Forgot your password?
typodupeerror
Privacy Security Apple

German Data Protection Expert Warns Against Using iPhone5S Fingerprint Function 303

Posted by samzenpus
from the keep-your-fingers-to-yourself dept.
dryriver writes "Translated from Der Spiegel: Hamburg Data-Protection Specialist Johannes Caspar warns against using iPhone 5S's new Fingerprint ID function. 'The biometric features of your body, like your fingerprints, cannot be erased or deleted. They stay with you until the end of your life and stay constant — they cannot be changed. One should thus avoid using biometric ID technologies for non-vital or casual everyday uses like turning on a smartphone. This is especially true if a biometric ID, like your fingerprint, is stored in a data file on the electronic device you are using.' Caspar finds Apple's argument that 'your fingerprint is only stored on the iPhone, never transmitted over the network' weak and misleading. 'The average iPhone user is not capable of checking, on a technical level, what happens to his or her fingerprint once it is on the iPhone. He or she cannot tell with any certainty or ease what kind of private data applications downloaded onto the iPhone can or cannot access. The recent disclosure of spying programs like Prism makes it riskier than ever before to share important personal data with electronic devices.' Caspar adds: 'As a matter of principle, one should never hand over any biometric data when it isn't strictly needed. Handing over a non-changeable biometric feature like a fingerprint for no better reason than that it provides 'some convenience' in everyday use, is ill advised and foolish. One must always be extremely cautious where and for what reasons one hands over biometric features.'"
This discussion has been archived. No new comments can be posted.

German Data Protection Expert Warns Against Using iPhone5S Fingerprint Function

Comments Filter:
  • by rolfwind (528248) on Sunday September 15, 2013 @09:28AM (#44855509)

    That your fingerprints are all over your phones.

    I believe mythbusters showed how trivial it was to bypass fingerprint protections by making your own "finger" from said prints? (This time on an electronic door lock).

    • by Hentes (2461350) on Sunday September 15, 2013 @09:44AM (#44855575)

      But because of that the privacy concerns raised are pointless. Casual use is exactly where biometrics are useful, they are very convenient but don't provide any real security.

      • by Nemyst (1383049) on Sunday September 15, 2013 @10:23AM (#44855781) Homepage
        Apple's fingerprint reader doesn't read the fingerprint, it reads the tissue under the skin. This makes it much harder to fake and very constant over time. They're much more secure than "traditional" fingerprinting.
        • Re: (Score:2, Insightful)

          by Bing Tsher E (943915)

          'Under the skin' is the magic dust the Apple marketing people came up with this time.

          It's the Altivec Unit of 2013.

        • by Hentes (2461350)

          I admit that it will make the job of the common thief hard, that's why I said that it's a good idea. Just don't trust unencrypted sensitive data on your phone.

          • by Yaztromo (655250)

            I admit that it will make the job of the common thief hard, that's why I said that it's a good idea. Just don't trust unencrypted sensitive data on your phone.

            All data on every iPhone since the 3GS has been fully encrypted, so long as you have a passcode/passphrase setup.

            In the iPhone 5s presentation, it was mentioned that one of the main drivers for the fingerprint scanning technology is because in their research, a large percentage of users never bother to setup a passcode/passphrase, making all of the hardware encryption in the iPhone completely useless.

            Yaz

            • by mjwx (966435)

              In the iPhone 5s presentation, it was mentioned that one of the main drivers for the fingerprint scanning technology is because in their research, a large percentage of users never bother to setup a passcode/passphrase, making all of the hardware encryption in the iPhone completely useless.

              And nothing of value was gained.

              I'll put good money on the fact that people didn't set up passcodes/phrasess on their devices because they thought "I've got nothing worth stealing" or "I dont really care" or the perennial favourite "It'll never happen to me". Adding a new method of authentication wont make these attitudes automagically change.

        • by interval1066 (668936) on Sunday September 15, 2013 @12:31PM (#44856535) Homepage Journal

          ...it reads the tissue under the skin.

          And you know this how? What does that mean exactly? How does it do that non-intrusively? Fingerprints are by definitions "on the skin", not under it, aren't they?

