Biometric authentication destroyed my life
I can’t believe this is happening — I think to myself while I stare at my phone in disbelief, not knowing what to do as my whole life collapses in front of my eyes. There’s no way out. I can’t do anything.
I’ve been hacked.
Before we continue with this story, let me tell you how everything started. It was on Wednesday, September 13th, 2017 that Apple released the iPhone X with FaceID. Samsung had released a similar feature before but you know what they say: it’s not real until Apple does it.
There were, of course, security concerns but I’m not what you’d call a techie so I didn’t pay much attention. I mean, if Apple releases something to the public it has to be secure, right?
All I could think of as they presented the feature was it was awesome. The days of spending an extra second unlocking my phone every five minutes were gone. Instant satisfaction!
I wish I could go back and tell my old self that we can afford that extra second.
It’s 9:30 am and my head is killing me. I wake up with the worst hangover I’ve had in years and instinctively try to reach my phone.
Where’s my phone? I start looking around. Is it inside my car? Nope. It’s not on the table. I spend half an hour looking for it around the house. Oh, great. I lost it. I look for my replacement phone and drive to my telecom provider so I can get a replacement SIM.
I have most of my apps installed on that phone and I try to log in to some of them just to check that everything is OK.
“Wrong password, please try again”
I’m greeted with the same message several times as I open every single app on my phone. I can’t believe this is happening, I followed every security recommendation out there: strong, randomly generated passwords, numbers, symbols… You name it. I even activated two-factor authentication for every service. No one could possibly log in to any of my apps unless they got a hold of my phone.
Then, it strikes me like lightning.
Have you ever walked up the stairs after turning the lights off and thought there was an extra step at the end? Have you ever felt that void in your guts after taking that last leap and finding there’s no step?
Now imagine that sensation, intensified a million times.
¡Fucking FaceID!
My thoughts are traveling really fast through my head. I need to act, right now! Where’s my computer?
I browse into my bank’s virtual agency. I try to log in. Nothing. I call them but it takes ages for them to answer and when they finally pick up they tell me I need to go to a physical agency. I run to my car. Right now nothing else really matters, I need to be sure that my money is safe.
I drive there and they tell me I used an app on my phone to send money to 4 different ATMs. They say they’ve blocked the account after a while since the activities were suspicious but still, some of the money is gone. Forever. They’re going to look at the security footage but aren’t confident that the attacker can be identified.
I’m angry. How did they allow that?! I’m going to sue them, they will never know what h…
My phone vibrates, it’s an SMS from my girlfriend. She’s mad at me. She’s telling me I’m a pig. She calls me and frantically rambles something about her privacy and me breaching it.
“It’s all over the Internet, Ryan, how could you?”
I try to call her back but she’s not answering. I don’t understand what’s happening. I try to get it together and think: it’s got to be those nudes she sent me, they were on my phone. Shit. I need a computer.
As I drive back home I start to realize how big this is: my Facebook account, my Instagram account, my email. Shit. My email, that grants access to every other service. Did they change the password? Of course, they did. Fuck…
It’s been eight hours since I figured out what happened: Yesterday I was drunk and someone stole my phone and unlocked it using FaceID. Since I had enabled two-factor security for almost every service, they used that same phone to change all the passwords. It was a chain reaction: my phone granted the attacker access to my email, after that both my cellphone and email granted him access to Facebook, and so on…
I can’t believe this is happening — I think to myself while I stare at my phone in disbelief, not knowing what to do as my whole life collapses in front of my eyes. There’s no way out. I can’t do anything.
I’ve been hacked.
Each day we rely more and more on our devices to manage every aspect of our life. Money and social interactions are increasingly happening inside this virtual space that poses security threats most people are yet to fully comprehend.
Security is a matter that we shouldn’t take lightly. I’m not saying any of these methods are inherently prone to attacks (some of them are, though). I’m just saying that you should stop and think if that extra second you’re going to save is worth your whole life. Yes, your fingerprints, iris, and face are pretty much unique but think about this: what happens if, for some reason, someone gets a hold of that information? You can always change a password but, how do you manage to change your face, fingerprints or iris?
Once any of those details are public and you rely on them to secure your most valuable information you are a second away from becoming Ryan.
Disclaimer: This is a work of fiction. Names, characters, places, and incidents either are products of the author’s imagination or are used fictitiously.
I’m not a native English speaker, so feel free to point out grammatical and/or syntactical errors. Every respectful comment is deeply appreciated.
