Forgot your password?
typodupeerror
Iphone Security Cellphones Input Devices

Can the iPhone Popularize Fingerprint Readers? 356

Posted by timothy
from the when-will-new-jersey-require-smart-phone-technology? dept.
Nerval's Lobster writes "Apple's iPhone 5S features a fingerprint scanner embedded in the home button. Of course, fingerprint-scanning technology isn't new: Bloomberg Terminals feature a built-in fingerprint reader to authenticate users, for example, and various manufacturers have experimented with laptops and smartphones that require a thumb to login. But the technology has thus far failed to become ubiquitous in the consumer realm, and it remains to be seen whether the new iPhone — which is all but guaranteed to sell millions of units — can popularize something that consumers don't seem to want. Security experts seem to be adopting a wait-and-see attitude with regard to Apple's newest trick. 'I'd caution right away, let's see how it tests and what people come up with to break it,' Brent Kennedy, an analyst with the U.S. Computer Emergency and Readiness Team, told Forbes. 'I wouldn't rely on it solely, just as I wouldn't with any new technology right off the bat.' And over at Wired, technologist Bruce Schneier is suggesting that biometric authentication could be hacked like anything else. 'I'm sure that someone with a good enough copy of your fingerprint and some rudimentary materials engineering capability — or maybe just a good enough printer — can authenticate his way into your iPhone,' he wrote. 'But, honestly, if some bad guy has your iPhone and your fingerprint, you've probably got bigger problems to worry about.'"
This discussion has been archived. No new comments can be posted.

Can the iPhone Popularize Fingerprint Readers?

Comments Filter:
  • by alen (225700) on Thursday September 12, 2013 @09:55AM (#44830237)

    very easy to remote wipe iphones

    but if you have some super secret corporate info on your iphone you should be relying on a lot more than a consumer level fingerprint scanner for security

    • by Joce640k (829181) on Thursday September 12, 2013 @10:42AM (#44830879) Homepage

      if you have some super secret corporate info on your iphone you should be relying on a lot more than a consumer level fingerprint scanner for security

      Especially when it's on a glass device that's covered with your fingerprints....

      • by thoromyr (673646)

        Different kind of fingerprint. It doesn't help that the same word refers to closely related things.

        1. fingerprint: an impression left by a finger providing a (typically smudged) two-dimensional image of the pattern of ridges on the skin of a finger.

        2. fingerprint: the pattern of ridges on the skin of a finger.

        To further complicate things there are different kinds of fingerprint "readers"

        1. fingerprint reader: device to create an optical image (or hash from such) of a finger. Some are enhanced to require war

    • by prelelat (201821)

      If it has network connectivity sure. If your phone is stolen and removed from any networks you could potentially break into the phone and have an unlimited amount of time to access the data. The best security feature Apple had on the ipad was delays between incorrect login attempts leading to eventual wiping of the data. I wonder if an incorrect finger scan will result in the same delay and wipe or if it's disabled in case of accidental miss entries.

      I'm curious to see if someone can easily circumvent the

  • by phantomfive (622387) on Thursday September 12, 2013 @09:55AM (#44830239) Journal
    If someone has your iPhone, they have your fingerprint.
    • Re: (Score:2, Funny)

      by noh8rz10 (2716597)

      that's extraordinarily true, considering how smudgy and oily my phone gets (i have a glandular thing)

    • by macsimcon (682390) on Thursday September 12, 2013 @10:04AM (#44830391)

      The iPhone 5s doesn't store the fingerprint itself, it just stores specific data points. Apple states that the fingerprint data is stored a secure portion of the A7, and it never uploaded to iCloud, or stored on Apple's servers, and never leaves the iPhone itself.

      Also, I'd be very surprised if the stored data isn't hashed.

      • by Anonymous Coward on Thursday September 12, 2013 @10:12AM (#44830509)

        The iPhone 5s doesn't store the fingerprint itself, it just stores specific data points. Apple states that the fingerprint data is stored a secure portion of the A7, and it never uploaded to iCloud, or stored on Apple's servers, and never leaves the iPhone itself.

        Also, I'd be very surprised if the stored data isn't hashed.

        It does tend to store the fingerprints of everyone who's touched it recently on the surface of the device.

