#BionicManDiary entry 003: The one where I bypassed the smartphone’s password

March 18, 2015

The most devastating disappointment I have ever experienced since I started the biochip experiment is Apple’s position towards NFC. Or, to be more straightforward, the company’s desire to usurp the right to use it in its platform.

#BionicManDiary Entry 003 — The one where I bypassed the smartphone's password

Each iPhone 6 has a built-in NFC chip, but it is unavailable to any developers except Apple’s very own. One cannot develop third-party apps for Apple’s NFC. The explanation is a very trivial one: The folks from Cupertino are actively promoting their proprietary Apple Pay contactless payment service and use this simple trick to get rid of any competition which might undermine their new platform. I knew it as soon as iPhone 6 was launched. But with a chip implanted into my hand, it is different story. As Oscar Wilde said:

“A dreamer is one who can only find his way by moonlight, and his punishment is that he sees the dawn before the rest of the world.”

The best-in-class bionic tech won’t be available to all in the future

Having stumbled across the fact that my own microchip-enabled hand won’t be capable of interacting with my iPhone, I had to embrace a dreadful truth: The best-in-class bionic tech won’t be available to all in the future. Moreover, this fact has a fair chance of being used to manipulate people.

Today, when Internet of Things is vividly emerging, the infrastructure for this concept is being created including, but not limited to, platforms, protocols, and standards. In this respect, the ‘first come, first served’ rule would be applicable. And the companies who happen to have an existing aligned and efficient development practice, will get a significant head start. An advantage which they won’t be willing to share with anyone.

In fact, today’s tech giants are now kicking some butt in their attempt to redefine the market anew: The companies are trying to tame the consumers and attach the users to their products in order to get a larger chunk of the pie.

An ordinary consumer would, of course, not care about this commotion: if any gadget doesn’t fit, they’d just replace it with another one. But for me, and other future bionic people who would be equipped with more perfect bionic and neuro-implants, we would care A LOT –  as it is not that simple to replace a part of you.

So, if in some not-too-distant future a cybernetic authentication system in the subway would be compatible with my biochip, but the bus depot would, all of a sudden, decide to deploy another type of pay gate system, I would have to, as strange as it seems, choose what type of public transportation I would stick to.

I don’t even mention cross-border travels and problems which could arise if a citizen of one country happens to be ‘incompatible’ with the infrastructure of another country. I overestimate the scale of potential issues on purpose, but I hope you have caught my drift.

To carry out the experiment, I got two Android- and Windows Phone-based smartphones – namely, HTC One M8 and Nokia Lumia 1020

The longer I live a life of a ‘newbie cyborg’ ™, the more cautiously I am looking into the future. We unleashed the genie from the bottle, but were not prepared to face the consequences. To change the situation, we need to apply a tremendous effort on all levels, including the highest levels of decision-making. I have come across this notion while trying to experiment with the existing NFC apps available on Google Play, and have become a hostage to Android architecture.

The chip itself works infallibly: it is quite simple and there is nothing in it to break down or lag. Smartphones are another story. I would recommend, once again, the Google Android team to brush up the code used in NFC apps. Sometimes after a series of read/write operations in the chip’s memory, smartphones stop recognizing the chip completely and need to be restarted. Sometimes an NFC app just freezes or terminates. In other words, things are quite immature now (and by ‘things’ I mean, well, every-thing).

But today’s story is about a single, very critical, use case: unlocking a smartphone by means of a biochip. What happened during the experiment has only deepened my concerns.

Here is one little app I installed for the sake of the experiment — TapUnlock:

tapunlock

I programmed the biochip in my hand to enable automatic screen unlock when touching the smartphone (for instance, when taking it in my hand). That means a traditional password, in this case, is replaced by the unique key which is stored in a chip under your skin. I was hyper-excited by the simplicity and elegance of this approach (on day 1, though):

But then the app froze, and… well, something might have been wrong in the settings (a quick analysis proved the file containing all used keys got corrupted).

The reason, actually, doesn’t matter. What does is the fact that all I got as a result is a potentially non-operable smartphone, which is impossible to unlock as it does not require the input of a password. There was no alternative method to unlock the device and the reset did not work. What I’d gotten in the end was a useless piece of plastic.

And now we are approaching a ground-breaking revelation: this protection can be bypassed simply! You don’t even have to be a badass hacker – the only skill you have to possess is a mediocre awareness of the principles of modern mobile OS (Android, in our case). Android is a relevantly secure OS as such, mainly because third-party developers are not allowed to tamper with kernel.

By fully controlling development processes and standards, Google can guarantee stability for both kernel and native apps. But when it comes to third-party developers, the system is always on alert, and that’s the reason Google lets a user delete any app which is laggy, buggy, or just annoying.

In order to delete an app which prevents an Android-based smartphone from loading successfully, you can complete several easy steps:

  • Press and hold the ‘Power’ button, choose the ‘Power off’ option in the pop-up menu and press and hold it for several seconds (may vary depending on the model).
  • In the next pop-up menu, choose ‘Reboot in Safe Mode’.
  • After reloading, find a ‘Google Play’ app (the majority of apps will be hidden from the screen), then choose the ‘All apps’ tab and find the one you need.
  • Pick the troublemaker app (TapUnlock, in my case) and click ‘Uninstall’.
  • Press and hold the ‘Power’ button for several seconds and reboot in a regular mode.

It means today any third-party app which is used for user authentication purposes might be disabled at any time by following these easy steps. It proves the fact that all apps are considered unreliable by Google, whether prone to failing suddenly, or being compromised or infected. Anything can happen.

Apple and Microsoft follow the same strategy. So, in order to deploy a means of biochip-enabled authentication in a reliable, convenient, stable, and safe manner and bid farewell to good old passwords, there is some serious work to be done – both on the OS kernel level and on the chip logic level. There are numerous things to think about and deploy: asymmetrical encryption, multi-factor authentication, and other means of security are among those which spring to mind.

The good news is that Google and Microsoft engineers are already up to speed. I happen to be aware of the fact that #BionicManDiary is read by employees from Apple. So we can hope to apply a joint effort to solve all these issues.

In my next blog post I will demonstrate how we adapted entry gates in our office to interact with my biochip. But first and foremost – I will show direct correlation between biochips and Star Wars.

As always, I am happy to answer any questions, which you can ask in the comments to this post or on Twitter or Facebook.

Yours faithfully,
CHE