          • by ceoyoyo (59147) on Sunday September 15, 2013 @01:25PM (#44856905)

            No, actually. What you think of as your "fingerprint" is a pattern in the layer of dead skin, the epidermis. That pattern is created by patterns in the dermis, the living cells underneath the epidermis. That's why if you wear away your fingerprints, unless you do serious damage to your finger pads, they'll grow back the same as they were.

            The sensor in the 5s uses a low frequency RF signal to read the fingerprint from the dermis, not the surface. That kind of sensor is much more reliable and easier to use than older ones, and can't be fooled by masks or dead fingers. Fujitsu has some notebooks in Asia that already have them, and Microsoft has demonstrated them as well.

            • Re: (Score:3, Informative)

              by Anonymous Coward

              Here's the relevant patent. [uspto.gov] It's measuring your fingerprint by capacitance. It's only "subdermal" in that the epidermis doesn't register on a capacitance sensor, but the dermis does.

              The "subdermal patterns" are the same patterns as your ordinary fingerprint. I'm pretty sure that part is just thrown in to make the whole thing sound magical or futuristic.

              I don't know what your "low frequency RF" stuff has to do with anything, though. More magic, I suppose.

        • by allo (1728082)

          yeah. So what? Other security features may copy this method. And then your "tissue under the skin" will be stored on a phone, maybe stolen by apps, and used on other security systems, maybe to identify as you on a ATM.

      • by greenbird (859670) on Sunday September 15, 2013 @01:21PM (#44856879)

        But because of that the privacy concerns raised are pointless. Casual use is exactly where biometrics are useful, they are very convenient but don't provide any real security.

        Yeah, because having your fingerprint physically on something is exactly the same as having it digitally stored where it can be transmitted in seconds to any anywhere in the world. It's just as easy follow someone around until you can physically steal their phone and pull the fingerprints off as it is to plant some malware on it and have it transmit the info.

        • by Anubis IV (1279820) on Sunday September 15, 2013 @04:35PM (#44857923)

          Except that they've already confirmed that they're not storing your actual fingerprint. They're storing hashes of the fingerprints that they use to verify your fingerprint when you attempt to login, just the same as how a well-designed, traditional login system stores password hashes instead of the passwords themselves.

          So, for all intents and purposes, a malicious individual actually would have an easier time getting your fingerprint by lifting it from the smooth, glass surface on the front of the device than by hacking your phone and extracting it, given that it doesn't actually exist in the phone.

          • Except that they've already confirmed that they're not storing your actual fingerprint.

            Bullshit. Haven't confirmed shit. Talk is cheap, show me the code.

      • by Trax3001BBS (2368736) on Sunday September 15, 2013 @03:53PM (#44857685) Homepage Journal

        But because of that the privacy concerns raised are pointless. Casual use is exactly where biometrics are useful, they are very convenient but don't provide any real security.

        In the USA the privacy concerns are very real.

        * The Patriot Act allows for the ue of backdoors for counter-terrorist investigations.

        * Vendors are legally and commercially prevented from acknowledging their backdoors.
        Defense will not be able to prove their existence.

        * Users of Mobile devices and cloud stroage sign off on their rights to data scanning. There is no opt-out option.

        a few lines from http://www.techarp.com/article/LEA/Encryption_Backdoor/Computer_Forensics_for_Prosecutors_(2013)_Part_1.pdf [techarp.com]

        Showing that in the USA, Apple can't make the claim that biometric data is never transmitted over the network'

    • That your fingerprints are all over your phones.

      I believe mythbusters showed how trivial it was to bypass fingerprint protections by making your own "finger" from said prints? (This time on an electronic door lock).

      Except that various people have already been investigating the fingerprint reading technology Apple is using, and they seem to think that it's really not that easy [arstechnica.com], because they're using a more robust technique than the classic scan-the-surface-optically method.