      • Why saphire (Score:4, Interesting)

        by goombah99 (560566) on Thursday September 12, 2013 @11:00AM (#44831111)

        Apple used a saphire cover for the lens cover. Why? One possibility was they needed a material that is transparent in the IR to do the sub dermal imaging. But there's other choices. Another possibility is that it's just cool. But what I'm thinking is that perhaps this cannot tolerate too much scratching so they had to use something super hard. I suppose there's also the requirement for mechanical stresses. I don't know. But if it's scratching I wonder if this will be robust.

        In any case getting back to the post I'm replying to. there's no reason to store the finger print, just a hash of it, as is done for passwords. You would not want to hash the image of it either. You would want to distill it down to a set of rotationally and translationally invariant feature vectors. Of course that's still an ID of you from your fingerprint, but given the features they could not recreate your fingerprint itself.

        Personally I'm very excited about this because I'm very concerned about my phone being the worlds worst 2 -factor identification. Since passwords resets from nearly all websites are sent to the address that you get all your other correspondence from them you have to use the same e-mail address for both. Your phone knows this address since you have to be able to get your e-mail. And if you also use your phone for a 2nd factor, then that doesn't really help. Anyone with your phone can just request a password reset and then they have your password and the 2nd factor. By by pay pal and google pay and your bank accounts.

        So if the phone is to be that important having a biometric filter running transparently, regardless of whether it is 100%, is really welcome.

    • by Minwee (522556)
      Only if you hold your phone with only the tips of your fingers.
  • I want to be the first to show how you can use the same old fingerprint reader defeating techniques on an iPhone. Internet fame, security researcher fortune, all will be mine! MUAHAHAHAHA!

  • by jonbryce (703250) on Thursday September 12, 2013 @09:58AM (#44830287) Homepage

    "But, honestly, if some bad guy has your iPhone and your fingerprint, you've probably got bigger problems to worry about."

    Surely if they have your iPhone, they already have lots of copies of you fingerprints smeared all over it?

    • by the computer guy nex (916959) on Thursday September 12, 2013 @10:11AM (#44830501)

      "But, honestly, if some bad guy has your iPhone and your fingerprint, you've probably got bigger problems to worry about."

      Surely if they have your iPhone, they already have lots of copies of you fingerprints smeared all over it?

      This technology doesn't use a fingerprint, it actually reads living tissue under the skin. The technology seems very similar because of how you use it (put your thumb here), however it is drastically different.

      So no, your fingerprints on the screen won't work. They don't match the living tissue this reads.

  • Wasn't fingerprint readers a big fad with laptops a few years ago? Then there was the facial recognition fad?
    • by ModernGeek (601932) on Thursday September 12, 2013 @10:03AM (#44830383) Homepage
      I know it isn't always cool to support Apple, but I have to say that there are a lot of things that were just fads before they came in and did it right. Even if they didn't get it right, they normally did something to do it better, or to make it popular.

      Look at how many mp3 players there were before the iPod...
      • Re: (Score:3, Interesting)

        by David_Hart (1184661)

        I know it isn't always cool to support Apple, but I have to say that there are a lot of things that were just fads before they came in and did it right. Even if they didn't get it right, they normally did something to do it better, or to make it popular.

        Look at how many mp3 players there were before the iPod...

        Lots... Creative and Rio had lineups of MP3 players in the late 90's that were being sold in stores. The iPod wasn't released until 2001. A better question is when did MP3 players go mainstream? Then we get into the chicken and the egg discussion. Did Apple ride the MP3 wave that was already building or was it the "cool" factor of iPods that made MP3 players mainstream? Personally, I think that MP3 players would have gone mainstream without Apple, but Apple did have impeccable timing.

    • by alen (225700)

      yes, lots of these things are released, don't work right or the way people expect them to and then go away for a few years until some company puts in the work to make it work

    • by jittles (1613415)
      Yep. And those fingerprint scanners never worked for me. I could sit there and try and set it up, swiping my finger over and over for 20 minutes and it would never read properly.
  • It seems this would be a simple job for a 3D printer -- 1) get the person's fingerprint; 2) print it out as a 3D object; 3) ??? 4) profit!!

    • It seems this would be a simple job for a 3D printer -- 1) get the person's fingerprint; 2) print it out as a 3D object; 3) ??? 4) profit!!

      Except that wouldn't work because 1) 3D printers don't have sufficient resolution; 2) Most modern fingerprint scanners look for a pulse.

