Apple Researching Forensic Data Capture in Cases of iOS Device Theft

Apple is investigating ways that future iOS devices could store the biometric details of suspected criminals in cases of theft (via AppleInsider).

An Apple patent published today by the U.S. Patent and Trademark Office describes "Biometric capture for unauthorized user identification", by using an iPhone or iPad's Touch ID feature, camera, and other sensors.

ipadmini4touchid
The proposed system augments typical Touch ID verification by capturing and storing information about a potential thief after six fingerprint unlocking attempts have failed and the wrong passcode is inputted 10 times (after which a "cool down" period or a complete data wipe is activated, depending on user setting).

In another variation, a single failed authentication triggers the capture of fingerprint data and the device takes a picture of the user via the front-facing camera.

In yet other embodiments, the system can be configured by the user to enable or disable various triggers and scenarios in which the biometric capture protocols are activated. The patent also specifies how other data could be logged in the background to supplement the biometric capture, including time stamps, device location, speed, air pressure, audio data, and more.

Patent - touch id forensics
Flowcharts illustrate different implementations of the security system.

After capture, the data is stored either locally on the device or sent to a remote server for evaluation, while purges of data are activated when the system determines that it is no longer required.

In suggested uses that are likely to be controversial, Apple describes how the server-side aspect of the system could potentially cross-reference the captured biometric and photo information with an online database containing information of known users. Currently, the fact that Touch ID fingerprint data is stored locally and not in a centralized database is considered to be a significant security benefit to users.

There's no reason to believe Apple will implement the forensic technology in an upcoming consumer product, but the patent does highlight Apple's continuing research into how to harden security on mobile devices beyond passcode screens and Touch ID.



Top Rated Comments

(View all)
Avatar
38 months ago
Running that print against all the other known Touch ID users would be nice but the security/privacy implications of storing fingerprints on a server would be a huge issue. Perhaps the phone uploads the theif's print and photo to iCloud, which could then be turned over to police by the owner, and run against criminal databases.
[doublepost=1472122727][/doublepost]

some privacy issues here. Just cause u pick up an iPhone and touch the home button does not mean u am a thief, warranting my details to be captured .

No, but if you attempt 10 unsuccessful unlocks of a phone that's in Lost Mode with the owners contact information on the lock screen, I'd say your intentions are pretty clear.
Rating: 10 Votes
Avatar
38 months ago

some privacy issues here. Just cause u pick up an iPhone and touch the home button does not mean u am a thief, warranting my details to be captured .


And seems like fodder for the next FBI request too. "You can collect biometric data from thieves so now release fingerprint data on this suspect proving they were operating their phone at time XZY in location ABC."
Rating: 4 Votes
Avatar
38 months ago
some privacy issues here. Just cause u pick up an iPhone and touch the home button does not mean u am a thief, warranting my details to be captured .
Rating: 4 Votes
Avatar
38 months ago
This has a great potential of reducing theft in the long run.
Rating: 3 Votes
Avatar
38 months ago
The 'human rights' mob in the UK will go insane over this. Criminals have a right to anonymity, too, apparently.
Rating: 3 Votes
Avatar
38 months ago

What a brilliant idea. Wonder how much the technology would cost now to implement because it would be no doubt passed onto the consumer in the phone's price.

What? The technology is already in the phone. This is just a software implementation.
Rating: 3 Votes
Avatar
38 months ago
Far too long time coming. Back when I used to jailbreak I dropped my iPhone 4 on the bus and it was found by an employee. I had iGotya installed and every time they tried to turn it off or unlock it it snapped a photo and sent an email with the GPS co-rods and the time as well.

They sold my phone instead of turning it in like they were supposed to and the city bought me a brand new 64GB 4S that came out the week before based on the evidence I collected.

Best $10 I ever spent.

Take notes Apple.
Rating: 2 Votes
Avatar
38 months ago

The 'human rights' mob in the UK will go insane over this. Criminals have a right to anonymity, too, apparently.


With good reason, start going down these routes and then it'll be everyone's DNA stored on record by law, regardless if you commit a crime or not...
As it is if you are arrested for a crime they can take your DNA and put it on record.
Rating: 2 Votes
Avatar
38 months ago

Running that print against all the other known Touch ID users would be nice but the security/privacy implications of storing fingerprints on a server would be a huge issue. Perhaps the phone uploads the theif's print and photo to iCloud, which could then be turned over to police by the owner, and run against criminal databases.
[doublepost=1472122727][/doublepost]
No, but if you attempt 10 unsuccessful unlocks of a phone that's in Lost Mode with the owners contact information on the lock screen, I'd say your intentions are pretty clear.


I'm all for storing of data locally, just not on a server somewhere. Problem is you don't know it's a thief that tries to unlock it. Jsut cause someone tries to unlock a device does not make them them culprit. A reported lost phone can be picked up by a youth......10 unclessful accepts does not make thier intentions clear, nor should a youths fingerprint and image taken. Too many use cases where this can go wrong. Keep the data local on the phone.
Rating: 2 Votes
Avatar
38 months ago
As a parent the most likely outcome is will keep capturing my kids picture and fingerprints so I'll know which one is messing with my phone
Rating: 2 Votes
[ Read All Comments ]