iPhone thefts, also referred to as “Apple Picking”, would probably become a rarely heard term soon, thanks to the aggressive anti-theft measures designed and put into action by Apple in recent years. Continuing on its indomitable efforts to enhance security of the high-end product, Apple has filed a patent that takes things a step further. Based on U.S patent application US20160248769A1 titled “Biometric capture for unauthorized user identification” and filed on August 25th this year, an iPhone, under a predefined set of circumstances can collect biometric information as well as photos of an alleged thief, or for that matter any unauthorized user trying and failing to unlock the smartphone.
By virtue of the Touch ID fingerprint sensor, iPhones already employ stringent security measures. But while that certainly helps in keeping out unauthorized users or, in a worst case scenario, remotely wiping the content on the device, the ideas proposed in the newly published patent take security management and device recovery to the next level.
Under a set of circumstances or device triggers set by Apple and the user, if the system determines that an unauthorized user like a thief is making an attempt to access the iPhone, it will store the culprit’s fingerprint data, to help in identification later on. It could also silently take a photo of the perpetrator. The patent also suggests capability to monitor the user’s actions, like taps or typed text, similar to a keylogger or spyware. Plus, the data collected on the alleged perpetrator would either be stored on the smartphone itself or on Apple’s servers, for further inspection depending on the data aggregation constraints applied.
For example, in one embodiment a single failed authentication triggers the immediate capture of fingerprint data and a picture of the user. In other cases, the device might be configured to evaluate the factors that ultimately trigger biometric capture based on a set of defaults defined by internal security protocols or the user. Additional data that can augment the biometric information, for example time stamps, device location, speed, air pressure, audio data and more, can also be collected and logged as background operations. Server-side systems would be capable to cross reference the captured fingerprint and photo information with an online database containing information of known users. Additionally, the system can log keystrokes to determine what operations the unauthorized user was attempting to execute. But how can one distinguish a criminal intervention from, say a toddler’s innocent attempt to play with his/her parents’ iPhone – Apple’s answer to it is ‘Machine Learning’.
At present, users have five attempts to unlock an iPhone or iPad with Touch ID before the device defaults to a 6-digit passcode or custom alphanumeric codes. An event of 10 failed passcode attempts results in a “cool down” period or a complete data wipe, depending on user preferences. Further, passcodes are required after restarting the device, after more than 48 hours has elapsed between unlocks and when an owner wants to manage Touch ID and Passcode device settings. Lookout, an iOS and Android app , intended to implement something similar by automatically capturing photos using a device’s front-facing camera if it detects any suspicious behavior, like tampering with the device’s security settings, etc.
Despite what seems like a noble effort of protecting the user device and information, controversies still surround the very idea, as the fact that Apple would have access to user data without notifying users might not be welcome to some, especially those who have rallied behind Apple in its fight against government-sanctioned spying. For instance, Apple’s CEO Tim Cook has persistently showcased the company’s record on privacy — and its decision not to store any unencrypted information — as a tool to tout Apple hardware and software. However, the patented features have still not been in implementation, and the concerns and benefits pertaining to the features would become more apparent once these features are out for use.
(Featured image source: https://pbs.twimg.com/media/Cp6ipM-WYAAlxKw.jpg)