      Dan Aris

    • subdermal imaging (Score:5, Insightful)

      by goombah99 (560566) on Sunday September 15, 2013 @10:58AM (#44855969)

      I don't have special knowledge about how the Apple print scanner works but what I've read makes me believe it uses infrared sub dermal imaging. That is it seems below the surface. If so it's seeing more than just your finger surface print. That should make it harder to forge from lifted surface prints. It also will mean that it will work for people who have worn their finger prints off (apparently some types of labor do this--they grow back)

      Moreover I would say this so called "expert" has it backwards. If you fingerprints really are a one-shot biometric that can't be unspoiled then we want to use them for casual things not critical things.

      This finger print scanner is not eliminating passwords, it's just a second factor. I'ts a great idea used well.

    • by runenfool (503)

      If you Google you may have found this as the top result as I did:

      http://www.redmondpie.com/iphone-5s-touch-id-requires-a-live-finger-to-unlock-wont-work-with-one-thats-severed-from-body/ [redmondpie.com]

      The attack you describe doesn't work - you can't use a severed finger either. It's not so trivial to bypass.

    • by wvmarle (1070040)

      And even if so. Your fingerprints may be all over the phone - incomplete, streaked out, overlapping: most likely totally useless to harvest. It will work great against the casual theif, or the one who find the phone you just lost. They won't be able to get in that way, so it's working pretty well.

      The key of the issue is that more and more governments are demanding biometrics to be included in one's passport, including fingerprints (I'm using my thumb print to clear immigration - very convenient now they fin

      • Now a casual device like the iPhone wants your fingerprint. That means that if I were to use my thumb for that and lose my phone, the person who finds it could theoretically extract my thumb print data (even if Apple says you can't: they got the actual device so I will assume it is possible, even if hard), and use that to clear immigration.

        There's theory and there's practice. In theory, if a hacker managed to access /.'s database, they can obtain your password. But, assuming /. follows the latest security best practices, your actual password isn't stored at all... it'll be a value obtained by bcrypt-ing your password (salt + hashing used to be okay, but the advent of powerful GPUs seems to be this method's Achilles' heel). In practice this makes it very difficult to discover your original password.

        The analogy doesn't quite hold because finger

    • I believe mythbusters showed how trivial it was to bypass fingerprint protections by making your own "finger" from said prints?

      It is not an image scanner, it is an RF scanner.

      With the new sensors you don't have to move your finger, just press it against the reader. And like the sensor in the iPhone 5S, the sensors that will be in laptops and keyboards and other phones can detect the ridge and valley pattern of your fingerprint not from the layer of dead skin on the outside of your finger (which a fake finger can easily replicate), but from the living layer of skin under the surface of your finger, using an RF signal. That only works on a live finger; not one that's been severed from your body.

      This will protect you from thieves trying to chop off your finger when they mug you for your phone (assuming they're tech-literate thieves, of course), as well as from people with fake fingers using the fingerprint they lifted from your phone screen.

      Why the iPhone's fingerprint sensor is better than the ones on older laptops [citeworld.com]

      • If thieves have access to your finger, they don't even need to chop it off, they just have to press it against your iPhone to unlock it and then register their own fingerprint. So no, it will not protect you from thieves, it will just let you keep your fingers.
        • by MrKaos (858439)

          If thieves have access to your finger, they don't even need to chop it off, they just have to press it against your iPhone to unlock it and then register their own fingerprint. So no, it will not protect you from thieves, it will just let you keep your fingers.

          I'm sure anyone who is prepared to steal a phone is educated enough to know this.

    • by slick7 (1703596)

      That your fingerprints are all over your phones.

      I believe mythbusters showed how trivial it was to bypass fingerprint protections by making your own "finger" from said prints? (This time on an electronic door lock).

      You can pry my fingerprints from my cold dead hands you filthy apes.

    • by dmesg0 (1342071)

      For the last 12 years US Custom and Border services take the fingerprints of any non-american entering the USA, and share them with NSA. Now it's time to get the fingerprints of all the Americans as well.

  • by ImdatS (958642) on Sunday September 15, 2013 @09:32AM (#44855527) Homepage

    Basically, he is the guy legally overseeing German Privacy Laws in the State of Hamburg. He is not a privacy expert. The only two guys in Germany I would listen to (maybe three guys) is the Privacy Commissioner of the State of Schleswig-Holstein, the Federal Privacy Commissioner and someone from Chaos Computer Club.

