The Security of Biometrics – iOS 11 and the new 911 mode [As Heard on WTAG]
Joined Jim Polito on WTAG to talk about the security of biometrics, and how iPhone’s iOS 11 can possibly keep you safe via the Touch ID.
Below is a rush transcript of this segment, it might contain errors.
Airing date: 08/22/2017
The Security of Biometrics – IOS 11 New 911 Mode
Craig Peterson: Hey, do you think you’re safe with the iPhone touch ID? How about some of the newer technology? Other biometrics like, maybe, your face and facial recognition? Well that’s what we talked this morning with Jim about. Wow. The whole world is changing here. We get a lot of great information about how to secure your phone.
Jim Polito: Right now you would usually hear that song that would let you know that Craig Peterson is here. The band was Oingo Boingo. The song was Weird Science. And it was a great movie with Kelly LeBrock, who was one of the one of the “it” girls of the 80s. So let’s just get right to the program here because he’s got a lot of important stuff to talk about. Here he is folks. The Tech Talk guru, Craig Peterson. Good morning sir.
Craig: Hey good morning. Did you go out and see, yesterday, the eclipse? Did you do that at all?
Jim: Oh, I didn’t wear any glasses and I laid there on the lawn just staring straight up at the sky, at the sun, for about, I don’t know. 30 minutes, straight.
Craig: So you can’t see a thing today. It was so cool. We made a little projector box with my kids.
Jim: You did?
Craig: Yeah. It was really cool. I did that for the first time, Jim, of course, dating myself.
Craig: But back in 1970 I remember being like 10 years old and making one of these little boxes. And I made almost the same exact projector and watched the sun.
Jim: I think it’s cool because, that you say 1970, because there was an eclipse then and I was in the first grade. And we learned how to view it with that little box. And I remember making one with my parents. But you made it out of a small milk carton. It was, the teacher showed us how to do it with an old-fashioned square milk carton and it worked. You know, the cardboard kind.
Craig: Right, right. Yeah. I made mine with a shoebox. And of course this time around we made it with an Amazon box.
Jim: An Amazon box.
Craig: Of course. This day and age.
Jim: The sign of the times. Alright. Folks, Craig is, we’re going to give you a phone number at the end of the segment so that everything that we talk about, you can get more detail on. And things that we didn’t talk about. And you can kind of stay in touch with Craig Peterson. He won’t annoy you. But I’ll give you a number. You text my name to it and then you’ll get all this great information. It’s all resources pulled together by Craig that are just great and very, very handy. But anyway, let’s get to the most important thing. So Craig, there I am. I’ve got my Apple iPhone in my hand. I’ve got a bad guy with some kind of a weapon, and this could never happen because I would have a weapon that would take care of the bad guy. But anyway, if it did happen, I’m standing there and the bad guy’s saying put your thumb on your phone. I want access to all your stuff. There is a way I can disable that biometric little feature and make it difficult for the bad guy to get into my phone. Is that correct?
Craig: Yeah. The new version of iOS that’s, it’s already in Gold Master, so it’s going to be available very soon now for the rest of the public. But it had this new feature. You know MythBusters? You remember them of course.
Jim: Oh yeah. The guys with the show. Yup.
Craig: And they had a test where they were supposed is to defeat the thumbprint readers. Remember that on doors? Did you see that episode?
Jim: The what?
Craig: The thumb readers. The little biometric…
Jim: Oh yeah, on doors. Yeah. Yeah.
Craig: And they were able to do it quite successfully. And just recently, as about two weeks ago, there was another study that was done at a university that found that they could defeat them as well.
Craig: So iOS 11 has, and there’s a trend right now, the thinking, general thinking is to move away from these thumbprints, fingerprints because they can be defeated. In fact, let me tell you how easily defeated these things are. They were able to take the Congresswoman’s fingerprints that they pulled off of a picture that is her press picture.
Craig: Of her hand up, smiling at the camera.
Jim: Come on.
Craig: No. Absolutely. So they got a press picture of hers. A nice, beautiful, hi-res picture. And it had enough detail in the thumbprint on that picture. Now, you know, she didn’t touch the picture here. We’re talking about looking at the photo.
Jim: Right at the photo. Now, let me just think of something. I have a Massachusetts firearms identification card. And on the back of my firearms identification card there is a graphic representation of my thumbprint. I never thought of that. Somebody could lift that and use it.
Craig: You’re absolutely right. Depending on what the resolution of that picture is.
Jim: I’m going to look at it right now as we speak.
Craig: I bet it would be pretty good. I bet you.
Jim: I’m going to say that the resolution is pretty decent.
Craig: Yeah. If you could see the little swirls in there. So everybody’s concerned about that. So let me give you something else to be even more concerned about.
