Hi Ranty Nation!  Ranty McRantyson har agin!

Well, ah’d thunk y’all be thunkin bout now sumthin like, “Whut the heck?  Ranty is rantin bout smartphones an biometrics an such?  Whut makes him thunk he know whut he be talkin bout?”

An that’d be a gud question.  Y’see, ah dun wurked in “Infurmational Technology” an such fur over 20 years an learned a thang or two durin that time.  Then agin, jus applyin sum “common sense” oughta wurk purty gud too!  So whadda y’all say we’all give it a try an see whar it dun lead?

Why Lock Mah Device (Security)?

Anyhoo, all the new fangled “smartphones” an such dun have whut they call “biometrics” that y’all can use to unlock yur devices with.  An ah suppose y’all’re wonderin why we’all need to lock them in the furst place, amiright?

Thangs have changed a gud bit since ah was a youngun.  When ah was a jus a toddler, we’all had them “dial” phones.

Heck, ah was a teenager befur the furst pushbutton phones were available fur the home!

Now a “phone” is so durned smart they’s even takin the place of a full computer fur some folk!

We dun be keepin jus bout everthin we do on our phones nowadays.  Y’all might well be justified in thunkin they even be a “memory extension device” cuz modern day livin is so complicated we can’t keep everthin we thunk an have to do in our heads anymore.  Fur crooks an the guvmint to be gittin in y’all’s smartphones dun almost be like gittin direct-like into yur mind!

Cuz of how much most folk rely on they’s phones, we keep stuff on them that it wouldn’t be gud if’n sumone were to git hold of that infurmation.  Ah mean we dun keep our credit card number, our bank account numbers, PayPal, our friends an family info, an even, sumtimes, our Social Security number on our phone.  At the least, wit all that infurmation, a crook cud jus steal our identity, not to mention clean out all our money!  On top of that, we sumtimes keep downright embarrassin infurmation on our phones!  Infurmation we don’t want no one, not even the guvmint knowin bout!  An stuff we used to keep in our heads (like thoughts an ideas), but now we dun keep on our phones, cuz we expect it to both be safe an private!

But y’all probly sayin, “But Ranty, ah ain’t got nuttin ah’m afraid’ll git out!”  You may thunk that now, but if’n or when y’all have yur ID stolen an y’all’re spendin months, maybe even years, an a ton of money to git straightened out, then it’ll be too late.  An it really do only take a small bit of wurk to be safe, so it be wurth the effort in the long run.

So, we dun need to keep all that infurmation safe/private.  At furst, the only way was to use a PIN/passwurd.  An that dun wurked purty gud (in fact it was, an still is, the best way, but we’all’ll talk bout that below).  But them smartphone designin folk jus kept addin stuff to the phones an, eventually, they dun added other ways to keep all that infurmation “secure”.

Ah thunk them folk dun bin watchin too many movies!  An not only that, but they dun didn’t learn the right lessons frum them movies, neither!

So, they started addin “security measures” called “biometrics”.  An then device security went all to heck!

Whut Are Biometrics an Whut Do They Do?

“Biometrics” are “security measures” that use sumthin physical-like an unique to each person.  “Bio” means “life” (“biology” = “study of life”) an “metric” means “measurement”.  So, put the two together an y’all git “life measurement”.

Ah’m sure y’all can remember frum them spy movies whar folk’d use they fingerprints or voice or face or even eyeball fur the security system to verify they’s who they was sayin they was.  Problem was, in the movies they’s always a problem wit each of them methods that the spy wud use to git in.  So let’s take a quick-like look at each an see whut’s wrong wit them.

The main thang to remember that fur a gud biometric, they’s got to be usin sumthin that is differnt tween ever person.  So them scientifical folk dun did the research an found that these ways are the most differnt an convenient.  Problem is, “convenient” don’t always mean gud.

Fingerprints

Ah remember this har show called “Mythbusters” (Episode 59: Crimes and Myth-Demeanors 2) whar they dun fooled sum of the best fingerprint biometrical stuff of the time wit either a photocopy of the fingerprint or a gel copy.  An that thar method, or sumthin similar is old hat fur spy movies!

 

Voice

In the spy movies this’n be probly the easiest of all to beat.  Usually, it be dun wit a combination of a “voiceprint” an a “passphrase”.  Like they’d say, “Mah voice is mah passwurd” an then the compooter wud analyze the voice to make sure it dun “sound right” an make sure it was the right wurds. Of course, the spy wud then jus record the user sayin all them wurds an put them together in the right order an play it back to the compooter so they’s git in!

Course, then the security folk got smarter over time an made the user read wurds on a screen outloud.  An the spy folk’s job got a bit harder cuz they’all’d have to record a bunch of wurds an use a compooter to order them right fur whut be on the screen.

Face

Nowadays “facial recognition” is the newfangled way of doin biometrics.  Wit stuff like Apple’s Face ID, all y’all need to do is hold the phone in frunt of yur face an the Apple device will unlock.  Course, the other device maker’s also got sumthin like this too.

