Slashdot Mirror
Toshiba Puts Fingerprint Readers on Cell Phones
An anonymous reader writes "As if it wasn't enough to have fingerprint scanners on laptops, Toshiba has put them on two of its latest smart phones. The Toshiba G500 and G900 feature fingerprint scanners on the back of the handsets, allowing users to access their phone by simply sliding their finger over the scanner. This is supposed to provide a better level of security than using a code of some sort. Of course it also means that someone is more likely to chop your hand off if they desperately want your data."
IMHO it's far more complex than necessary, more cool features == more things waiting to fail.
Those of us who live in northamerica probably won't get this feature, since our domestic carriers have a penchant for disabling features on "their" phones. Nokia E62 all over again...
In memory of the USS Maine.
More realistically, you'd also have to worry about somebody lifting your fingerprint from, say, the phone itself, then using that to log in. The MythBusters did a segment showing how easy it is to lift somebody's fingerprint, then use that print to defeat a scanner.
This thing isn't going to increase security, it's only going to increase convenience.
I mean really, what's the guarantee that your fingerprint data wont be uploaded through the network and stored in a big database somewhere?
If it works as badly as Lenovo's scanner, fuggedaboutit. I didn't really ask for one, but it came with my Lenovo and I thought it would be interesting to try. Sure enough I could not log in without a successful scan, but it usually took 5 or 6 tries. I disabled it after a couple days.
As for losing your hand, well, I would think that most criminals would not risk the much higher penalty for doing that, not to mention the much tougher fight most people would put up. I've also heard scanners have an even harder time working with a dead finger, although I have no idea how they tested that. Anyway, score one for techno-luddites like myself--my cell phone is just a phone. They would get my contact list and a few hours of service until I have the account canceled. Big deal.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
That stuff they make gummy bears out of is great for making fake fingerprints using someone's latent print, some crazy glue, a digital camera, Photoshop, a transparency sheet, a photo-sensitive PCB, and gummy bear gelatin. You can destroy everything but the gelatin, break into a facility that uses a fingerprint reader for security, and then eat the last bit of evidence.
If I'm not mistaken, this technology has already been implemented in some Japanese phones. I recall seeing it advertised on the http://www.nttdocomo.com/ website more than a year ago. Other features at the time included what equates to our PayPass, except that it was inside your cell phone. Another more widely used feature was the barcode scanners that would allow you to take a picture with your phone's camera of a square-shaped barcode that could be found on many advertisements and products and then find more information using the phone's web browser. Perhaps I misread the website a long time ago, but I'm pretty sure some other phone has already been released with that capability.
No fingers, you insensitive clod!
Almost all phones have backdoors that can be used easily without opening the phone itself.
All of them can be "cracked" by opening the case.
Both are available for repair centers (and hackers as well).
So if someone really needs your data, he will get them, with or without your chopped finger!
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
Time to put on the tinfoil hats! No, its the fact that in order to do something like your thinking, you need all the proper permission... unless you already think that "The Man" will do what it wants, no matter what.
Yay, I have a sig.
I think Toshiba is breaking new ground with this phone and its release is likely to start a trend. The need for security is actually higher for a mobile handset than for a laptop, as they get lost far more often.
And despite the various comments about cutting off fingers and lifting fingerprints, have we seen much of that in the laptop world? No. Will it happen one day? Maybe.
I've seen this phone at 3GSM, and the other point that is missing is that the fingerprint reader can also be used as a navigation device, both for menus on the phone itself as well as for a PC in close proximity. At 3GSM they are showing the phone controlling a powerpoint presentation on a laptop.
Very cool!
If someone wants to chop my hand off to use my cell, well, I'll just give him the finger!
Be relentless!
My wife's phone from three years ago had one. It also incorporated a dog game/simulator, and one of the ways to make the dog happy was to get your fingerprint swiped in order to pet the dog.
Now, what is new and interesting is the 813SH for Biz which has a remote control data destruct option, or even the slightly older P903i which comes with a wireless DES dongle that locks the phone once it gets out of range.
How is this new? My (Japanese) Docomo phone from 2005 has a fingerprint reader. I use it frequently.
I asked this at a research conference once(it was about mobile phone security as well) and the researcher, who had drawn out all these equations showing how wonderful the fingerprint security was couldn't answer me. For a device like a mobile phone that tends to get tossed around and abused a lot, I wouldn't imagine that the scanner breaking would be all that rare of an occurence. However, the researcher just said that if the fingerprint scanning device was broken, then you could use a password instead, of course this was after he spent the first 5 minutes of his presentation telling us how passwords were insecure. Assuming that passwords are insecure, wouldn't the first thing an attacker does when getting the phone be to smash the fingerprint scanner? Then what was the point?
