{"id":4820,"date":"2015-03-18T09:45:34","date_gmt":"2015-03-18T13:45:34","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=4820"},"modified":"2020-02-26T18:59:40","modified_gmt":"2020-02-26T14:59:40","slug":"bionic-man-diary-3","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/bionic-man-diary-3\/4820\/","title":{"rendered":"#BionicManDiary Entry 003 \u2013 The one where I bypassed the smartphone&#8217;s password"},"content":{"rendered":"<p>The most devastating disappointment I have ever experienced since I started the biochip experiment is Apple\u2019s position towards NFC. Or, to be more straightforward, the company\u2019s desire to usurp the right to use it in its platform.<\/p>\n<p>Each iPhone 6 has a built-in NFC chip, but it is unavailable to any developers except Apple\u2019s very own. One cannot develop third-party apps for Apple\u2019s NFC. The explanation is a very trivial one: The folks from Cupertino are actively promoting their proprietary\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/apple-pay\/\" target=\"_blank\" rel=\"noopener nofollow\">Apple Pay<\/a>\u00a0contactless payment service and use this simple trick to get rid of any competition which might undermine their new platform. I knew it as soon as iPhone 6 was launched. But with a chip implanted into my hand, it is different story. As Oscar Wilde said:<\/p>\n<p><em>\u201cA dreamer is one who can only find his way by moonlight, and his punishment is that he sees the dawn before the rest of the world.\u201d<\/em><\/p>\n<div class=\"pullquote\">The best-in-class bionic tech won\u2019t be available to all in the future<\/div>\n<div class=\"pullquote\">\n<p>Having stumbled across the fact that my own microchip-enabled hand won\u2019t be capable of interacting with my iPhone, I had to embrace a dreadful truth: The best-in-class bionic tech won\u2019t be available to all in the future. Moreover, this fact has a fair chance of being used to manipulate people.<\/p>\n<p>Today, when\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/internet-of-crappy-things\/\" target=\"_blank\" rel=\"noopener nofollow\">Internet of Things<\/a>\u00a0is vividly emerging, the infrastructure for this concept is being created including, but not limited to, platforms, protocols, and standards. In this respect, the \u2018first come, first served\u2019 rule would be applicable. And the companies who happen to have an existing aligned and efficient development practice, will get a significant head start. An advantage which they won\u2019t be willing to share with anyone.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/BionicManDiary?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#BionicManDiary<\/a>, entry 001: the story of how a chip was implanted into my body: <a href=\"https:\/\/t.co\/tEawdUC2tj\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/tEawdUC2tj<\/a> by <a href=\"https:\/\/twitter.com\/cheresh?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@cheresh<\/a> <a href=\"http:\/\/t.co\/dXwzYUdYSC\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/dXwzYUdYSC<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/571029928214466560?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 26, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In fact, today\u2019s tech giants are now kicking some butt in their attempt to redefine the market anew: The companies are trying to tame the consumers and attach the users to their products in order to get a larger chunk of the pie.<\/p>\n<p>An ordinary consumer would, of course, not care about this commotion: if any gadget doesn\u2019t fit, they\u2019d just replace it with another one. But for me, and other future bionic people who would be equipped with more perfect bionic and neuro-implants, we would care A LOT \u2013 \u00a0as it is not that simple to replace a part of you.<\/p>\n<p>So, if in some not-too-distant future a cybernetic authentication system in the subway would be compatible with my biochip, but the bus depot would, all of a sudden, decide to deploy another type of pay gate system, I would have to, as strange as it seems, choose what type of public transportation I would stick to.<\/p>\n<p>I don\u2019t even mention cross-border travels and problems which could arise if a citizen of one country happens to be \u2018incompatible\u2019 with the infrastructure of another country. I overestimate the scale of potential issues on purpose, but I hope you have caught my drift.<\/p>\n<div class=\"pullquote\">To carry out the experiment, I got two Android- and Windows Phone-based smartphones \u2013 namely, HTC One M8 and Nokia Lumia 1020<\/div>\n<div class=\"pullquote\">\n<p>The longer I live a life of a \u2018newbie cyborg\u2019 \u2122, the more cautiously I am looking into the future. We unleashed the genie from the bottle, but were not prepared to face the consequences. To change the situation, we need to apply a tremendous effort on all levels, including the highest levels of decision-making. I have come across this notion while trying to experiment with the existing NFC apps available on Google Play, and have become a hostage to Android architecture.<\/p>\n<p>The chip itself works infallibly: it is quite simple and there is nothing in it to break down or lag. Smartphones are another story. I would recommend, once again, the Google Android team to brush up the code used in NFC apps. Sometimes after a series of read\/write operations in the chip\u2019s memory, smartphones stop recognizing the chip completely and need to be restarted. Sometimes an NFC app just freezes or terminates. In other words, things are quite immature now (and by \u2018things\u2019 I mean, well, every-thing).<\/p>\n<p>But today\u2019s story is about a single, very critical, use case: unlocking a smartphone by means of a biochip. What happened during the experiment has only deepened my concerns.<\/p>\n<p>Here is one little app I installed for the sake of the experiment \u2014\u00a0<a href=\"https:\/\/play.google.com\/store\/apps\/details?id=com.moonpi.tapunlock\" target=\"_blank\" rel=\"noopener nofollow\">TapUnlock<\/a>:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-4822\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2015\/05\/05113132\/tapunlock.png\" alt=\"tapunlock\" width=\"3008\" height=\"876\"><\/p>\n<p>I programmed the biochip in my hand to enable automatic screen unlock when touching the smartphone (for instance, when taking it in my hand). That means a traditional password, in this case, is replaced by the unique key which is stored in a chip under your skin. I was hyper-excited by the simplicity and elegance of this approach (on day 1, though):<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/f6KGlQIBuDg?