    That being said, the question rather should be how the fingerprint scanner is implemented. If it generates a hash that is stored on the device and never stores the finger-print itself outside of RAM, I wouldn't have a problem with that.

    The devil usually is in the detail - and in this case in the details of implementation. I would assume that Apple generates a hash code, stores it on the device and compares only hashes and never has a finger-print picture stored on the device (which would be better in any case). One might even consider storing up to 3, 5 or 10 hashes in order to have some heuristics.

    Also, one wouldn't generate a has of the picture but rather the relationship of certain finger-print lines in order to not rely on a picture that might be different every time. But the line-relation is not so much different. I'm not an expert in biometrics, but I believe this is the same approach for face-recognition (certain specific face-points and their relationship to each other is analyzed, a hash generated and stored and next time compared against a new hash).

    Being myself a German, I sometimes worry about German "alarmism". As Sigmund Freud said: "some times, a cigar is only really a cigar..."

    • by ImdatS (958642)

      Oh, one more thing: if I was Apple, I would also salt the hash with a device-specific (device-unique) random code in order to make sure that the Government cannot send me a list of hashes asking: "We want data from users with these hashes..." - and the device salt could be generated anew every time the device is restored...

      • by ImdatS (958642) on Sunday September 15, 2013 @09:39AM (#44855561) Homepage

        This is going nuts (replying to own reply to own message):
        If I was Apple, I would generate a completely new hash every time I recognize the finger print with a completely new salt. This way, the system could get better over time as well as protect the users privacy because the hash and the salt keeps changing every time...

        • by allo (1728082)

          yeah. because having multiple hashs of the same data (and multiple stolen) increases security.

    • by Nerdfest (867930)

      There are people working on 'revocable' biometrics for exactly the reason he's citing here. IBM and a few other have been working on it for some of their fingerprint, face, and iris devices. You can probably dig up some details with a few searches. It is a valid concern, although if the hashes truly do not leave the device, I'm not sure it's a concern here.

    • by jonbryce (703250)

      Hash values work for passwords where you enter exactly the same password every time. However, you don't enter exactly the same fingerprint every time you scan it, so the device has to decide whether it is close enough to the one you entered previously. For that, I think you would need the un-hashed fingerprint.

  • by Rosyna (80334) on Sunday September 15, 2013 @09:33AM (#44855529) Homepage

    Aside from the fact the government and many institutions (like Banking in the US) already have your fingerprint...

    Is there any evidence at all that the fingerprint data store in the A7 is even usable outside of iOS? There's no reason at all to store a raw image of the fingerprint. How would you recreate the fingerprint to make it usable to someone?

    • by lxs (131946) on Sunday September 15, 2013 @10:16AM (#44855731)

      There is no evidence either way. Better err on the side of caution. There wasn't any evidence of iPhones logging GPS data either, until somebody found it. [idownloadblog.com]

      • by larkost (79011)

        Except thre was no GPS logging ever. What they actually found was iOS caching observed WiFi and Cell tower locations that had been near where you were in order to more quickly locate you when an applicaiton you ran requested that information. Your actual location was never recorded, but since much of the data was timestamped with when it was last verified some rough guesses on where you had been on what days was possible from the information.

        So there never was "GPS logging" and the best accuracy you could h

  • No one is going to trust these companies until they make it clear that they're standing up to the NSA and various governments around the world that want our data.

    Till then... no trust. And this stuff really just puts a spike in the eye for the whole cloud notion.

    If the centralized systems are not to be trusted then we'll just use centralized systems. Which means the walled garden is unacceptable.

