Should you activate fingerprint authentication on your new iPhone (or other mobile device?)

Bottom line: if you care about security you should avoid activating fingerprint authentication. Use an alphanumeric password in place of the 4-digit PIN and deal with the inconvenience. If you don’t care much about security but are careless about where you leave your phone or which networks you connect to, you should also probably skip it. For everyone else, it depends on your risk appetite. Good luck.

Fingerprint_picture.svgYesterday, Apple launched two new iPhones. The flagship model, the 5s, is impressive and includes many new features including fingerprint based authentication. It is part of a trend towards using biometrics on mobile devices, e.g., facial recognition on Android and voice recognition on the new Moto X.

The use of fingerprint authentication is not new (a family member has that on their Lenovo notebook), but deployment by Apple usually signals the onset of mainstream adoption. At present the iPhone offers it as an option, so you can still choose to use a traditional password instead. The main benefit of fingerprint technology is slightly faster unlocking than using a PIN code. Also the Apple device is said to be accurate and fast, unlike some earlier consumer-oriented implementations. At present Apple is allowing its use for iTunes and Apps Store purchases but one can imagine third-party applications are around the corner.

Before you activate this system, you should consider several issues. Online forums are abuzz about whether your fingerprint can be spoofed, whether the NSA might be spying on you, and whether you can be legally forced to unlock your device. In turn, Apple has tried to allay fears by stating that your fingerprint only exists in a “secure enclave” on the phone (strictly speaking, it is an electronic description rather than an image of your actual finger). However, there are several issues that I believe need consideration:

1. It is hard to replace your fingerprint.
If your password is compromised, you can just revoke it and create a new one. Replacing your finger can probably be done, but it will involve a bit of pain. If you lose your phone and a hacker gets in, or if they are able to remotely access your fingerprint data, the personal costs may be rather high. We also we have no information about know how cleanly (if at all) the data is erased when you sell your phone or recycle it; can the data be extracted afterwards?

2. The fingerprint encryption scheme will be hacked.
This is not a possibility but a certainty. The only questions are how long before it happens and whether you will get to hear about it. People are worried that the NSA is helping Apple keep a backup copy of the master encryption key (i.e., can you trust them to keep it secret, since they lost thousands of documents to some junior guy without knowing it?). But the problem is more fundamental than that: in order to make use of that encrypted data, your phone must contain the key. This is unlike the case where a password is kept separate from your encrypted fingerprint data, or a design in which a password (or some other security token) is needed in addition to your fingerprint data. Keeping the decryption key on the device makes it vulnerable, since with enough effort the key will be recovered, or some weakness in the encryption software can be found. If you think you have heard this story before, it’s because the same thing happened with DVDs. Any DVD player must contain the decryption key and mechanism for doing so, otherwise you won’t be able to view the movie contained on the disc. When DVDs were launched, manufacturers thought their encryption was sufficient, but were quickly proven wrong. Same thing with BluRay.

3. A magnet for attack
Some are worried about the NSA, but they probably already have your fingerprints. The real threat is elsewhere: encryption is broken and various encryption standards have been compromised (including at an atomic level involving encryption libraries used to build software). Thus, storing the data in encrypted format is just a deterrent. Apart from the NSA, you should worry about the other, possibly more nefarious organizations and governments out there. The fact that we know it is possible implies that others will try to get in, either through the same means or by creating new methods. Nathan Rosenberg calls these “inducement mechanisms” that focus the efforts of others; I have observed it in my own fieldwork on semiconductors. All over the world next week, communities of hackers and spy organisations will probably be posting “do not disturb” signs on their doors and begin working on this new challenge.