  • Not so fast... (Score:5, Informative)

    by macsimcon (682390) on Thursday September 12, 2013 @10:01AM (#44830341)

    The fingerprint reader in the iPhone 5s uses a capacitive sensor, not an optical one, so Schneier's proposed hack wouldn't work.

    Also, Apple requires you to create a PIN code when you enable the fingerprint sensor. If it's been 48 hours since you used the fingerprint sensor to authenticate, you have to use the PIN instead. Likewise, if you've just restarted the iPhone, you have to use the PIN for your first authentication, you can't use the fingerprint sensor.

    • Re:Not so fast... (Score:5, Insightful)

      by tlhIngan (30335) <.slashdot. .at. .worf.net.> on Thursday September 12, 2013 @11:33AM (#44831491)

      Also, Apple requires you to create a PIN code when you enable the fingerprint sensor. If it's been 48 hours since you used the fingerprint sensor to authenticate, you have to use the PIN instead. Likewise, if you've just restarted the iPhone, you have to use the PIN for your first authentication, you can't use the fingerprint sensor.

      And that's really the point of the fingerprint sensor. Because if you look at statistics, most users do not use a PIN or other locking mechanism on their phone. They use the default keylock. That's it. No PIN, no swipe, no face recognition, no password (both iOS and Android support "complex" authentication that goes beyond a PIN). And it's understandable because a user interacts with their phone hundreds of times a day and it gets old quick.

      So basically to amp up security, the 5S lets you replace the PIN with a fingerprint, because it's better if most users enable a PIN than half of them (or less!) do. Hell, I might want to use a complex password if it means I don't have to enter it every 5 minutes because I look something up, then re-lock the phone only to need it a few minutes later to look up something else (or answer a phone call, or text, or whatever).

      And yes, until it broke, I loved the fingerprint sensor on my laptop.

  • It's not like any group has huge databases with large portions of the population's fingerprints anyway. Who would even want access to all the personal information kept on your phone?

    Now, everyone calm down and go back to reading peaceful stories about how the NSA has hacked all internet cryptography.
  • by Quila (201335) on Thursday September 12, 2013 @10:05AM (#44830405)

    We'll have to wait to find out exactly what they're referring to, but if implemented well this should be resistant to fingerprint lifting. Only the outer layers of your finger's skin touch objects. You'd have to have somebody else touch a sensor like this one and then try to recreate the capacitive map.

    • We'll have to wait to find out exactly what they're referring to, but if implemented well this should be resistant to fingerprint lifting. Only the outer layers of your finger's skin touch objects. You'd have to have somebody else touch a sensor like this one and then try to recreate the capacitive map.

      You are correct, this is immune to fingerprint lifting. "Sub-epidermal skin layers" means it reads living tissue under the skin.

    • It won't make a difference. It's reading your fingerprints, and your fingerprints aren't that clear to start with so it can't be too picky about correspondence. You're talking about microscopic differences on the matter but your fingerprints are huge structures relatively speaking and also the only reliably unique structure to look at there.

      I mean I guess it defeats casual snooping, but so does my Android phone's pattern lock.

    • We'll have to wait to find out exactly what they're referring to, but if implemented well this should be resistant to current methods of fingerprint lifting.

      FTFY; just give it time.

  • This was going to be the next big thing back when it came out on the Thinkpad. Never really took root.
    • by Guspaz (556486)

      The fingerprint readers in laptops work rather differently... and poorly. They're optical readers, and they work more like scanners in that they just capture a strip, and you have to swipe your finger over it. Having experienced fingerprint readers on a few different laptops, they don't work well (they're finicky and rarely want to read your fingers unless you swipe them just right).

      Apple's approach is for a 2D sensor that doesn't use swiping. From the videos they've posted, it also seems to be much more wi

  • This technology reads the living tissue under the skin. You can't just take an outer-skin fingerprint from the screen and authenticate with it. You also can't "chop off someone's hand", as this reads living tissue under the skin.
    • by skids (119237)

      By "reading livinng tissue under the skin" this means what exactly, reading the capacitance of a substance to see where the ridges are? In that case, the hack proposed works if you choose the right material to create a relief with.