  • just FUD IMHO (Score:5, Interesting)

    by kencurry (471519) on Sunday September 15, 2013 @09:37AM (#44855551)
    Some recent uses of my fingerprints in which I had no real say:

    1. Passport check at CDG airport
    2. Applying for a Speedpass for CA toll roads
    3. Getting some papers notarized

    So, there are many current uses of fingerprinting in routine life that one has to comply with, and who can say how secure any of it is? But, trust Apple? This is a worthy debate and I trust my fellows slashdotters will post good comments on both sides. Me? I want better security on my phone, as I use it for purchases and banking. I think biometrics is a move in the right direction, what do you think?
    • Certainly not FUD. A valid concern even if you personally don't think it is an issue. I personally am not worried about it != FUD.

      If you want better security on your phone your best bet is stop using a 4 digit numerical passcode or incredibly simply swipe gestures and choose a properly strong/long password. My knowledge of biometrics is limited to enterprise system we had years ago which was horribly unreliable (often wouldn't allow the proper person access and would allow unauthorized people access on w

    • Speedpass? Wow that seems invasive. Not sure how I feel about iPhone fingerprinting, but for a Speedpass that seems excessive.

    • Some recent uses of my fingerprints in which I had no real say:

      1. Passport check at CDG airport
      2. Applying for a Speedpass for CA toll roads
      3. Getting some papers notarized

      You have quite a lot of say over all those things.
      1) There is nothing forcing you to travel to Paris or if there is something actually that important forcing you to travel there, it is probably more important than your fingerprints. (like something relating to your family's well being etc)
      2) You don't have to have a Speedpass and I certainly wouldn't give anyone my fingerprints to save a few bucks on toll roads.
      3) I happen to be a Notary Public and there is no requirement whatsoever that you give a fingerpr

    • Some recent uses of my fingerprints in which I had no real say: 1. Passport check at CDG airport 2. Applying for a Speedpass for CA toll roads 3. Getting some papers notarized

      What the hell? I have a passport, and didn't submit any fingerprints to get it. I didn't submit my fingerprints to get an identification document such a driver's license and california would expect me to submit them to get through toll roads?? Why the hell did you need fingerprints to get a document notorized? Usually you show up at a bank, hand them an ID, and sign the paper in front of the notary.

      So, there are many current uses of fingerprinting in routine life that one has to comply with,

      No, there are not! The only people I've ever personally met in the US who were fingerprinted were either

      • What the hell? I have a passport, and didn't submit any fingerprints to get it.

        I think the point here is that you have to submit fingerprints sometimes when entering a foreign country/continent.

        Whenever I visit the US, I have to give my fingerprints and have my photo taken at the port of entry, meanwhile as a European, I can travel throughout the EU without even showing my passport. I suspect the parent was a US citizen visiting France as similar entry requirements would apply for non-Europeans at their port of entry.

        • I think the point here is that you have to submit fingerprints sometimes when entering a foreign country/continent.

          Fair enough point. I completely forgot this is the case, as I have dual citizenship and generally enter the US and EU countries without submitting fingerprints. That said, when did France start copying the US nonsense? I entered France using my US passport instead of my Italian one back in 2007, and wasn't fingerprinted.

    • by wvmarle (1070040)

      Steal one's fingerprints, steal their identity. That's the issue.

      Everything about a person can be changed - names, IDs such as social security numbers, etc. Lots of bureaucracy to deal with maybe, but it can be changed. Your fingerprints, not so much. They're yours until after you die.

  • Paranoia (Score:5, Insightful)

    by countach (534280) on Sunday September 15, 2013 @09:42AM (#44855569)

    While there are good reasons for paranoia when it comes to the NSA, I think this paranoia is over the top. Firstly, if Apple is lying, and the fingerprint information is not stuck inside the chip like they say, hackers WILL discover it. Then Apple will have bad publicity from here to eternity. So I don't think Apple would lie. Secondly the government has lots of better and easier ways to harvest fingerprints if they really want to. Thirdly, I don't think fingerprints will really do the government much good, except in crime investigations. If you're worried about that, then you've probably got bigger problems.

  • by Chemisor (97276) on Sunday September 15, 2013 @09:46AM (#44855585)

    Android used to store your wi-fi password locally and never transmit it anywhere. Then came Gingerbread, and all your local data got helpfully "backed up" to google servers. Setting turned on by default, probably before you had a chance to learn it's there. They say they delete your stuff when you turn off the setting, but, naturally, there is no way to really know. Suddenly, google has all your wi-fi passwords, whether you like it or not. It would be naive to assume Apple would behave differently.