4. Large attack surface
The data on the fingerprint chip itself might be fairly secure but IOS, like all operating systems, is complex and has been compromised. Every year we hear of interesting exploits at events like Black Hat. There is no such things as a completely safe program, especially one as elaborate as a modern operating system. Your phone or mobile device is not locked down, unlike the scanning device at your neighborhood immigration counter. You bring it everywhere: to airports, cafes, public places, friends’ homes and to pubs). It is exposed to many angles of attack: physical hacking, software backdoors, security holes, hidden code in apps, and compromised websites that you might visit on the phone’s web browser. Another way in is through your computer that syncs to the phone via iTunes because your phone treats it as a trusted connection. Apple claims that the operating system has no access to the fingerprint data on the chip itself, but you’ll have to go on trust with that one as it is not verifiable (Apple also said it did not store your GPS data!).  The question remains of how separate the fingerprint system really is, since iTunes and the App Store will be able to authenticate using the fingerprint sensor, suggesting there may be some indirect paths available to hijack the authentication process, even if one does not touch the data itself.

Conclusion
While these risks are real, they do not necessarily imply that you will be hacked. That depends on whether you are a high enough value target. It also depends upon your personal habits and whether these practices expose you to a larger or smaller attack surface. And it depends upon your luck. Even with a regular old password, you could still end up being hacked, but at least you won’t risk losing your fingerprint data along with your other stuff. It is just a question of being aware of the risks. By no means am I dissuading you from buying that shiny new iPhone.

Bottom line: if you care about security you should avoid activating fingerprint authentication. Use an alphanumeric password in place of the 4-digit PIN and deal with the inconvenience. If you don’t care much about security but are careless about where you leave your phone or which networks you connect to, you should also probably skip it. For everyone else, it depends on your risk appetite. Good luck.

Image source: https://commons.wikimedia.org/wiki/File:Fingerprint_picture.svg

LTE is a Game Changer Because of Upload (not Download) Speeds.

What makes LTE a game changer is not its download speed but its upload speed instead. LTE is faster than the internet connection to many homes.

I recently upgraded to a smartphone that supports LTE, a new “pseudo-4G” standard that claims much faster speeds than 3G networks. Around the world, telecommunications operators are just beginning to roll out LTE. My first impression when using LTE was one of incredulity. This thing is smoking fast! The screenshot below shows 2 tests performed on my cellphone within minutes of each other in Melbourne’s CBD. The panel on the left is with my phone connected to 3G, while the one on the right is for the same phone connected via LTE. Download speeds for LTE are in the 21+ Mbps range as compared to 3+ Mbps on 3G. The phone feels noticeably faster when browsing the web or running web-connected apps such as Facebook. 3-dimensional maps appear really quickly on LTE. It is really a pleasure to use, but truth be told the old 3G speeds were already respectable for a mobile device.

What makes LTE a game changer is its upload rather than download speed, which is shown in the photo at around 20Mbps. On 3G, uploads are 16 times slower (at 1.2Mbps), and that is being generous as I am often only able to connect at half or a quarter of that speed around Melbourne. The amazing thing is that 20Mbps is much faster than most residential broadband connections. Many people are connected to the internet at home via ADSL2+ technology, which typically has download speeds of 5-8Mbps (despite what your Telco’s marketing brochure says) and upload speeds limited to a measly 1Mbps. In contrast, at various places around Melbourne’s CBD I have measured LTE upload speeds ranging from 6 to 20 Mbps, but of course this is not a scientific test.

In practical terms, what this means is that on an LTE phone, I can upload photos and videos much faster than many people can from their home networks. Uploading to Youtube, Instagram and Flickr from my cellphone while on the move has become amazingly practical, and no longer feels like a hopeless endeavour. Video conferencing over LTE is quite smooth, e.g., using FaceTime or similar programs. Applications that capture data locally and process it remotely (including Siri and other voice recognition apps) work quite well. This make the end-user experience so much better. While better download speeds are certainly welcome, the new upload speeds have removed a critical bottleneck that existed before. I believe it will open up all sorts of new opportunities for innovation and new applications.