  • Wrong Question (Score:4, Insightful)

    by lazarus (2879) on Thursday September 12, 2013 @10:14AM (#44830543) Journal

    "But the technology has thus far failed to become ubiquitous in the consumer realm, and it remains to be seen whether the new iPhone — which is all but guaranteed to sell millions of units — can popularize something that consumers don't seem to want."

    This is not how Apple thinks of design. Instead of asking people "Do you want a fingerprint scanner?" the question they ask themselves is "How do we make security easier if not completely transparent to the end user?" If you asked people if they wanted to be secure without having to do anything at all, your answer would be different. The fingerprint scanner just happens to be the right solution to the problem (in Apple's opinion).

  • by Russ1642 (1087959) on Thursday September 12, 2013 @10:15AM (#44830561)

    Best Animaniacs adult humour: www.youtube.com/watch?v=1xmAC9Qu908

  • Now people can access you iPhone when you are unconscious or dead.
    • Now people can access you iPhone when you are unconscious or dead.

      Unconscious? Yes. Dead? No. This reads living tissue under the skin. Can we stop with the "chopping off your hand" junk now?

      • So, when a person becomes deceased (or an appendage is removed), every single cell in their body dies instantaneously?

  • No authentication system is perfect. On non-iThingies you have three choices: swipe to unlock, 4 digit PIN, or full encryption with a long password. Most people use option 1 or 2. Option 1 provides no security whatsoever. Option 2 provides a little security but it's very easy to crack a 4 digit password. Option 3 is much better but inconvenient. I tried it for a while and got tired of entering a long password every time I wanted to use the phone. So I got rid of it.

    Basically any OS is hackable, given enough

  • The problem with my laptop fingerprint scanner is I have to swipe like 16 times before it recognizes anything, so its just faster and easier to typing in my password.

    However for phones and tablets, the Achilles heal of all touch devices is the on screen keyboard, so if your password involves characters, numbers and symbols is it freaking annoying. A fingerprint scanner would be welcome.

    But, if Apple's fingerprint scanner is not 100% flawless and quick every time, then it will fail just like every other fin

  • by JoeyRox (2711699) on Thursday September 12, 2013 @11:02AM (#44831137)
    That would give a rough indication as to how many might use the fingerprint reader. My guess is not very many - I use one because the company I work for requires it to secure access to their Exchange server. But consumers? I understand they're going to tie the fingerprint to the iTunes store login as well. Not sure if people use the store frequently enough to make that integration useful.
  • Families? (Score:4, Interesting)

    by CohibaVancouver (864662) on Thursday September 12, 2013 @11:16AM (#44831299)
    I know Slashdot is mostly single guys, but I'd be curious to know if this feature supports multiple fingerprints for family situations. I unlock my phone, my wife will unlock it to look something up, my kids will unlock it to play a game or watch a video - How will this work in these scenarios? I'd also expect customization - I'm fine with my kid using a fingerprint to unlock the phone, but I don't want them to be able to make iTunes purchases at all. I own that right.
  • by MaWeiTao (908546) on Thursday September 12, 2013 @11:43AM (#44831605)

    The iPhone will popularize fingerprint readers because companies are run by idiots incapable of thinking for themselves. No one brought this up when Motorola and LG both brought the functionality to their phones, or when a multitude of other companies started sticking it on their laptops. The difference here is that Apple didn't allow engineers and accountants to compromise aesthetics by plopping down whatever suppliers had available wherever it fit on the device. That's an important detail and a key to Apple's continued success, but it doesn't make the technology better than prior implementations.

    Interestingly, I've already seen a number of usability flaws with Apple's implementation in demo videos. First, there's a momentary delay which I assume is by design so that the scanner isn't responding to every minor touch. People don't like waiting, they'd rather be engaged doing something than waiting even when the delay is short. Second, most people seem to mistakenly keep the home button press resulting in the phone loading Siri or whatever the instant the phone unlocks. I suppose they could patch the OS to not react to the initial press, but now we're just adding complication. Undoubtedly there's an exploitable fail safe in place because there must be a way to unlock or reset this in the event that something happens to the phone, the sensor or the owner.

    What I'm really curious to know is what Apple is going to take credit for next year. Last year Apple somehow got a patent for facial recognition unlock, something that's been present on Android for several years.

Sigmund Freud is alleged to have said that in the last analysis the entire field of psychology may reduce to biological electrochemistry.

Working...