An MSU professor and his team used enhanced 2D fingerprints to unlock a Samsung Galaxy phone, offering a reminder of the now-quiet encryption debate.
Back in February, as Apple and the FBI legally and politically wrangled
over the locked iPhone of San Bernardino, Calif., terrorist Syed Farook, more than one online commenter suggested using the finger of the deceased Farook to unlock the phone.
That wouldn't have worked because the skin of living people is conductive, and that's part of what biometric phone locks respond to. So explained Anil Jain, a distinguished professor of computer science and engineering at Michigan State University, who, with doctoral student Sunpreet Arora and postdoctoral student Kai Cao, figured out how to unlock the Samsung Galaxy S6 of a different dead man, using his inky fingerprints from a previous arrest.
The man had been murdered, and Michigan State University Police Department Detective Andrew Rathburn hoped that his phone contained clues as to who had done it. According to MSU Today
, Rathburn Googled "spoof fingerprint" and was shocked and delighted to come across the fingerprint-related work of Jain and his team, right at MSU.
"The fingerprints they provided us were just ink on paper, which doesn't have a conductive property," Jain told NPR, in a July 27 report. "So the first thing we tried was to print the fingerprints on a special conductive paper, just like a photographic paper."
That didn't work the first time, so Jain and his team turned to more expensive 3D alternatives: a $250,000 machine that took 40 minutes per finger to reproduce each fingertip, and a $600,000 machine that added a conductive, metallic coating.
That plan—still less expensive than the reported $1.3 million the FBI ultimately paid a group of hackers to unlock Farook's phone—didn't work either, which sent Jain and his team back to Plan A. This time, they turned to an image-enhancing algorithm, which filled in light or missing spots to create a more precise print.
The team called Rathburn to bring back the smartphone, and this time it worked.
"Lucky for us, this phone did not require a passcode after a fixed number of failed attempts with fingerprints," Jain told MSU Today. "This allowed us to try different digitally enhanced fingerprints.
"My team is not in the business of hacking phones, but in the research side of the fingerprint technology," he said. "Hopefully, our ability to unlock this phone will motivate phone developers to create advanced security measures for fingerprint liveness detection."
The Encryption Issue
The FBI filed a court order Feb. 16, insisting that Apple assist law enforcement agents in unlocking Farook's iPhone 5C.
Apple CEO Tim Cook pushed back, saying the FBI was asking Apple engineers to write new code, which he said violated their civil rights, set a dangerous precedent and would essentially create a key that could, terrifyingly, unlock any door.
"The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers—including tens of millions of American citizens—from sophisticated hackers and cyber-criminals," Cook said in a statement. "The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe."
After the hackers successfully unlocked the iPhone, the FBI dropped the case, saying in a March 28 status report
with the court that it "no longer requires the assistance from Apple."
FBI Director James Comey, in a speech at Kenyon College April 6, called litigation a "terrible place" to have the important security, privacy and civil rights conversations that need to take place
"It is a good thing that the litigation is over. But it is a bad thing if the conversation ended," said Comey.
Lawmakers agreed, insisting that ongoing conversations are necessary to address an issue that, far from going away, will only be exacerbated.
On March 21, House of Representatives Judiciary Committee Chairman Bob Goodlatte, R-Va., announced a bipartisan Encryption Working Group. And on June 22, the group offered an update on their progress.
Key takeaways from their meetings to date, they announced, are that encryption is a good thing; there are "technical obstacles" to legislative mandates that "require special access to law enforcement"; there are opportunities for companies to enhance their training and support for law enforcement; and increased cooperation between law enforcement and the private sector could help break down "adversarial walls."
"We continue to meet with a variety of federal, state and local government entities, former government officials, private industry and trade associations, civil society organizations, consultants and legal experts, academia, and cryptographers," the group added in a statement
. "These meetings have produced critical information that has helped inform the working group as we seek solutions to this issue."