Pin Me

Bricked iPhone for Unauthorized Users: The Apple Patent Explained

written by: JCTorpey•edited by: Simon Hill•updated: 9/23/2010

iPhone users know to keep it safe. Apple, being the un-trusting company it is, filed for a patent that would scan a user's heartbeat with an ECG and take photos, matching the results to the owner's info and brick the device; erasing all iPhone data if an unauthorized user is detected-even falsely.

  • slide 1 of 6

    Welcome to the Mind of Apple Inc.

    The iPhone is supposed to be the most innovative smartphone (or mobile device) on the market, according to Steve Jobs, founder Apple's iPhone 4 and CEO of Apple Inc., the maker of the iPhone 4. However, Apple’s August 19 2010 patent filing for a “security method” to stop unauthorized users from hacking, stealing, or jailbreaking iPhones is making many “loyal” Apple fans nervous. Would you want a phone that scans your heartbeat? Well, that is exactly what Apple proposes in its patent and much, much more to stop what they say are “unauthorized users” from using any iOS devices “illegally.”

    This sounds ominously like an Apple killswitch for your iPhone.

  • slide 2 of 6

    Basic Patent Outline

    The Patent entitled “Systems and Methods for Identifying Unauthorized Users of an Electronic Device,” makes some dubious claims in what it can do with iOS devices, more specifically, the iPhone 4. The Abstract states that in some “embodiments,” the system detects unauthorized users by monitoring suspicious activity, comparing owner and user identities. If an unauthorized user is using the device, the system will remotely turn the iPhone off, among other things. Sections three and four of the patent outline the security system’s ability to activate and decide if an unauthorized user is using the iPhone. They state specifically that any suspicious behavior such as jailbreaking, unlocking, removing the SIM card, going too far away from a synchronized device or otherwise “hacking” the iPhone, will start the authorization processes to find out who is using the iPhone.

  • slide 3 of 6

    Apple Patent Sections Explained

    iPhone 4 from Apple Sections 11 to 14 outline the steps the iPhone will take to figure out if the current user is the iPhone owner. These steps are somewhat extreme and include:

    • Section 11: The iPhone’s CPU determines if the current user’s activity is identical to an authorized user;
    • Section 12: The iPhone’s microphone records the current user’s voice while the CPU determines if the voice matches the authorized user;
    • Section 13: The CPU records the current user’s heartbeat by administering an electrocardiogram (ECG) and comparing it with an “authorized heartbeat signature”;
    • Section 14: the CPU counts how many authorizations (from above) failed and determines that an unauthorized user has access to the device.

    Failing these “authentication tests,” the iPhone then performs a variety of tasks designed to decide who is using the iPhone and where it is. The iPhone will alert the iPhone owner to its location to begin recovery procedures. The system's intention is to keep the iPhone from being stolen or compromised in any way. Essentially, the iPhone will “phone home’ so the device owner may recover their device. Sections 15 through 18, 20, and 21 outline the iPhone's tasks, which include:

    • Section 15: the CPU uses the camera to take geotagged photographs to figure out where the iPhone is;
    • Section 16: The iPhone’s CPU activates the accelerometer to record the user’s vibrations and match them to a mode of transportation (i.e. walking, driving, etc.);
    • Section 17: The iPhone’s CPU activates the password input then takes a photo of the person inputting the password while determining how many times the current user input the password incorrectly and sends the information to a remote device;
    • Section 18: The iPhone’s CPU uses the photographs from Section 17 to find specific landmarks and their locations.
    • Section 20: After gathering the information, “machine readable media” saves it so the iPhone can match it with pre-saved instructions and owner information and then decide if the current user has authorization to use the device and, if not, the iPhone transmits the results to the device owner.
    • Section 21: using the “machine readable media,’ the iPhone determines who the current unauthorized user is.

    When the iPhone figures out who is using it, it determines what to do next. If an unauthorized user has the iPhone, it "phones home" to alert the device owner to its whereabouts and current user's identity. Section 19 states that the iPhone will send the gathered information about the current user to the iPhone owner using text messaging, VoIP, IM, blogs, cloud servers or any place the owner can receive messages online.

  • slide 4 of 6
    Planned Apple Patent Erases iPhone Data: Apple Killswitch for iPhone?What is the real power of the Apple patent plan? Can Apple legally implement such a security system? Are we looking at an Apple killswitch for the iPhone here?
  • slide 5 of 6

    Real Power of the Patent

    Theoretically, Apple could claim they are simply making the iPhone less appealing to thieves. The reality is that Apple allows the iPhone to take extreme measures in determining who is using the device and even more extreme measures with the iPhone's defense Apple iPhone 4 Front Facing mechanisms. Unfortunately, not many people would realize how extreme the defense mechanisms are because Apple did not include them in the Abstract or the claim sections; at first glance, the mechanisms sound benign and because the patent text is long, not many people would read it in full. They would never realize how much of a threat the patent could be to the user. Nevertheless, the patent's full summary clearly defines how Apple plans to use the security system and its defense mechanisms should it decide an unauthorized user is on the device.

    The iPhone will not only detect suspicious behavior, record it, and send it to the owner of the device, but it will also restrict what the iPhone can do. Specifically, I recorded in the fifth paragraph of the “Summary of Invention” section, Apple states the iPhone will cut off any access to applications and sensitive information such as names and addresses or financial account information. The iPhone could also erase all data if an authorized user does not authenticate within a predetermined period. In some cases, if the owner did not set up the security account properly, the minute the iPhone finds an unauthorized user on the device, it erases the data immediately. Alternatively, it will upload the information to a remote server and then erase it. Both of these scenarios are nerve-wracking, since even false identifications by the iPhone could cause the data erasure with no way to stop it.

  • slide 6 of 6

    Theoretical and Legal Questions

    If the patent is granted and Apple implements the security system on iPhone devices, users would face an intriguing situation. First, how far can Apple legally take the patent and to what extent could they carry it out on iPhone devices? With recent rulings by the Librarian of Congress that made jailbreaking legal, Apple would be in direct violation of the law should they implement the system with the intent to stop jailbreakers from using their iPhone any way they see fit. If the iPhone owner had a cold, how would he authenticate? His voice would be hoarse, making the ID process impossible. What happens if the iPhone falsely identifies the owner as unauthorized, will the iPhone erase all the information on it and, if it does, is there a way to retrieve it? By far, the most interesting question, raised is what human and/or civil rights is Apple breaking by requiring users submit to an electrocardiogram, or even having the device take a photo of them? Normally, it takes a court order to compel a person to submit to such invasive procedures, so how does Apple propose to implement these sections of the patent? Can Apple legally require its users to submit to any of these actions?