Apple Researching Forensic Data Capture in Cases of iOS Device Theft

[MacRumors]

Apple is investigating ways that future iOS devices could store the biometric details of suspected criminals in cases of theft (via AppleInsider).

An Apple patent published today by the U.S. Patent and Trademark Office describes "Biometric capture for unauthorized user identification", by using an iPhone or iPad's Touch ID feature, camera, and other sensors.

The proposed system augments typical Touch ID verification by capturing and storing information about a potential thief after six fingerprint unlocking attempts have failed and the wrong passcode is inputted 10 times (after which a "cool down" period or a complete data wipe is activated, depending on user setting).

In another variation, a single failed authentication triggers the capture of fingerprint data and the device takes a picture of the user via the front-facing camera.

In yet other embodiments, the system can be configured by the user to enable or disable various triggers and scenarios in which the biometric capture protocols are activated. The patent also specifies how other data could be logged in the background to supplement the biometric capture, including time stamps, device location, speed, air pressure, audio data, and more.

Flowcharts illustrate different implementations of the security system.​

After capture, the data is stored either locally on the device or sent to a remote server for evaluation, while purges of data are activated when the system determines that it is no longer required.

In suggested uses that are likely to be controversial, Apple describes how the server-side aspect of the system could potentially cross-reference the captured biometric and photo information with an online database containing information of known users. Currently, the fact that Touch ID fingerprint data is stored locally and not in a centralized database is considered to be a significant security benefit to users.

There's no reason to believe Apple will implement the forensic technology in an upcoming consumer product, but the patent does highlight Apple's continuing research into how to harden security on mobile devices beyond passcode screens and Touch ID.

Article Link: Apple Researching Forensic Data Capture in Cases of iOS Device Theft

 

[andreiru]

This has a great potential of reducing theft in the long run.

 

[iamnotme]

What a brilliant idea. Wonder how much the technology would cost now to implement because it would be no doubt passed onto the consumer in the phone's price.

 

[Carmenia83]

What a brilliant idea. Wonder how much the technology would cost now to implement because it would be no doubt passed onto the consumer in the phone's price.

What? The technology is already in the phone. This is just a software implementation.

 

[MH01]

some privacy issues here. Just cause u pick up an iPhone and touch the home button does not mean u am a thief, warranting my details to be captured .

 

[peterh988]

The 'human rights' mob in the UK will go insane over this. Criminals have a right to anonymity, too, apparently.

 

[Carmenia83]

Running that print against all the other known Touch ID users would be nice but the security/privacy implications of storing fingerprints on a server would be a huge issue. Perhaps the phone uploads the theif's print and photo to iCloud, which could then be turned over to police by the owner, and run against criminal databases.
[doublepost=1472122727][/doublepost]

some privacy issues here. Just cause u pick up an iPhone and touch the home button does not mean u am a thief, warranting my details to be captured .

No, but if you attempt 10 unsuccessful unlocks of a phone that's in Lost Mode with the owners contact information on the lock screen, I'd say your intentions are pretty clear.

 

[Douglas B]

Carmenia83 had the right idea.
Fingerprints only up loaded if the phone is reported lost in iCloud.

And only for the use of law enforcement.

 

[jayducharme]

This is a really interesting idea, especially the simple trigger of taking a photo of the person attempting to break into the device. Sure, a thief could hold a finger over the camera to try to prevent that. But it would be one more deterrent to stealing an iDevice.

 

[Davmeister]

All very well. But rather pointless if you can just swipe to power off, which has happened each time by phone has been stolen (3 times since find my iPhone) and then wiped in DFU.

 

[The Mad Hatter]

I like the photo capture bit. It's similar to one of the apps I used to have when I was JBing my iPhone ... ICaughtYou (or ISeeYou) something like that.

It was great, except when I had to delete pics of my stupid face.

 

[apolloa]

Good idea, however I'm pretty sure it won't be legal to do this globally.