It remains to be seen whether LTE speeds will remain impressive after everyone piles onto the network. I hope it won’t slow down to a crawl. The design of LTE incorporates better traffic handling than earlier networks, plus LTE has theoretical download and upload limits of 300Mbps and 75Mbps respectively, but how well will it cope in practice? Before it gets too congested, I am enjoying the boost in speed, glad to be working and living downtown and bathed in LTE goodness.

speedtest.net: LTE vs 3g
Speedtest.net: LTE vs 3G on Optus Australia’s Network

Improving Wireless Ordering at Restaurants

Last night, we got to order dinner on a wireless touchscreen, actually an iPad in Aluminum body armour. Pretty cool. This was not our first time, but it was a surprise because we were not at some fancy restaurant but instead at a modest place in Chinatown. It just goes to show how widely this technology has diffused. The use of a touchscreen menu was useful in this context for overcoming language barriers as the waiters weren’t the most fluent English speakers and although some of us spoke Chinese it was not the same dialect.

Unfortunately, like at many other places, we found that the restaurant was using a smart tablet in the same old “non-smart” way. i.e., just as an electronic version of their printed menu but with ordering capability built-in. I suspect that we’ll be seeing smarter devices soon. For instance, the computer should make customised recommendations based on your dining preferences, group composition and the chef’s knowledge of which dishes and beverages go well together. It should be more interactive, adapting the menu recommendations as you progress through a meal based on whether you liked a particular dish. This could change the dining experience from being a static one, where you order at the start and cannot make changes, to one that is more interesting and dynamic.

At a basic level, many restaurants are using the wrong device: instead of investing in their own tablets they should be offering a software application that downloads directly to your own smartphone/tablet as soon as you sit down at a table. This would allow you to make more personalised selections, for example using your own (private) dining history and food restrictions to help find suitable matches in the menu as well as making recommendations based on reviews posted by others online, or maybe even via a transitory peer-to-peer network of other diners.

ps: now that I’ve put these ideas out, they become “prior art” so hopefully this prevents companies from patenting them and filing frivolous lawsuits, thus ruining my future dining experiences.

Ordering on a Tablet
Ordering on a Tablet

 

Apple wins $1bn case against Samsung

The more important aspects of the verdict are that it found Apple’s patents to be valid and that Samsung wilfully and knowingly copied Apple.

Apple has won a massive victory in the latest round of its dispute against Samsung. Part of the case is on patents, and part of it is on “trade dress” (the look and feel of the iPhone).

The $1bn award sounds like a lot, but it isn’t really the most interesting part of the decision. The RIM/Blackberry case was much narrower but saw a $600m+ decision some years back. The more important aspects of the verdict are that it found Apple’s patents to be valid and that Samsung  knowingly copied Apple. The validity of Apple’s patents will probably allow it to earn a healthy stream of licensing revenue from other smartphone companies into the distant future. It will also give a well-needed jolt to the rest of the industry to explore different technological trajectories and to develop smartphones that do not resemble the iPhone as much. The willful nature of Samsung’s copying is why I believe the jury reached a surprisingly quick decision while others had expected it to be a protracted case, i.e., once they decided in their minds that Samsung willfully copied Apple, it was only a step away to reach the conclusion that Samsung infringed across a broad range of its products (see this chart at TheVerge). Very bad news for Samsung.

Some people view this as part of Steve Job’s vendetta against Google, which created the Android operating system running on Samsung’s phones. While this may or may not be true, it is not the whole story. The Android operating system is quite versatile and it is possible to build quite a diverse and novel ecosystem around it without copying the iPhone. An example of this is Sony with its aesthetically elegant Xperia phone and Android-based Walkman. Another is Nikon which has just released an Android camera and is an iteration away from it becoming an actual phone.

No doubt the Samsung/Apple ruling will be appealed, but it will inevitably shape the future of smartphones.

Quick review of IA Writer – a minimalist writing tool

I recently began using a new writing tool, iA writer. It is one of a slew of new programs that are “minimalist” writing tools including Omniwriter and Writeroom. They help you focus on actually writing rather than tinkering with fonts, layouts, hyperlinks, grammar checkers and other distractions. I was led to search for a new writing tool by Redmond’s Law of Large Numbers which states that a large and complex enough document will definitely crash Microsoft Word. I have been revising a paper for a journal and when it began crashing every ten minutes, I realized I was totally distracted by having to restart my word processor and guessing what changes had actually been saved. I was no longer focused on writing.