Monstar L
Frighteningly, I don't think there's that great a difference, in terms of technical feasibility, cost of implementation, or legal dubiousness, between the NSA clandestinely spying on the private conversations of U.S. citizens by the aid of AT&T and others; and that same agency, hypothetically, collecting fingerprint data from consumers by the aid of whichever cellular carriers will offer this phone.
It may seem improbable, but we've already seen equally grievous government intrusions into personal privacy. Such a scenario would honestly just be more of the same at this point.
Like if you have kids that use your phone all the time. Or if you leave your phone in the office and don't want people using it to make calls when you're out. Or even the sheer fact that it will act as a deterrent for your average thief.
Not everyone has military grade secrets on their phone, but a vast majority of people who will steal mobile phones won't be interested in the numbers/sms/etc on the phone anyway.
Granted, if people want your info, they will get it.
You moved your mouse. Please restart Windows for changes to take effect.
as i have previously mentioned in an older post, i used to participate in a reasearch at my uni for a major mobile phone company (sony ericsson) for the implementation of fingerprint recognition on cell phones and other mobile devices (PDAs,notebooks,etc). Personally i preffer the fingerprint sollution rather than the RFID one because the phone's security is up to you and not as "hollow" as RFID can be by the use of reverse engineering. It's simple, if your phone is stolen the perp needs to have your thumb or else the phone is just another piece of garbage. You cannot reverse engineer a fingerprint simply because you cannot have a clue on how the actual fingerpint is shaped, while the scanning software is something very ubiquitous and tough to be "hacked" by someone who hasn't got a clue of the scanning algorithms.
Roses are red, violets are blue, most poems rhyme, but this one doesn't...
Only if the scanner can read cold severed digits! :)
Hey, it can happen. :)
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
You should know by now they only cripple useful features people want.
They could put biometrics on phones and then use that to connect the
phone even tighter to you, the actual person. With biometrics on board
the defense you loaned the phone to a third party is gone.
Also you could be called by some agency and ordered to present your
fingerprint at random intervals maybe as part of some probation
monitoring scheme.
Groan. Here we go again..
I think Toshiba is breaking new ground with this phone and its release is likely to start a trend.
I most certainly hope not, for reasons stated below.
The need for security is actually higher for a mobile handset than for a laptop, as they get lost far more often.
The need for protecting an asset has little to do with the frequency or potential for loss, more with the information that would be lost or compromised (different facets with different ratings) and that is a very personal assessment. The Paris Hilton hack was very dangerous because her Sidekick contained personal numbers for people that have to fight hard as it is to have some sort of private life and security, but a Mr Average phone is not going to hold data of sufficient value to offer up irreplacable body parts for. You can replace a phone, you can replace numbers but you can't replace a cut off finger (given the likely conditions under which the amputation would occur you can give up any hope on re-attachment as well).
And despite the various comments about cutting off fingers and lifting fingerprints, have we seen much of that in the laptop world? No. Will it happen one day? Maybe.
In laptop world the fingerprint scanner is (a) a relative new device and (b) not working so well, so thankfully most people don't use it. Also, most laptops are removed without the users' knowledge because it's often important to have some time before the theft is discovered (in case of targeted theft) and (using Windows) breaking into the unencrypted device is just a matter of booting up from a CD.
Now imagine a world where biometrics are the ONLY way to gain access - at that point you will lose the option to give in under threat and provide a password - your finger WILL be used, with or without you inconveniently attached to it. It can get even worse: with passwords it requires on your collaboration so there's an interest in keeping you alive. With biometrics-only devices an assailant has the wonderful option of killing you first, then using your chopped off digit in the comfort of his own place with a nice cold beer. That's quite a handy option for them because it stops you from becoming a risk later.
So, with implementing biometrics I would ask the Clint Eastwood question: "Do you feel lucky?".
Insert
>>There's no way I'm buying a phone with an operating system that crashes 10 times a day and needs 900-1200 times more CPU and RAM than Symbian.
So you should be fine with this phone then, because the above is 100% weapons grade bullshit.
So why isn't this phone using Symbian if it's so f'in wonderful? Oh yeah, it's not up to the job and horribly underfeatured. lol
May I be about the only person here to say that this sounds like a good idea. Fair enough it's not secure enough to protect your uber secret data but realistically how many of use are carrying information that is that vital in our mobile phone? What most of use want the password for is to make our phone virtually worthless if stolen. If you are carrying around data that is very important then I would suggest so other form of encryption.
I used to have a better sig but it broke.
Millions of laptops are sold with fingerprint scanners nowadays.
How many people do you know who have had their fingers cut off to access data?
How many people have had their eyeballs popped out to fool retinal and iris scanners?
Most thieves look for convenient opportunities rather than bloody, messy, longer jail-sentence crimes.