    • If you're that paranoid, don't use a cell phone. Madre de Dios folks, cell phones ARE NOT SECURE. They never will be.

      • by KiloByte (825081)

        Correction: don't use a cell phone with a proprietary OS. This means iOS and Google's and carriers' builds of Android, but don't necessarily the rest.

        • by mean pun (717227)

          Correction: don't use a cell phone with a proprietary OS. This means iOS and Google's and carriers' builds of Android, but don't necessarily the rest.

          No, it means: don't use a cell phone, period. The phone radio software will be proprietary in the foreseeable future, there are plenty of opportunities to place backdoors on a cell phone no matter what OS is running on it, cell phones can be tracked no matter what OS is running on it, and even a fully open OS is so large and specialised you cannot possibly check it unless you have nothing else to do in life.

        • by ceoyoyo (59147)

          I'm not aware of a cell phone that has a completely open OS, including the baseband.

  • by rabtech (223758) on Sunday September 15, 2013 @09:47AM (#44855591) Homepage

    If you check the design, the fingerprint image itself is never stored anywhere. The fingerprint profile is only stored on silicon in the A7 chip. There is no API to access that data, only flags to tell you that it exists (so the OS can discover there are four stored prints and their names, but nothing about the actual fingerprints themselves).

    Apple touts the fact that the fingerprint is never sent over the network as a feature but in reality it can't send it over the network even if it wants to, nor can any application access it.

    If you think Apple is lying... well... There must be some level of trust somewhere or we may as well give up. I tend to draw the line at the CPU because if that is compromised or includes back doors, we are all screwed anyway.

    • by CaymanIslandCarpedie (868408) on Sunday September 15, 2013 @10:09AM (#44855705) Journal

      Apple touts the fact that the fingerprint is never sent over the network as a feature but in reality it can't send it over the network even if it wants to

      So the data exists on the phone. The phone is connected to a network. But it is physically impossible for that data to be sent over the network? Not sure how that would work.

      • To be clear, I don't think Apple sharing my fingerprint is the biggest problem here. I'd never use it simply because my finger print is already known or easily knowable by so many people/entities. My properly strong passwords are not.

      • by Wraithlyn (133796) on Sunday September 15, 2013 @10:48AM (#44855907)

        In theory, yes.

        From what I understand, The secure region of the A7 chip that the fingerprint profile is stored on has a WRITE function, and an AUTHENTICATE function. There is no READ function.

        So yeah... because it is protected like this at the hardware level, you're not getting that information out again, period (short of physically breaking into the NVRAM with some sort of forensics tech).

    • by jsepeta (412566)

      Technically, Apple never stores your fingerprint. When you train the device, it recognizes signature parts of your fingerprint, such as the location of whorls etc, and then saves that not as a photograph of your finger, but as an abstract number that corresponds to where that whorl exists on your finger. So your fingerprint is never stored, just a series of numbers that represent aspects of your fingerprint. Big difference.

    • by wvmarle (1070040)

      I tend to draw the line at the CPU because if that is compromised or includes back doors, we are all screwed anyway.

      The CPU will have bugs, for sure. Pushed hard enough people will be able go get to do things with it they're not supposed to be able to do. Whether those bugs allow for your finger print data to be revealed, we don't know yet. But intentional backdoors certainly are not needed for that.

      And good luck changing your fingerprint after it's out in the open, and people start using it to impersonate you.

      • It would be far easier to obtain your fingerprints from systems that already have it stored as a much simpler data, i.e. any number of government databases.

        1) more people/connected systems have access to it, compared to a single component on a single device
        2) since lifted prints are only surface-level images, that's all they've bothered to store in those systems

  • Biometric data does not have to be secret.

    Your photograph on your driver's license is a biometric in effect. It works even if you don't keep your face a secret. It works because if someone holds a copy of your face up to a traffic officer, the traffic officer won't be fooled.