Initially I was skeptical and thought a minimalist tool was nothing new, just a modern version of Vi/Emacs or any of the LaTeX editors I’ve used. But it turns out to be a different user experience after all. Even compared to any of those, iA Writer is distraction free. There is no way to underline or italicize text. There are no styles, hyperlinks, or colors or fonts. There are no obscure Control/Alt/Esc commands to remember. There are however numbered headings which is useful. The overall effect is that your mind stays focused on paragraph structures, flow and generating interesting content.

The experience isn’t like using Notepad (Windows) or TextEdit(Mac) either. On iA Writer, one interesting feature — probably its only feature — is the “focus mode” which highlights the currently edited sentence and fades everything else into grey. This keeps your attention squarely on clarifying exactly what you are trying to express in the current sentence. I like that a lot. Oh and it does look great on screen, a bit like the typerwiters from days gone by.

iA Writer syncs to Apple’s iCloud, so you can edit on your Mac, iPhone or iPad and not worry about backups. You can roll back to different versions using iCloud’s built-in features. If you use Windows, the options include Darkroom, Focuswriter and Writemonkey but I haven’t tried any of those.

Because of its lack of features, a minimalist writing tool isn’t for everything, certainly not equation-laden articles. But it is great for a first draft and if you are primarily writing text. I am currently keeping iA Writer as part of my workflow, using it to draft things, then pasting the results into a word processor or other application for layout and finishing. If you have used such a tool, do share your experiences (good and bad) below.

ps: this blog post was written in iA Writer.

Game classifications and sensible implementation

There is some discussion at the moment that the Australian government might move to require mobile application games to be classified according to content. This is a move that is consistent with requirements on other computer games and, on the face of it, if classification is policy there it would seem that it should be policy for mobile games. (Note to commentators: it may well be that classification of games is silly but I’m not looking to discuss that here.)

What I want to discuss is the implementation of this. Here is what the concern is:

The government is now making plans to require developers to submit their game apps to the Classification Board before they are released. This would cost developers between $470 to $2040 per game.

This would cause several things. First, literally thousands of overseas developed games would be removed from the various mobile application stores in Australia. Most of these do not cover the developer costs and even those that may have in the past may not do so in the future. Not to mention the cost of applying for classification. The effect on Australian consumers would be immediate. Second, this would have an impact on local developers. Fortunately, with regard to games, most of their sales are elsewhere. But we will see a headline within a year: “Australian teenager has hit mobile game but her friends cannot play it.” Nonetheless, there will be a disproportionately negative impact on developers who are trying to tailor games to the local market. Third, this will end up including educational games and books. For instance, Dr Seuss books on the iPad have little games in them. I assume that means they require classification. Maybe popular children’s books won’t be impacted but there will be many other educational apps that will be and this will spark further headlines. Fourth, apps that use Apple’s iAds will be impacted as these ads may include games in them. Finally, all of this will cause Australians to either pirate games in droves — indeed, they may do so just to get games that are actually free elsewhere! — or move to overseas app stores. My guess is that rules imposed internally by Apple and co that prevent purchases by Australians from say, New Zealand will be relaxed. This will alleviate the harm of all this but it will be a very bad look. Need I say, that this is as much a problem for Apple and Google as it is for developers and consumers. In other words, the doom and gloom forecasted may well occur.

The good news is that there is an easy solution to this. First, raise the fines for selling games in Australia with the incorrect classification; including on application stores themselves. Second, allow developers to self-classify their games. That’s it. The vast majority of games can be classified easily and, indeed, Apple already does this. There seems little reason to add another layer of review prior to an app’s launch. Instead, the onus would be on developers and publishers/platforms to review applications and make sure their content is rated properly. If they fail to do so and there are complaints — which there inevitably are — then the Government can prosecute. Anticipation of that and a large fine will keep this in check.

