Difference between revisions of "Touch ID"

Revision as of 10:41, 5 April 2021

Touch ID Usage ^[1]

Touch ID was first made by Apple Inc. as a fingerprint recognition security feature on iPhones. It was used to unlock iPhones, to make purchases on the Apple Store, and to use Apple Pay. Touch ID was first introduced in 2013 with iPhone 5S, and with time the Touch ID was improved and added to even more Apple products. Although the Touch ID is still used and incorporated in many Apple products today, Face ID, a facial recognition security feature, is used a lot in the new Apple phones. Face ID was introduced in 2017 with the iPhone X and created quite the commotion among many Apple product users.

The Touch ID works by using a sensor to pass a small current to the user's finger and create a 'fingerprint map'. This map is then stored in a chip in your phone so hackers cannot externally access that information.

History

History Behind FingerPrints

Fingerprints are tiny patterns on the tip of our fingers that are completely unique for each person. No two people have ever been found to have the same fingerprint, so it has been seen as one of the most secure ways to verify people. Another reason they are considered a highly secure feature is that they never change with age and they are easily collected from people. The use of fingerprints as a security feature has been most commonly utilized by state prisons, police stations, and even the FBI^[2].

Uses Outside Phones

The FBI and police use fingerprints to identify suspects and solve different crimes where fingerprints can be found at the scene. Often they use fingerprint identification to decide sentences, probation, and paroles. The way they find fingerprints is often through chemical techniques and then find matches through online programs^[3].

History Behind TouchID

In 2012, Apple bought AuthenTec for $356 million and used their technology to build the Touch ID sensors on the iPhone 5S. Once the Touch ID feature was finished and perfected, it wasn't long before companies like Motorola and Fujitsu tried to potentially buy out Apple, but Apple did eventually win. In 2013, the iPhone 5S came out with Touch ID for their iPhones which was used only to unlock the phone. Simply resting your finger on the sensor area will automatically read the fingerprint. In certain scenarios, like rebooting the phone, Touch ID is disabled and the user's numerical passcode is required^[4]. A year later, when the iPhone 6 and 6 Plus were released, Touch ID was able to not only unlock the phone, but could be used to make purchases in the App Store, iTunes, and Apple Pay. The Touch ID technology is now on 6S, 6S Plus, 7, 7 Plus, 8, 8 Plus, SE (2nd generation), MacBook Pro, MacBook Air, iPad Pro, and iPad Air. With the updated Touch ID, you can choose to show details about your notification only after your fingerprint is read. This way other people who look at your phone can't read your notifications if your iPhone is not unlocked. Now with Facial Recognition rising, it seems that Touch ID's time might slowly be coming to an end. However, its impact on our technological advancements has been revolutionary in the field of technology^[5].

Touch ID Setup on Mac

The Chip

The Fingerprint data was first stored in the Apple A7 chip in the iPhone 5S, but with new phones came new chips. They are now stored inside the Apple A8, A8X, A9, A9X, A10, A10X, A11, A12, A13, and A14 processors in the iPhones and in the T1 and T2 in the MacBook Pro and MacBook Air. Contrary to popular belief, the fingerprints are not stored in iCloud or any place outside the physical iPhone itself.

Apple and Anti-theft technology

As one of the leading technology companies, Apple has invested heavily in anti-theft technology. If an Apple device is lost or stolen, touch ID and Find My iPhone work together to offer additional protection against theft^[6]. If the iPhone owner realizes it is missing, there are numerous ways to lock and locate your device. Without the iCloud account info, passcode, or touch ID, it is impossible to get into the device unless you have the original box and the iPhone's serial number. If the owner can't locate an iPhone, you can remotely erase your devices to protect their information.

Essentially, Apple has created a general culture that their products, especially their most popular product, iPhones, can't be stolen effectively. This process has coined the term "brick" for iPhones that have been stolen and locked. Unless the original owner deactivates the security protocols and unlocks the devices, it has no viable use other than spare parts.^[7]

However, hackers are becoming more advanced by the day, and while it is implausible that a stolen phone would end up in a hacker's hands, it is possible.

