USA TODAY - Your shiny new smartphone may unlock with only your thumbprint, eye or face. But it turns out you don't need to be alive to get past this unique security barrier, opening new frontiers for individual privacy and law enforcement.
The FBI is struggling to gain access to the iPhone of Texas church gunman Devin Kelley, who killed 25 people in a shooting rampage.
The devastating tragedy has unearthed a gruesome idiosyncrasy of modern biometric technology: a living person isn't necessary to unlock many devices.
It turns out the agency likely could have unlocked Kelley's phone with his thumbprint, if he had enabled Touch ID to unlock it and officials had done so within 48 hours of Kelley's death by his own hand.
That time limit passed and the phone remains locked, but it raises a question few buyers of the latest iPhone or Samsung typically consider – does someone need to be alive for today's increasingly common biometric recognition systems to work?
In many situations they don't, said Anil Jain, a professor of computer science at Michigan State University and expert on biometric technology.
Biometrics has to do with body measurements. In computer circles it’s about using specific individual body measurements as a way to confirm identity.
These include fingerprints to open phones and computers and facial recognition software that can now open PCs and Macs. Beyond computers, some very sophisticated secure entryway systems make use of iris recognition, hand geometry and voice recognition.
In the case of the iPhone that belonged to Kelley, the limiting factor was the 48-hour clock on how long a fingerprint can be used to unlock the phone.
This presumes Kelley had Touch ID enabled on his phone, which the FBI has not confirmed. However about 80% of iPhone users do, according to Apple. Touch ID has existed on all iPhone since the 5S was released in 2013 until the iPhone X, which replaces the Touch ID fingerprint with facial recognition.
Forty-eight hours after the last time an iPhone is unlocked with a fingerprint, the fingerprint function stops working and the user is required to tap in their passcode. If the FBI had tried in that 48-hour period, would it have worked?
Read more here.