My point is that all of the dire consequences for the industry arise because Classification requires pre-evaluation. If it was made a self-evaluation process plus a later process to deal with infractions that would alleviate almost all concerns without sacrificing whatever public policy goals there are from the classification policy. And if developers are still concerned about taking that risk, then they can pay a fee and be pre-classified. See, this is one area where everyone can be happy so long as a little bit of common sense is applied. I guess we will have to see what occurs.

NTP Sues Apple, Google, Motorola, HTC, LG, Microsoft

Last year David Weston and I wrote a teaching case on how in 2000, NTP sued Research in Motion (makers of the popular BlackBerry device) for infringing its patents that cover the wireless delivery of email (free download from WIPO). Well, NTP is at it again, and has just sued a number of firms including Apple, Google, LG, Motorola, HTC and Microsoft that make smartphones. The Washington Post has a brief description of the patents. The earlier case ended with a $600+ million settlement, but that large amount was partly the result of (a) RIM was found to have willfully infringed NTP’s patents and attempted to deceive the court when presenting evidence of “prior art” in 2002, and (b) as the case escalated, RIM faced the very real threat of having its US operations closed down in 2005. A number of the original patent claims were subsequently revoked, but I imagine that NTP is hoping that the larger base of email users these days will give it enough licensing revenue from each of the mobile operators. If you haven’t heard of NTP, that is because the company is sometimes thought of as a patent troll and is not well-loved. In my opinion, the lawsuit also highlights a more subtle problem with the patent system. When successful firms like RIM and Nokia choose to settle with companies like NTP, it gives NTP an incentive and the financial resources to then attack a broader group of other firms. A precedence is also set. It would be better if such firms fought back, e.g., by establishing prior art that invalidates such patents or by pushing back on the claims.

Is Secrecy Always A Good Thing? The Tale of Apple Aperture vs Adobe Lightroom

Apple is known for its penchant for secrecy. Products are developed as top-secret projects and unveiled to the public with great fanfare. This has brought it tremendous benefit, for example with during the dramatic launch of the iphone by Steve Jobs (http://www.youtube.com/watch?v=vZYlhShD2oQ#t=2m20s). However secrecy carries costs, and in some cases the costs outweigh the benefits. Yet Apple retains this approach across a whole range of its products; secrecy is apparently “baked into the corporate culture” (http://www.nytimes.com/2009/06/23/technology/23apple.html). Consider Aperture 3.0, the newly updated photo-management product by Apple aimed at professional photographers. It was launched last week following Apple’s usual “secret till the last minute” approach. It is instructive to compare Aperture to Lightroom, a very similar product by Apple’s rival Adobe which has taken a very different approach.

There have been two effects of the secrecy surrounding Apple’s Aperture 3.0. First, the direct effect of launching poorly-tested software. Twitter and the Apple forums are full of complaints by anguished customers who have been unable to upgrade older photo libraries (e.g., http://discussions.apple.com/thread.jspa?threadID=2331026). No doubt there is a selection bias and users with a trouble-free experience are less likely to visit these forums and complain. But this is hardly the “awesome” and polished experience that is expected from Apple, a company that uses “it just works” as a tagline. Among the reports are complaints by customers whose computers have totally frozen during the upgrade, those who succeeded in upgrading but then found it unstable, and those who gave up but were unable to reinstall earlier versions of that software. It is clear from these reports that Aperture 3 was insufficiently tested before being sold, especially against real-world photo libraries in use by existing users.

A second effect of secrecy is that professionals have been increasingly adopting Adobe Lightroom. While the buzz of unveiling a new product may matter for consumer-oriented products like the iphone or ipad, Aperture is aimed at professional photographers, design companies and media organisations. For this audience, surprise may be less important and even counterproductive. Instead , advance knowledge of upcoming features and a stable product at launch time are probably more important. These allow the client to anticipate changes and plan for its integration into existing workflows and business processes.

