Quantcast
Membership Signup
Singularity University

Why Your Next Phone Will Include Fingerprint, Facial, And Voice Recognition

fingeprint-digital

In some ways, it’s a marvel that even half of consumers bother to lock their phones.

You would think the benefits would be obvious enough: by entering a few numbers, you can achieve a basic level of protection from prying eyes. But according to a recent study, 44% of users said that even this was too much of a hassle – worse, 30% weren’t even worried about mobile security at all. From 0000 to 9999 there are 10,000 possible combinations of digits, yet in a sample of 3.4 million passwords, over 10% were cases in which somebody decided that “1234″ was their best choice.

For years now, consumers have been demanding a better way, something more convenient and less time-consuming. As it turns out, they may have had the answer all along without even knowing it – their body parts can serve as their next password. Biometric identification, which works by using the unique characteristics of your body to prove who you are, may be the key to a much more effective system.

In fact, it is an almost certainty that within the next few years, three biometric options will become standard features in every new phone: a fingerprint scanner built into the screen, facial recognition powered by high-definition cameras, and voice recognition based off a large collection of your vocal samples.

To many in the industry, this is not a surprise but an inevitability. We store an enormous amount of our most intimate and personal information on cell phones. Businesses today are already struggling with policies regarding bringing devices from home, and it’s only going to get more difficult. A study by Symantec highlighted the depth of the problem – around the world, all different types of companies consider enterprise mobile device security to be one of their largest challenges. PIN codes are better than nothing at all, but nowhere near enough in a world where cell phone theft now makes up a major portion of urban crime, and a missing device means lost company secrets.

Ever since Apple purchased Authentec Inc in July of last year, there has been an endless stream of news stories obsessing over whether Apple will include a fingerprint scanner in their next release. In reality, Apple is one among many players, and whether they include a biometric sensor in the 5S or wait till the 6 is largely irrelevant, the mobile industry has been headed this way for years now. Samsung’s Galaxy Nexus phones include facial recognition already (although, they did not do a great job). Accessories that can add a fingerprint scanner to your current phone have proven to be popular, and voice recognition is now available through many different services.

What makes this so feasible is that the technologies needed to make these changes are already in place.

facial-scan

Facial and voice recognition are just software; they can use the powerful cameras and microphones already in your phone. And as the next generation of devices are made with better internal components, these systems will only get more powerful and more accurate. Fingerprint scanners have also matured greatly over the last few years, and at least one company has already figured out how to embed the sensor directly into the screen of the device. These more sophisticated types of log ins enable new types of functionality as well – CrucialTec has invented a system where scanning each finger can be programmed to load a different app.

This switch would mark a major shift in how we interact with our devices – and if the goal is security, there’s certainly other less extreme, more measured steps that can be taken. But behind the language of needing better passwords is a much bigger push to build trust in the idea that a mobile phone can securely be used for sensitive transactions. Going forward, our mobile phones can serve as the gateway to our health information, location data, government services, and much more. Entire new industries are being built using these devices as the platform.

Americans still lag behind citizens in other developed nations in how they use their phones. But all that means is that there’s a larger opportunity here. If you can have a user feel like James Bond when they touch their screen, they are a lot more likely to believe that a “mobile wallet” is a practical thing.

There are separate questions as to whether these technologies are ready for such a wide-scale deployment. While each have their own strengths and weaknesses, together they provide quite an improvement over the status quo. No system is hacker-proof, but using several biometrics, as opposed to just one or just one password, could go a long way in helping to solve a few of the largest problems we associate with mobile security.

Anytime you are constantly sharing personal information there are potential privacy concerns. With this issue though, the dangers may not be as obvious as they seem at first – after all, biometric identification would be in the form of optional features. And there’s no more direct privacy violation than having your phone stolen, and with it, temporarily losing control over all the social media, financial, and personal accounts you had tied to it.

Whenever Apple or another giant decides to fully embrace a biometric solution, the sheer scale and frequency which people will use it will have an enormous impact on the future of how we are identified. When you have your body scanned multiple times a day to send a text or tweet, it becomes harder to see the process as an invasive, potentially perilous influence. In the long march of biometric technology into all corners of our daily life, this may mark the turning point where all of a sudden this type of authentication becomes normal and familiar – and forever change the way we interact with the systems around us.

You can reach Tarun directly at SH@tarunwadhwa.com.

[images: aastma studio, tinkernut, Pitel/Flickr]

Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

5 comments

  • Chris Stroemel says:

    My phone already does two of those. Motorola Atrix and Android FTW.

  • Steve Wilson Lockstep says:

    No discussion of biometrics for securing mobile devices should overlook their innate fallibility. Every biometric commits two types of errors: False Negatives where they fail to recognise the rightful user, and False Positives where they confuse one user for another. The more secure a system, the less False Positives it will commit, but also the more False negatives it will inflict on the owner, forcing them to retry the face or fingerprint scan before a proper identification can be made.

    Convenience and security are inversely linked with biometrics: see lockstep.com.au/blog/2012/05/06/biometrics-must-be-fallible. With mobiles, this trade-off is tricky. Users will lose patience (and confidence) if their phone forces too many retries on them. But when the manufacturer cannot control factors like facial expression, lighting conditions, wear and tear, angle, and grime on the surface of the lens or scanner, the biometric algorithm tends to be biased towards lower false negatives and higher false positives. Users only personally experience false negatives (and frustrating retries); they will never know what the false positive rate is for their device. They will never know how secure it truly is.

    The trade-off between security and convenience is not something that biometrics vendors often discuss. On occasion, independent test authorities publish the “detection error tradeoff” curves for different technologies, and they’re very sobering. For fingerprint and face, the tradeoff is usually such that when False Negative Rate is less than 1 in 100 (reasonable convenience), the False Positive Rate rises to over 1 in 10 (shocking security).

    And that’s just for random attacks. The FBI warns that biometrics lab testing fails to predict how these technologies work in the real world (see http://lockstep.com.au/blog/2013/02/11/technological-imperialism). When leading law enforcement authorities have reservations about how well biometrics resist criminal attack, we need to be cautious about assuming they’re a magic bullet for device security.

    Big claims are made for biometrics, with very little substantiation. The truth is, these technologies simply don’t work as they appear to in the science fiction movies.

    • Derek Scontrino says:

      Or what about the guy who attacks you for your phone and then uses your thumb to unlock it. Or better yet cuts your thumb off.

      • Steve Wilson Lockstep says:

        Derek asked what happens if an attacker cuts off your bits. Biometrics vendors have a ready answer: they say their systems can detect “liveness”. But it’s not so simple. Some liveness methods are laughable, like relying on temperature (just rub on the prosthetic finger to warm it up before putting it on the sensor).
        As with any piece if kit, liveness detection technology is itself fallible. Search on YouTube for ‘Mythbusters fingerprint’ and you’ll find an episode where they readily fooled an allegedly highly secure biometric system. Furthermore, liveness detection is a feature that has no standards, no accepted methodologies, and no test procedures.
        Unlike say smartcard tamper resistance, or ATM security, or electrical safety, or cryptography, “liveness detection” is technically meaningless. Vendors can lay claim to it without reference to any independent quality checks. Nobody really knows if it works in practice.

  • Steve Morris says:

    How many times do we have to unlock our smartphones each day? Ten? A hundred? No wonder people are reluctant to use passwords. If biometrics make the task easy, then even if they are only 90% reliable, it will still mean a huge boost in public security.

Singularity Hub Newsletter

Close