    Password security is all about secrecy because anyone can use a password. The only way for it to be secure is if nobody else knows it. Biometric security is about having an adequately intelligent verification system which reacts like th

    • Biometric data does not have to be secret.

      For some uses it does need to be secret or at least reasonably private. For others it does not. Part of what makes my fingerprint a reasonably secure means of identifying me is that very few people have access to it. It is NOT hard to copy fingerprint data and use it for purposes which the owner of that fingerprint does not approve.

      It works because if someone holds a copy of your face up to a traffic officer, the traffic officer won't be fooled.

      Unless the name used to match with that photo is not your name. People make fake IDs all the time. Furthermore it is quite possible for someone to use biometric data of yours

  • Who will be first (Score:4, Interesting)

    by lars_boegild_thomsen (632303) <lth.cow@dk> on Sunday September 15, 2013 @09:56AM (#44855645) Homepage Journal

    Back in 2005 some car thieves in Malaysia tried to steal a Merc S Class with some kind of biometric immobilizer. When they realized they couldn't get the darn thing running without a finger print, they merely chopped the owner's finger off with a machete (I swear it's true: BBC Article [bbc.co.uk]).

    I wonder who will be the first to lose an iPhone along with a finger.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Appropriate : http://xkcd.com/538/

      However : there is a vital difference : a Merc S class costs 100k and there is no reset button. An iPhone 700 bucks.
      Chopping of a finger for 700 bucks isn't worth it. Just restore it with iTunes. Much easier. :-)

      In other words : no. It won't happen. It's just FUD. Fear mongering.

    • by wvmarle (1070040)

      So rude! They could have politely asked the owner to start the vehicle for them - and change the registered fingerprint(s) in the process.

  • My own government/EU has it on file.
    and the USA government has it on file already too, since when I visited they took it.

    so uh, what the fuck, it's not very useful. it's not that useful even for tracking me. opening a phone with it is just for ease of use. in fact, I would argue that something like opening the phone with it is the only fucking thing it's good for as an authentication as it gets around the problem of inputting a pin in public 100 times a day...

    but you wouldn't want your banking for example j

  • Apple has found a way that an iPhone can tell whether somebody will intercept communications and will not send anything incriminating like a fingerprint

    And since the NSA will intercept any communications, the fingerprint will never be sent. Crisis averted.

  • More important to me are my legal protections from the authorities if they wish to use my fingerprint to unlock my phone. I don't have to give them my pin code to unlock my device (at least in most states in the U.S.) but my fingerprints are on almost anything I touch. Would it be legal for the police to hand me a glass of water, take prints from the glass, and then use those prints to unlock my phone without my consent?

  • The recent disclosure of spying programs like Prism makes it riskier than ever before to share important personal data with electronic devices.

    This may seem like nitpicking, but it is not the disclosure of spying programs that makes it risky, it is the existence of spying programs that makes it risky. Disclosure just highlights the risk that was already there. If anything, disclosure makes it less risky because people are less likely to pull such shit when users are more aware of the possibility (i.e. more likely to notice).

  • So apple say that they wont transmit the biometric id. That they can control. However, id bet that within months if not weeks someone will find a way to abuse and hijack this on jailbroken devices. The same protection doesn't apply to them...

    Also eventually im sure the normal iphone will be abused too. Look at the debacle over the ease of extracting the users location history from iphones...

    • by mysidia (191772)

      So apple say that they wont transmit the biometric id. That they can control.

      It doesn't matter so much if they do transmit the biometricc ID; it could be useful, to "authorize someone else to use your iphone" in advance --- or authorize someone to use a feature; such as the fingerprint-based ability to unlock your front door's biometric lock, by just picking an option on their ID in your contact list.

      A biometric ID doesn't capture your fingerprint; the bio ID is specific to a kind of fingerprint re

  • by mysidia (191772) on Sunday September 15, 2013 @10:29AM (#44855803)

    They capture metrics based on your fingerprints

    These are not cameras, that take an optical image; or collect data that can be used to reproduce your fingerprints.

    The readers provide only enough data to authenticate the ridge pattern, by taking some simplified metrics that represent your pattern with a relatively high fraction of uniqueness.