 

[MH01]

Running that print against all the other known Touch ID users would be nice but the security/privacy implications of storing fingerprints on a server would be a huge issue. Perhaps the phone uploads the theif's print and photo to iCloud, which could then be turned over to police by the owner, and run against criminal databases.
[doublepost=1472122727][/doublepost]
No, but if you attempt 10 unsuccessful unlocks of a phone that's in Lost Mode with the owners contact information on the lock screen, I'd say your intentions are pretty clear.

I'm all for storing of data locally, just not on a server somewhere. Problem is you don't know it's a thief that tries to unlock it. Jsut cause someone tries to unlock a device does not make them them culprit. A reported lost phone can be picked up by a youth......10 unclessful accepts does not make thier intentions clear, nor should a youths fingerprint and image taken. Too many use cases where this can go wrong. Keep the data local on the phone.

 

[apolloa]

The 'human rights' mob in the UK will go insane over this. Criminals have a right to anonymity, too, apparently.

With good reason, start going down these routes and then it'll be everyone's DNA stored on record by law, regardless if you commit a crime or not...
As it is if you are arrested for a crime they can take your DNA and put it on record.

 

[skinned66]

Far too long time coming. Back when I used to jailbreak I dropped my iPhone 4 on the bus and it was found by an employee. I had iGotya installed and every time they tried to turn it off or unlock it it snapped a photo and sent an email with the GPS co-rods and the time as well.

They sold my phone instead of turning it in like they were supposed to and the city bought me a brand new 64GB 4S that came out the week before based on the evidence I collected.

Best $10 I ever spent.

Take notes Apple.

 

[Mactendo]

Smart idea. I'd love to see it in the next (2017) iPhone.

 

[Defender2010]

Maybe this feature could be activated through Find my iPhone to save the actual user getting confused with a thief. Seems like the easiest way.

 

[nt5672]

Carmenia83 had the right idea.
Fingerprints only up loaded if the phone is reported lost in iCloud.

And only for the use of law enforcement.

Including FBI and NSA FISA and warrant requests that can ignore whether the phone is lost or not. Just think the government could proceed to collect everyones fingerprint, photos, and voice samples if they find a hack to Apple's system. The government has more resources to spend and more to gain, than Apple has. So no, not on a server, not in the cloud. I have a number of non-local government issued IDs that required my fingerprints, but I gave them explicit permission, there is no way I want the American government, which is today one of the most corrupt organizations in the world, to have access to any of my personal information or bio statistics. That is a never ending slope directly into the abyss.

 

[Keane16]

some privacy issues here. Just cause u pick up an iPhone and touch the home button does not mean u am a thief, warranting my details to be captured .

Good job what you're saying isn't what Apple is proposing, from the article:

"The proposed system augments typical Touch ID verification by capturing and storing information about a potential thief after six fingerprint unlocking attempts have failed and the wrong passcode is inputted 10 times"

 

[S.B.G]

Interesting take on the use of Touch ID. In a way it reminds of the Mac security software called Undercover by Orbicule in that it takes pictures of potential bad guys once the system is enabled after a theft.

 

[BeefCake 15]

As a parent the most likely outcome is will keep capturing my kids picture and fingerprints so I'll know which one is messing with my phone

 

[thisisnotmyname]

some privacy issues here. Just cause u pick up an iPhone and touch the home button does not mean u am a thief, warranting my details to be captured .

And seems like fodder for the next FBI request too. "You can collect biometric data from thieves so now release fingerprint data on this suspect proving they were operating their phone at time XZY in location ABC."

 

[RowellE]

I dropped my iPhone 4 on the bus and it was found by an employee.

They sold my phone instead of turning it in like they were supposed to.

What happened to the employee?

I think a passenger found it, did the right thing and turned it in to the employee, but the employee decided to be selfish.

 

[deyerseve69]

some privacy issues here. Just cause u pick up an iPhone and touch the home button does not mean u am a thief, warranting my details to be captured .

No it doesn't but it's a great way to deter theft. I think there should also be a setting where you need to input your passcode or fingerprint to turn off the phone. Tracking it is a lot easier if it's on.

 

[robeddie]

All very well. But rather pointless if you can just swipe to power off, which has happened each time by phone has been stolen (3 times since find my iPhone) and then wiped in DFU.

So true. This will maybe catch a few 'stupid' thieves, but for the most part be pointless