In this case, Apple has set another safeguard called the Secure Enclave, which Apple developed to protect your passcode and fingerprint data. Meaning touch ID doesn't store any fingerprint images and instead relies only on a mathematical representation. It isn't possible for someone to reverse engineer your actual fingerprint image from this stored data therefore your biometrics are protected.

Ethical Dilemmas

Access To Our Information

One of the ethical issues that arise with biometric fingerprinting is the right to privacy. For instance, “Biometric data are personally identifying information. Thus biometric systems have the potential to collect not only pattern recognition information captured by sensors, but also other information that can be associated with the biometric data themselves or with data records already contained within the system.”^[8] As a result, the problem arises with what data should be stored and for what purposes. This dilemma gets even more complicated when private companies are allowed to collect your information. For instance, “The GPS Act permits service providers to collect geolocation information in the normal course of business”^[9]. Hence, it has become ever more important to know what information is being sent and collected about the user while accessing laptops, phones, smartwatches, etc.

As a follow-up to the concerns mentioned above, the issue arises here regarding informed consent of the user in terms of what they are signing up for because understanding what you are signing up for before giving away sensitive information is an important aspect of a person’s privacy right. “In general, adults are considered to have sufficient ability to under-stand information. The problem is mainly the child’s informed consent when using biometrics (24). Similar informed consent issues also come from vulnerable populations such as the elderly, mentally ill, and poorly understood people”^[10]. Therefore, understanding the terms and conditions before signing up has become important in today’s world.

One of the steps that Apple has taken recently to address some of the issues regarding the storage and retrieval of sensitive information is the use of tokens. For instance, “With Apple Pay, your exact credit card information is never sent over the internet. Instead, a token or random string of numbers representing the card is sent. Biometric tokenization is similar, but it's your biometric data, rather than credit card info, that is obfuscated and transmitted.”^[11]

How Secure Is Touch ID?

Touch ID is more secure than Face ID but less secure than person password entering. The question is how much less secure is this more convenient option than typing in your password every time you need to unlock your phone or sign in to an account? Apply claims the uniqueness of an individual's fingerprint makes this system extremely secure but researchers have recently discovered a new way to break this security barrier. Researchers at Michigan State University and New York University have discovered that because the fingerprint scanners on phones are so small, they only read partial fingerprints--making the images easier to duplicate. Touch ID works by taking about ten different images creating ten partial images of your fingerprint from different angles, never creating one full unique fingerprint image. Therefore, a hacker only needs to match one of these ten partial fingerprint images to unlock the phone. Through the study, using computer simulations, researchers "were able to develop a set of artificial “MasterPrints” that could match real prints similar to those used by phones as much as 65 percent of the time.” ^[12] Although this is a concerningly high number, these tests were not done with phones. Instead, they were tested on Touch ID systems not connected to phones, making the realistic percentage of replicated prints much smaller. There is concern about the idea that hackers only need to match one of the ten partial prints to unlock your phone but realistically, this is still a very unlikely and difficult thing to do. Although Touch ID is a very secure system, this study highlights some minor weaknesses it presents that could easily be fixed. Most of the researchers were quoted saying they still use Touch ID to secure their phones, but might suggest users use personal password insertion for more confidential log-ins like bank accounts.

User Accessibility Concerns

Apple has made massive efforts in improving accessibility in recent years. This includes adding categories such as “Vision,” Interaction,” “Hearing,” “Media,” and “Learning” to their “Accessibility” section in their phone settings. However, the release of the iPhone X prompted some concern among the blind/low-vision community ^[13]. The removal of the home button with the additional Touch ID feature posed some complications with those who relied on the physical feeling of the home button to navigate unlocking their phone.

