Using biometrics is the process of measuring and analyzing biological data to identify an individual. Mobile devices with biometric-enabled features are used for many purposes, one of which is authentication. This authentication method provides a strong level of security that ensures only authorized individuals can access sensitive information on mobile devices. “By 2024 […] 66% of smartphone owners will use biometrics for authentication.” (1) More than likely, you have encountered a biometric-enabled device in your mobile forensic investigations. But you may wonder how these biometric advancements impact your day-to-day line of work. This blog post will discuss what biometrics are, how they work, and the impact biometric capabilities can have on your investigations.
History of Smartphone Biometrics
Many people associate the first biometric-enabled device with the Touch ID on the Apple iPhone 5s in 2013. However, what you may not realize is that a form of that technology first appeared in 2004 with the launch of the Pantech GI100, which had a fingerprint scanner. Fingerprint biometrics were later followed by Facial Recognition capabilities – that most people associate with the Apple iPhone X release in 2017. Later, Android introduced Iris Scan and Voice unlock capabilities.
Misconceptions with Biometrics
The primary method for biometrics on smartphones and tablets is to authenticate the user by verifying the user’s identity before granting access to the device or data within an application. Some think biometrics replace passcodes – that is far from the case. If a biometric unlock attempt fails, the device will rely on a passcode unlock as the fallback measure to unlock the device.
How does Biometrics Work?
When you unlock a mobile device with a PIN or password, that input is compared to a stored value set by the device user. That information is stored in an access control system, and if the first attempt input identically matches the stored value, access is granted. But biometrics isn’t binary — like PINs or passwords. Biometric inputs are never truly identical. The biometric input you use to unlock a device is “compared to the enrolled biometric data stored on the device.” (2) At that point, the system decides if the biometric input is like the biometric records stored within the device.
Working with Biometrics
Active biometrics can be a concern for examiners, as care must be taken when devices are seized in a live state where the biometric unlocking is active. It is recommended that anyone interacting with a device in such a state should not look directly at a device or touch any biometric sensors, such as the Touch ID button, as the Face ID and Touch ID sensors will count this as an access attempt. These sensors might not even be an obvious button. In some cases, biometric sensors can be hidden, like on the edge of a smartphone or behind a device’s Home button. Biometric capabilities are becoming more mainstream, and their use is expected to increase in the future. As more devices become equipped with biometric capabilities, digital forensic investigators must understand the impact of biometrics in their line of work. To learn more about biometrics, read our Understanding Biometrics – Unlocking Best Practices for Digital Forensics eBook.
© 2022. Grayshift, LLC. All rights reserved. Proprietary and confidential.
- By 2024, How Many Smartphone Owners Will Use Biometrics?. Paymentsjourney.com. https://www.paymentsjournal.com/by-2024-how-many-smartphone-owners-will-use-biometrics/. Published June 4, 2020. Accessed September 24, 2021.
- Device Security Guidance. Ncsc.gov.uk. https://www.ncsc.gov.uk/collection/device-security-guidance/policies-and-settings/using-biometrics. Published June 29, 2021. Accessed September 14, 2021.