In contrast to Apple, Adobe has taken a different approach with Lightroom. In October last year it launched the new version as a public beta, available for anyone to download and try for free (the software expires automatically at the launch of the actual product). The public beta gives Adobe precious information from real-world customers on a massive scale. In addition, customers are able to experiment with features likely to be included in the final version, rather than being kept in the dark with no way to anticipate and plan their own businesses around Adobe’s roadmap. Lightroom has its share of detractors, but generally the response online has been positive. The important thing to point out is that Adobe isn’t one of these “open source” players. Lightroom is commercial software that is quite expensive and the guts of the software are heavily protected. However, by being less secretive than Apple, Adobe is able to engage better with its customers. This applies not just to the public beta: in earlier versions of Lightroom, Adobe took a more open stance towards allowing third-party plugins and introducing user-created presets.

Looking more broadly, my sense is that Apple’s secrecy is costing it not just with Aperture but also with other recent product launches. For example, iPad developers are in a scramble to develop software for the new device which ships in about 2 months. Apparently even Apple’s close allies were introduced to the iPad just weeks before it was publicly announced. Even Apple’s new Snow Leopard operating system had its share of bad surprises after it was launched, causing some cases of data corruption. To this day, none of my colleagues are able to print from it to our enterprise-quality printer down the hallway using the Safari web browser or the Preview tool without causing the software to crash. The lesson to be learnt is that while secrecy may be useful for some products, firms (including Apple) should revisit the question as to whether they need to be secretive across all their products.

Do share your thoughts and comments on our discussion board.

—- update on 17 March 2010

A quick update – after writing this article I received a surprising number of emails. Quite a few photographers and media professionals wrote to say they agreed with my perspective. A few disagreed, including some folks who said Adobe also had its share of problems. A few people also wrote to complain that I am biased and “anti-Apple”; I contend this is untrue seeing that I personally own a lot of Apple products.

A couple of people asked what the benefits were of secrecy, and to give a quick answer, it generates greater consumer buzz when the product is launched (as mentioned). In addition, secrecy is one of the mechanisms by which firms attempt to protect intellectual property (e.g., the oft-told story of Coca Cola’s secret recipe). Keeping something secret may also help prevent competitors from hiring the relevant people to develop similar products, although this is controversial as it depends on how scarce the relevant skills are. I hope this helps give my article some balance. I’m not saying secrecy is bad in general, but that it should be used when appropriate. It may be somewhat less effective for professional rather than consumer products, especially software which involves network effects and benefits from a cohesive developer community.

A spokesperson from Apple wrote to me to say that a number of photographers did work with Apple on the beta prior to launch (but as I understand it from people in the industry, this was a private beta and a non-disclosure agreement was involved). Apple also said many of the issues have been addressed in a recent upgrade to the software, and they dispute the market share data used by John Nack which I linked to in my article. They also made a few other points. I am sharing this so that their view is represented and they are welcome to post a reply too, however I don’t think it takes away from the main points of my article. Subsequent to my post, I learnt that Apple’s secrecy was also a concern raised by various photography blogs (e.g., http://photofocus.com/2010/02/17/aperture-3-0-very-cool-but-not-ready-for-prime-time/). Moreover, the extensive fixes that were made soon after Aperture’s release shouldn’t have been needed in the first place if the software had been properly field-tested. Fundamentally, secrecy means missing out on engaging with the professional community and developers in an extensive way prior to the product’s launch. That is the price to pay, and while in some cases this is worthwhile, in other cases its not always a net benefit.

Finally, finally, finally, an official iPhone toilet map

IMG_0075For over a year, I have been lamenting the lack of a toilet finding app on the iPhone that utilised the official data from The National Public Toilet Map. They haven’t released the data but the National Continence Management Strategy has released its own iPhone app (thanks to an alert twitterer for pointing this out). You can download it here for free. It looks pretty good. You tell it your location and it finds the nearest facilities which you can locate and get directions on a map. It also tells you opening hours and other information. I still think that it would be better off if the information were publicly available and innovators could make their own apps but this is better than nothing.

ATM Finder for iPhone

untitledThere are many ways to find a toilet with an iPhone. Now from MasterCard, you can find ATMs. Of course, what we need with this is the transaction fee as well so we can find the cheapest one. Are you listening RBA? Is it time for ATMWatch?