Smartphones' security enhancements just make them more dangerous

Is that incriminating data in your pocket or are you just pleased to see me?

By Mark Pesce

Posted in Security, 8th January 2018 07:01 GMT

Over the holidays I bought Apple’s newest, shiniest face scanner. For the first fortnight - and periodically since then, that constant lift-and-scan felt weird. As though my smartphone had suddenly become too intimate, too familiar.

This is hardly the thin end of the wedge. It started with passcodes - which many people didn’t even use, to begin with. Then, as it became clear that an unlocked smartphone could leak dangerous data, we began locking them behind PINs.

Even that basic layer of safety proved too hard for many people - either unable to remember the PIN or unwilling to spend time typing it in, over and over and over - so a few years back the devices added fingerprint readers.

That marked a Rubicon of sorts, because crossing it subtly changed the balance of power between user and device. As the device acquired the necessary sensing and computational capacities, designers could raise the bar on access control. The smartphone, now seen as safe and secure, became the home for a range of data that had formerly only lived in highly-protected data centres: medical and financial (and sexual) datasets freely commingle within our devices. Suddenly the accidental loss or unlocking of a smartphone became a very serious matter, far beyond the loss of a wallet or keys - or anything else we’ve ever carried around with us everywhere.

It’s as if each of us bears our crown jewels in our pockets, relying on the big padlock we’ve placed upon the device to protect us from thieves.

A few months back, as I queued for a flight, I handed the check-in staff my smartphone, expecting they’d scan the QR code representing my boarding pass. They waved it away. “We’d prefer you scan your code yourself - just in case we drop it. People get very upset. They lose their whole lives.”

Smartphones have enormous utility value, but that’s created a kind of gravitational warp around them. They’re too dense with value, requiring increasingly careful handling and ever-stronger locks.

So to FaceID™, because Apple claims fingerprints aren’t nearly unique enough. It may be that my mug is more unique than my thumb, but maybe we should be asking ourselves how much safety we need? Where does this end? Already we know that a clever 3D print job can fool FaceID some of the time. That will only grow easier as the technology becomes better understood. The arms race of security ratcheting ever upward, will continue to demand ever more invasive scans to determine our authenticity.

In about a decade or so - advances in microfluidics will allow Apple to embed a rapid DNA analyser - a la GATTACA - inside iPhone XX. I can already imagine Tim Cook’s keynote, touting the “one in a billion” uniqueness of DNA. A thousand times better than that silly and so-easily-spoofed FaceID! You’re gonna love it!

Will we love it? Or will we be so afraid of our digital selves falling into the wrong hands (particularly those closest to us) that we’ll simply submit to any indignity to protect ourselves?

We’ve always had to be careful when transporting objects of great value. It may be that we decide the wiser course is simply not to transport them at all. At some point the danger of ubiquity overwhelms the usability of the device. My new iPhone feels as though it sits right on this side of that abyss, asking us how far we’re willing to go - and how much we’re willing to surrender - to be secure.

Benjamin Franklin famously said, “Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.” With every scan of our faces and our fingerprints, we need to ask ourselves whether we really feel any safer. ®

Sign up to our NewsletterGet IT in your inbox daily

77 Comments

More from The Register

Is it possible to control Amazon Alexa, Google Now using inaudible commands? Absolutely

Gizmo whisperers reveal their secrets

'Alexa, play Charlie Bit My Finger.' I can't do that, Dave. No, really

Google and Amazon clash over YouTube on the Echo Show

Alexa, please cause the cops to raid my home

Sour krauts after Amazon digital assistant throws wild midnight party – for itself

Amazon mumbles into its coffee when asked: Will you give app devs people's Alexa chats?

Cloud giant worryingly coy about its intentions

Hey Alexa, Siri and Cortana: Cisco says you’re bad at business

VID Borg thinks own Spark voice assistant knows how to behave in the office, but we've seen it and … meh

Audio spy Alexa now has a little pal called Dox

Updated You keep using that word, dox. It means more than you think it means...

Tech soap-opera latest: Alexa marries Cortana, will share custody of customers

Analysis Amazon, Microsoft agree to complete each other

Alexa muted, Twilio taps out, and Bitbucket kicks the, er, bucket amid AWS data center hiccup

Ah, the stable and reliable cloud

Alexa and her kind let the disabled or illiterate make the web work

But they need a marketplace and the cloud to make it happen

Boffins throw Amazon Alexa on the rack to extract hidden clues

Investigators can look forward to better thumbscrews for making digital assistants squeal