In the “ol” days of face recognition, y’all cud beat them wit somethin as simple as a picture.  Realizin this, sum of the latest tricks dun use “depth” of the face the system sees an matches that an the shape/measurements of the face to git an accurate ID.  The top-of-the-line systems’ll even use heat patterns of the face on top of the other thangs to make sure sum “unauthorized” person ain’t tryin to sneak in.

But givin nuff time an money all of these can be beaten too.

Eyeball

Finally, the ol eyeball scanner.  They’s two ways that these scans be dun an they can be either way or together.  The mos common way is fur the “iris scan”.  The iris is the part of yur eye that has the color in it.  Each iris dun be unique.

The less common way is fur to look at, an map, the pattern of blood vessels an other identifiers on the inside of the eyeball on whut’s called the “retina”.  The retina is whar the eyeball focuses light so as we’all can see!  Each person has a unique pattern of bloodvessels in they’s eyes.  Course, them spy folk dun figured out how to fool these too, but this’n probably be the hardest to fool cuz it be the hardest to git a gud picture of if’n y’all are tryin to fake it.

So, as y’all can probly figure out, all of these biometrical thangs can be fooled.  Thang is they all take sum wurk to git round, specially if’n y’all’re tryin to be secret-like.  BUT, unfurtunately, they’s be a much simpler an more dangerous way to git round them.

The Main Reason Why Biometrics Ain’t So Gud Fur “Security”

Specially wit smartphones an other portable devices, they’s a much easier way to git into them.  FORCE!

Now, y’all probly thunkin, “Whut the heck is Ranty talkin bout now?!?  How’re ya’ll sposed to force a compooter to do sumthin?  Duh!”  Ok, ah’ll give y’all that one.  BUT…

Y’see, they’s one thang all these biometrical designin folk dun furgot.  It’s a thang that crooks an guvmints an even yur kids (well, kinda) ain’t worried bout… makin y’all use yur fingers or face to unlock yur device!

A crook can grab y’all an grab yur hand an force it onto the fingerprint reader to git access to yur phone.  Even more easy, if’n y’all’re usin sumthin like FaceID, they can jus hold yur phone up to yur face an unlock it that way.  Once unlocked, they cud even take away all them lockin features an then git access to all that info at they’s convenience!

Remember way back when ah said yur kids can force y’all to “use” yur biometrics?  Well, they ain’t really usin force, but more like usin sneakiness to git yur biometrics.  They’s bin stories of kids who dun snuck up to they’s parents and carefully grabbed they’s hand an put the finger on the fingerprint reader while they’s parents were asleep!  An the same story fur face recognition, but it was easier since the kid didn’t have to touch they’s parent (now face recognition requires that the eyes be open so as to beat the kids on that score).

Sneaky lil rug-rats!

As fur as ah know, there ain’t no voice recognition fur portable devices.

Samsung has had both retina and iris scanners, but they wasn’t reliable nuff fur them to keep using.  Also, sum folk said the iris scanner make they’s eyes tired/hurt.

An Biometrics CAN Just FAIL!

Even wurse, they can fail cuz of sumthin on you changes.  Fur example, if’n yur finger y’all use to unlock the phone were to git cut, then the fingerprint reader might not recognize yur finger.  If’n y’all were to git a cold, a voice recognition lock might not be able to recognize yur voice.  In the day an age of COVID-19 an mask wearin, the face recognition won’t wurk as it won’t be able to see 1/2 yur face OR if’n y’all were to git hit in the face, it wudn’t work neither.  Finally, a cold, or sumthin similar like, can change yur eye nuff so as yur eyeball reader won’t wurk.

Whut the Laws Says Bout Forcin Access to Yur Devices

Now that we’all dun know how to git really gud passwurds, ah thunk we oughta take nuther look at y’all bein forced to use yur biometrics fur sumone to git access to yur device.  Whut’s important to know har is that the US courts dun said that it is legal fur a guvmint official (say a police officer) to force yur hand to yur device to git yur fingerprint reader (or face fur FaceID) to let them have full access to yur phone.  Yep, y’all read that right, the courts have said a police officer can legally force yur finger onto yur device so as they can git access to yur device!

Now, ah don’t know if’n y’all be doin sumthin illegal or have sumthin embarassin or jus sumthin y’all don’t want no one else to see.  But whut ah do know is that if’n y’all don’t want yur device to be forcefully opened, then y’all need to have either a long PIN (8+ numbers) or a long random passwurd (10+ characters).

So, ah’ll finish this talk in “Why ‘Biometrics’ Ain’t Such a Gud Idea… Part 2“… when it’s dun, probly on Black Friday (11/27/2020).

Ranty McRantyson signin off!

PS.  Ah dun also consulted mah bruther, Rufus McRantyson, on the security stuff in this har talk cuz he be a “compooter security expert-like person”.