a thief. My idea is requiring Touch ID to enable Airplane Mode if it's accessed from the Lock Screen. Another idea I'd like to see is if an iPhone hits certain battery levels that it automatically comes out of Airplane Mode just to check in and see if it's been sent anything from Find my iPhone and to report its last location. Or a device that's in Lost Mode would allow a crook to turn on Airplane Mode (make them think it's on) when in fact the device still has connectivity. 
    cali
  • Reply 10 of 18
    I always find it amazing that these basic ideas can be patented. Lookout takes a photo and emails it to me if someone uses the wrong security pattern more than three times - which means I get a few photos of myself in the early morning looking confused. The details are slightly different but surely not enough to patent and I I would guess there are similar security apps doing the same thing
  • Reply 11 of 18
    SpamSandwichSpamSandwich Posts: 33,407member
    gatorguy said:
    I don't think most members here would like this:
    "Apple says server-side systems may be able to cross reference fingerprint and photo information with an online database containing information of known users."
    But change this from applying to the general public and instead to a roster of employees at a large company or a vetted group of people and the value of such a system suddenly goes up. Corporations, government agencies and anywhere else security in a group setting is critical would make this a sought after feature.
    frac
  • Reply 12 of 18
    SoliSoli Posts: 10,035member
    Apple has boasted that the iPhone cannot record fingerprints and the sensor only provides a generic code used to find a match.  Seems to me the Apple device would need the ability to capture a real fingerprint for this security measure to work which could be a privacy issue for many.
    That was my first thought.
  • Reply 13 of 18
    SoliSoli Posts: 10,035member

    The solution to worries about recording data of legitimate users are easily solved.

    Through Find my iPhone with an extra setting similar to Lost Mode. This would start the procedure of collecting data. A message on the lock screen stating the device is in "Theft Mode" would warn people the iPhone is recording data.
    Sound reasonable to me.

    All that's left is a way to disable Airplane Mode such that a phone that's missing can't be put into Airplane Mode by a thief. My idea is requiring Touch ID to enable Airplane Mode if it's accessed from the Lock Screen. Another idea I'd like to see is if an iPhone hits certain battery levels that it automatically comes out of Airplane Mode just to check in and see if it's been sent anything from Find my iPhone and to report its last location. Or a device that's in Lost Mode would allow a crook to turn on Airplane Mode (make them think it's on) when in fact the device still has connectivity. 

    There are a couple features I'd to see in future devices.

    1. Allow for the option to require Touch ID or a passcode to access Settings, which includes trying to enable Airplane Mode or disable radios form Notification Center.
    2. "Poison finger" Touch ID option(s) that will do a complete lockdown of a device and/or send your current location to someone when used.
    3. Don't show anything on the Lock Screen after a restart and before the first correct passcode has been entered. Showing a text with the senders phone number or email address is less secure than showing the person's name in Contacts, in many-if not most-instances.
  • Reply 14 of 18
    fracfrac Posts: 480member
    gatorguy said:
    I don't think most members here would like this:
    "Apple says server-side systems may be able to cross reference fingerprint and photo information with an online database containing information of known users."
    But change this from applying to the general public and instead to a roster of employees at a large company or a vetted group of people and the value of such a system suddenly goes up. Corporations, government agencies and anywhere else security in a group setting is critical would make this a sought after feature.
    I was just at a'very' secure storage facility to collect some hellishly expensive tooling steels where they have in excess of £100m in value stored. Yes, they can be that expensive. The 'access' security in place is frustrating, interminable and often prone to key holders going absent causing further delays. 
    I was reading this post while I waited and showed it to their security chief. He pretty much repeated your thoughts on its usefulness, particularly for them where they control access to many individual units - all with different key holder groups. Being a security guy his eyes lit up at the thought of monitering unlawful attempts to bypass security. 
    Not sure about usefulness for consumers but that's not my area. 
  • Reply 15 of 18
    calicali Posts: 3,494member
    Freaking GENIUS!

    Bravo Apple!!
  • Reply 16 of 18
    jeffjohns said:
    Its really a good news for all because its very important for all who have iPhone's so just waiting when will next iPhone be came View More : http://nigerian-news.com/apple-ceo-tim-cook-briefs-launch-iphone-7/
    Excuse me? Nigerian news? Sorry dude.
  • Reply 17 of 18
    jfc1138jfc1138 Posts: 3,090member
    Collection enabled by a "theft mode" and I'm on board with it. 
Sign In or Register to comment.