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<p>But then the app froze, and\u2026 well, something might have been wrong in the settings (a quick analysis proved the file containing all used keys got corrupted).<\/p>\n<p>The reason, actually, doesn\u2019t matter. What does is the fact that all I got as a result is a potentially non-operable smartphone, which is impossible to unlock as it does not require the input of a password. There was no alternative method to unlock the device and the reset did not work. What I\u2019d gotten in the end was a useless piece of plastic.<\/p>\n<p>And now we are approaching a ground-breaking revelation: this protection can be bypassed simply! You don\u2019t even have to be a badass hacker \u2013 the only skill you have to possess is a mediocre awareness of the principles of modern mobile OS (Android, in our case). Android is a relevantly secure OS as such, mainly because third-party developers are not allowed to tamper with kernel.<\/p>\n<p>By fully controlling development processes and standards, Google can guarantee stability for both kernel and native apps. But when it comes to third-party developers, the system is always on alert, and that\u2019s the reason Google lets a user delete any app which is laggy, buggy, or just annoying.<\/p>\n<p>In order to delete an app which prevents an Android-based smartphone from loading successfully, you can complete several easy steps:<\/p>\n<ul>\n<li>Press and hold the \u2018Power\u2019 button, choose the \u2018Power off\u2019 option in the pop-up menu and press and hold it for several seconds (may vary depending on the model).<\/li>\n<li>In the next pop-up menu, choose \u2018Reboot in Safe Mode\u2019.<\/li>\n<li>After reloading, find a \u2018Google Play\u2019 app (the majority of apps will be hidden from the screen), then choose the \u2018All apps\u2019 tab and find the one you need.<\/li>\n<li>Pick the troublemaker app (TapUnlock, in my case) and click \u2018Uninstall\u2019.<\/li>\n<li>Press and hold the \u2018Power\u2019 button for several seconds and reboot in a regular mode.<\/li>\n<\/ul>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/wLKAvaWkjhM?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<p>It means today any third-party app which is used for user authentication purposes might be disabled at any time by following these easy steps. It proves the fact that all apps are considered unreliable by Google, whether prone to failing suddenly, or being compromised or infected. Anything can happen.<\/p>\n<p>Apple and Microsoft follow the same strategy. So, in order to deploy a means of biochip-enabled authentication in a reliable, convenient, stable, and safe manner and bid farewell to good old passwords, there is some serious work to be done \u2013 both on the OS kernel level and on the chip logic level. There are numerous things to think about and deploy: asymmetrical encryption, multi-factor authentication, and other means of security are among those which spring to mind.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">How it feels being a bionic man? Ok, but they have to find a better place for NFC-chip: <a href=\"https:\/\/t.co\/So2iNCWBBA\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/So2iNCWBBA<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/574594951037616128?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">March 8, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The good news is that Google and Microsoft engineers are already up to speed. I happen to be aware of the fact that #BionicManDiary is read by employees from Apple. So we can hope to apply a joint effort to solve all these issues.<\/p>\n<p>In my next blog post I will demonstrate how we adapted entry gates in our office to interact with my biochip. But first and foremost \u2013 I will show direct correlation between biochips and\u00a0<em>Star Wars.<\/em><\/p>\n<blockquote class=\"twitter-pullquote\"><p>#BionicManDiary Entry 3: The one where I bypassed the smartphone\u2019s password protection<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FUY44&amp;text=%23BionicManDiary+Entry+3%3A+The+one+where+I+bypassed+the+smartphone%26%238217%3Bs+password+protection\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>As always, I am happy to answer any questions, which you can ask in the comments to this post or on\u00a0<a href=\"https:\/\/twitter.com\/cheresh\" target=\"_blank\" rel=\"noopener nofollow\">Twitter<\/a>\u00a0or\u00a0<a href=\"https:\/\/www.facebook.com\/chereshcom\" target=\"_blank\" rel=\"noopener nofollow\">Facebook<\/a>.<\/p>\n<p>Yours faithfully,<br>\nCHE<\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>The most devastating disappointment I have ever experienced since I started the biochip experiment is Apple\u2019s position towards NFC. Or, to be more straightforward, the company\u2019s desire to usurp the<\/p>\n","protected":false},"author":7,"featured_media":4821,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,1485],"tags":[105,954,1136,991,849,181,187,886],"class_list":{"0":"post-4820","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-special-projects","9":"tag-android","10":"tag-biochip","11":"tag-biometrics","12":"tag-bionicmandiary","13":"tag-future","14":"tag-mobile-apps","15":"tag-passwords","16":"tag-private-data"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/bionic-man-diary-3\/4820\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/bionic-man-diary-3\/4723\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/bionic-man-diary-3\/5231\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/bionic-man-diary-3\/7208\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/bionic-man-diary-3\/7982\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/bionic-man-diary-3\/7116\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/bionic-man-diary-3\/7208\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/bionic-man-diary-3\/7982\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/bionic-man-diary-3\/7982\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/android\/","name":"Android"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4820","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=4820"}],"version-history":[{"count":3,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4820\/revisions"}],"predecessor-version":[{"id":15993,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4820\/revisions\/15993"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/4821"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=4820"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=4820"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=4820"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}