    See the citeworld article [citeworld.com] for more information about the iPhone's reader; apparently, this reader will be harder to trick than most laptop readers from Authentec have been in the past.

    If they were worthwhile; then this seems worthwhile.

    It's certainly a better idea to have fingerprint + 4-digit passphrase than a 4-digit passphrase.

    Long passphrases are inconvenient; more convenient security means the bar is raised: people's risk will go down.

    Also, since the reader requires live skin, it cannot be faked easily ---- it may reduce thefts of these devices by pickpockets and the like.

  • Fingerprint forgery is now a well established technology, with numerous articles such as http://www.stdot.com/pub/ffs_article_asten_akaseva.pdf [stdot.com] explaining the basic technology. That publication is 10 years old, and I've seen no evidence of any real improvement in the scanners themselves since then.

    Commonplace scanning with the inevitable consumer applications storing it locally, and badly, will unfortunately contribute to the forgery problem by making the replicable fingerprints even more available to thiev

  • >"Handing over a non-changeable biometric feature like a fingerprint for no better reason than that it provides 'some convenience' in everyday use, is ill advised and foolish. One must always be extremely cautious where and for what reasons one hands over biometric features.'"

    This is much more important for biometric features that are "left behind" or can be remotely monitored. Those include:

    * Fingerprints
    * DNA
    * Facial recognition
    * Voice recognition

    Other biometrics are far safer for the owner because th

  • by JoeyRox (2711699) on Sunday September 15, 2013 @10:58AM (#44855971)
    I predict a day in the not-to-distant future where lazy consumers will tire of having to touch their devices to unlock them and will demand a DNA sensor that lets you unlock phones by spitting at them. I wouldn't want to be sitting in the front row of that Apple media event.
  • one should stop driving cars because most people are unable to independently explain how the internal combustion engine works.

    me, i pour gas into the gas tank, and the thing just fucking works. it's a goddamned miracle i tell you!

  • Does that appear to you, that every time you enter *certain* countries they ask for your full fingerprint? Then as we know they swap this data with other governments for no good reason.

    You cannot use your fingerprint for anything.... it is almost like tattooing a QR code on your forehead and using that for authentication purposes...
    OK. maybe not that bad, but pretty close. Did I just watch to much mission impossible and think that they can take my fingerprint, then 3d print it to a condom and use it to unl

  • Is that you can't KNOW for sure what actually happens. Essentially, vendors that utize closed-source firmware/software (basically almost everyone), like Apple, are asking their users to "just trust us that we aren't doing anything really stupid or malicious". After all the Snowden revelations, I find it pretty hard to trust ANYBODY with ANYTHING. Reassureances are not good enough, I want actual tangible PROOF.

  • Taking the 10,000 foot view for a moment, Apple has, sadly, lost their leadership, and appears to be starting to make the same kind of mistakes that a leaderless Microsoft has been making for some time. The backlash has been very entertaining. I may make popcorn.

    I guess the real question becomes, what company is positioned to take advantage when the big two falter? (And has the intelligence to capitalize on it?)

    No, don't say Linux on the Desktop. Just don't.

    • by iggymanz (596061)

      Android adoption is growing, that's Linux in a pocket or on a desktop. Deal with it.

      • by roc97007 (608802)

        Android adoption is growing, that's Linux in a pocket or on a desktop. Deal with it.

        Well, sort-of. Android is Linux in much the same way that OSX is BSD. (Neither of which are bad things.) And although I've heard rumors of Desktop Android, I've not seen a lot of adoption yet.

        Don't get me wrong, I like Android. I think it's a very well thought out OS for touch devices. Wife, daughter and I all carry Android phones. Daughter wants a Samsung Note tablet. We own an ASUS convertible (currently running Win8) that might actually be usable with Android.

        I'm just not convinced Android is appr

  • Give Apple, Inc. and the commercial world a database of all our fingerprints!

    What could go wrong?

  • You think the Luddites originated on the continent instead of England form the anti-technology whines of some Europeans.

Do not simplify the design of a program if a way can be found to make it complex and wonderful.

Working...