Luckily, the new Face ID feature has proven to outdo Touch ID at every level in regards to accessibility. First, the set-up process of Face ID is much faster and requires less precision which can be a hinderance to many with limited fine-motor skills. Beyond set-up, Face ID has allowed Apple to make a virtually hands-free experience. The VoiceOver feature has been a vital tool to the blind/low-vision community and this coupled with the Face ID unlocking feature make iPhone products all the more accessible. You still have to occasionally swipe up from the bottom of the screen to the top, but this requires less precision than the former home button/Touch ID as mentioned previously ^[14].

Although Face ID is generally more accessible, there was previous concern with the “look-to-unlock” feature that requires an active gaze would create a barrier. People with visual impairments or blindness find this task difficult or impossible to do. They also don’t naturally hold the phone up to their face when using them. However, Apple thought this through and allows users to disable this feature by going to Settings > Face ID and Passcodes > Required Attentions for Face ID ^[15]. Apple does say, “Requiring Attention makes Face ID more secure,” but unlike Touch ID which allows multiple fingerprints to be added, only one face can be entered for Face ID ^[16]. Touch ID is not made with accessibility in mind. Apple went a more inclusive route by creating and implementing Face ID instead.

See also

References

1. ↑ “How to Set up Touch ID on Your IPhone or IPad - Apple Support.” YouTube, YouTube, 5 Mar. 2018, www.youtube.com/watch?v=xTZ2LALWZlg.
2. ↑ Watson, Stephanie (2021). "How Fingerprinting Works" howstuffworks.
3. ↑ The Scientific Research Honor Society (2021). "Crime Scene Chemistry: Fingerprint Analysis" American Scientist.
4. ↑ Apple Inc. (October, 2014). "IOS Security" IOS Security.
5. ↑ Dormehl, Luke (July 28, 2020). "Today in Apple history: Apple acquires the company behind Touch ID" Cult of Mac.
6. ↑ https://support.apple.com/en-us/HT204587
7. ↑ Srinivasan, Avinash, and Jie Wu. "SafeCode–safeguarding security and privacy of user data on stolen iOS devices." International Symposium on Cyberspace Safety and Security. Springer, Berlin, Heidelberg, 2012.
8. ↑ “Read ‘Biometric Recognition: Challenges and Opportunities’ at NAP.edu.” National Academies Press: OpenBook, www.nap.edu/read/12720/chapter/6#111.
9. ↑ “GPS Act.” U.S. Senator Ron Wyden of Oregon, www.wyden.senate.gov/priorities/gps-act.
10. ↑ “(PDF) Ethical Issues in Biometrics.” ResearchGate, www.researchgate.net/publication/335768067_Ethical_Issues_in_Biometrics.
11. ↑ Simic, Bojan. “Council Post: The Promise And Challenges Of Biometrics.” Forbes, Forbes Magazine, 25 Sept. 2017, www.forbes.com/sites/forbestechcouncil/2016/12/22/the-promise-and-challenges-of-biometrics/?sh=73359d7c7e6b.
12. ↑ Goel, Vindu (April 10, 2017). "That Fingerprint Sensor on Your Phone Is Not as Safe as You Think" The New York Times.
13. ↑ Thompson, Terrill. “IPhone X and Accessibility | AccessComputing.” AccessComputing, 2018, www.washington.edu/accesscomputing/resources/accesscomputing-news-february-2018/iphone-x-and-accessibility.
14. ↑ Aquino, Steven. “What Face ID Means for Accessibility.” Steven’s Blog, 21 Nov. 2017, www.stevensblog.co/blogs/what-face-id-means-for-accessibility.
15. ↑ “The IPhone X: What Does Face ID Mean for Accessibility?” Rightpoint, 6 Dec. 2017, www.rightpoint.com/thought/articles/2017/12/06/what-does-x-face-mean.
16. ↑ Ingber, Janet. “The IPhone X for People with Visual Impairments: Face ID, New Gestures, and Useful Commands | AccessWorld | American Foundation for the Blind.” American Foundation for the Blind, Feb. 2018, www.afb.org/aw/19/2/15124.