Jim: Now great. Thanks. Just what I need. Thank you Craig Peterson.
Craig: Hey, you’re welcome Jim. Ok, so in iOS 11 they have this ability to push the power button five times. And then the phone goes into 911 mode.
Jim: Okay. So I push the power button five times. And it goes into emergency mode.
Craig: Exactly. So, you push it five times. It’s in the emergency mode. Now you push one button and it’s calling the cops. Then it’s opening the microphone. It’s not make a noise, right? It’s there that bad guy you were just talking about, who’s trying to hold you up.
Craig: And doesn’t realize the consequences. So there’s another feature that’s activated when you do that and that is it disables the touch ID on your phone. So now what happens?
Craig: You have to now login using your passcode which is why I keep telling people use at least 10 digit passcodes.
Craig: They’re almost impossible to break.
Craig: It’s now I’m on emergency. You push that button five times. It’s now on 911 mode. It can call the police. It has also disabled the ability to unlock it with your fingerprint.
Jim: So that’s good. Now that’s coming out in the new IOS version.
Craig; Exactly right.
Jim: When will I be able to get my hands on that? Not to make pun about a thumbprint thing, but when will I be able to get my hands on that?
Craig: Well it’s going to be coming out in just a few weeks. It’s in Gold Master which means they’ve finalized everything. They’ve probably not going to change much before they release it to the public. And if you are a developer with Apple, you can get a copy right now. In fact, my son’s running it on his iPhone. I think he has it on his iPad as well. He absolutely loves it. If you have an iPad, iOS 11 is what’s going to make it as useful as your laptop.
Jim: Even my old… because I have an older iPad. Well, it’s like two years old now.
Craig: Well it’s probably ok with your old iPad.
Craig: But it’s really designed to optimize the iPad Pro.
Jim: Yeah, I don’t have that one.
Craig: Now for the worries, Jim.
Craig: The tendency right now is to move away from thumbprints. Although they’ll still be around. It’s still quite good.
Craig: Don’t think that some kids can just run away and do this. But it’s very, very possible that people can break into any phone that has a thumbprint reader. But what they’re saying is, well, biometrics, ok. That’s thumbprint biometric. And they’re starting to move towards facial recognition. And so what Apple is doing with the new phones that will be announced next months is at least one of those phones has a face scanner basically. So it sees your face. It knows it’s you. It automatically…
Jim: Doesn’t Samsung already do that?
Craig: What Apple is doing is they have three-dimensional sensors on the front of the phone. So it’s not just looking at a picture of your face and that’s the problem. Right? You mentioned that on the back of your firearms ID is a…
Jim: Yeah. There’s a picture of my thumbprint.
Craig: Did the RMV bother to take a picture of you to put on your driver’s license?
Jim: Did the RMV? Yeah, they did.
Craig: They did. Oh, ok. So you mean there’s a database of people’s faces you can use to defeat all of these facial recognition?
Jim: Oh. So we need this 3D image. So what it will do is it will detect… okay, I’m not looking at a flat image, I’m looking at an actual 3D image.
Craig: Exactly. That’s what’s Apple’s doing to respond to this because no one else is doing the 3D thing. And the facial recognition stuff? You know there is a lot of argument back and forth. E very single one of them have been defeated. Everyone. Ok?
Craig: Okay. So Apple’s saying well, we can make something that, today, is undefeatable. And were doing it with 3D sensors. So it goes right back to, again, what I was saying earlier, the only way to keep that device pure is to use a good passcode. Some of the android devices allow you to draw a pattern on the front. And we long processed some of these patterns can be absolutely secure.
Craig: Some people, they just draw free lines. Boom, boom, boom. And they’re into their phones. Those have been shown to be very defeatable now.
Craig; Depending on the phone and the app.
Jim: And the app. Wow.
Craig: Yeah. Now, there are other ones that if you do a whole bunch of them, it’s much more secure. So you you’re your design. Make sure it’s a very complicated design. If you’re using a passcode like I do, make sure it’s a complex passcode. At least 10 digits. And I only unlock my phone with those 10 digits. I never use a thumbprint.
Jim: You never use a thumbprint. Wow.
Craig: But I do use a thumbprint once my phone’s unlocked to get inside other applications.
Jim: To get into their other applications. I do too. Craig, listen. That’s all great stuff. I know there’s other information that you’ve got for people. So, if they text my name, Jim, to this number.
Craig: 855-385-5553. That’s 855-385-5553.
Jim: If they do that, standard data and text rates apply, but you’ll get great information from Craig. He will not pester you. He will not sell your name. And he will not steal your fingerprint. I think it’s safe to say that all those things will work. Craig, thanks so much free time. We look forward to talking with you next week.
Craig: Take care, Jim.
Jim: Bye-bye. Always great information from Craig Peterson.