And if you insist on fast-forwarding to a future where biometrics are the ONLY way to gain access, why do you assume no one in the future will solve the problem of cut-off fingers fooling a scanner? C'mon!
my hands are dirty?
Reduce, reuse, cycle
Fortunately for democracy in the USA, The Man is strictly limited in what He can do by the Patriot Act.
Rich And Stupid is not so bad as Working For Rich And Stupid.
I don't know that people would need to chop your hand off to get your data. I mean, all they'd need would be your fingerprint. But where would they find that? Oh, wait, they already have your LOVELY SHINY PLASTIC PHONE THAT YOU TOUCH WITH YOUR FINGERS AND THAT HAS FINGERPRINTS ALL OVER IT.
So I'm a little skeptical. Another thing that makes me skeptical is that I've worked with lots of devices that require fingerprint scans, and honestly for the tiny amount of security they add the inconvenience is so huge that they're usually the first thing to go if anyone gets the chance to make changes. They can be effective for licensing (making sure the person to whom information is licensed has to actually be there when it is read) but how many other types of security issue depend on a bad guy having physical access to the machine -- yet not being able to [tamper with / fool / reboot and remove the driver for] the fingerprint scanner?
Whence? Hence. Whither? Thither.
They'd only want your finger.
-1 not first post
I'd rather have my finger chopped off than terrorized for my pin code!
Actually, if your phone or the content in the phone is that valuable, then you deserve your finger chopped off
I have one of these scanners on my laptop. Its great. I have a nice complex password for access that I can skip simply by scanning a finger. I like the convienence. Do I think its anymore secure? Not in the least.
Its better for me that using a usb key or such, I am not going to lose my finger
* Winners compare their achievements to their goals, losers compare theirs to that of others.
I still don't understand why you think my phone needs more security than my laptop per se. If I think I'm going to lose something often then I should assume I am going to lose it at any moment ergo I should make sure it's notionally disposable. Even my ancient Pentium III T23 laptop would cost me more to replace than my brand new Nokia so why does it need a biometric. It's not a Lawgiver!
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
why do you assume no one in the future will solve the problem of cut-off fingers fooling a scanner?
Um, because it's already been solved. Fingerprint readers on computers and door locks have proven trivial -read that word again: trivial- to crack, usually with minor effort easily within the reach of the most common criminal. All it takes is access to a xerox copier or some candy. Look up the Mythbusters episode referenced in some other posts. The professionals are even better at it.
In NO shape or form should a fingerprint reader be considered an effective security tool. It's absolutely worthless, a statement I don't make lightly. The only thing worse than having NO security is having something you THINK is secure and relying upon it, when it's actually totally insecure.
Biometrics have a long way to go to fulfill the promises that have been made about them. So far, it's mostly hype and bull and huge powerpoint presentations about how it's unbreakable and will change the world. Meanwhile unskilled people on a TV show bust it wide open in under two minutes, on their first try, without any particular skill in B&E or security. With cameras rolling.
If this embarrassment by TV amateurs is annoying, imagine what the professionals crooks can do with these locks.
Go find that video. Watch it.
Sobered up yet? If you're not swallowing hard and turning several shades paler, you're in the wrong business.
The moral is simple: to get past security, you only need to attack the weakest point in the fence. Nobody can devise a system without weak points.
*surely* there's only *one* binary
congratulations, you're number 3 (0100) not 2 (0011) or 1 (0001)
to feel the need to correct me
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
If this type of technology on mobile devices becomes widespread you can bet that it will eventually be used to boost fingerprint databases for law enforcement. To be honest I cannot decide whether that is a good or a bad thing - intelligent criminals (the type who maniacally stroke fluffy white cats) would probably easily find a way to fake their record, but finding a hit on a fingerprint would at least narrow a search for the police.
CSI directors I am sure will have this in a script in the near future...
Nothing witty
Interestingly enough, in nearly all states the penalties for kidnapping equal or exceed the penalties for murder (particularly if it's not first degree). So the same goes for if someone is trying to kidnap you... there's no compelling for them to leave you alive, and in fact there are a lot of compelling reasons for them not to, so you should do your best to escape. Not that that will probably ever be useful information for any of us, but it is somewhat interesting (at least imo).
Cheers.
Relax I just want some peanuts.
..or worse yet my fingers are injured enough that the scanner won't recongnise
my thumbprint? Then what?
You could always just give them the finger. Oh, nevermind ...
...on a work mobile, the contacts in your phone book may be, and probably are, sensitive. Have a look at your own - have you got direct dial numbers, names, departments etc that could be used by a social engineer?
Yeah and they'd argue that it is impossible for someone to have used your phone, despite it being quite possible to copy a fingerprint. I believe insurance companies did that regarding some "unbreakable" security systems/locks in cars (ie: we're not paying because despite you claiming your car was stolen we claim such an act is impossible so go stfu).
...when they pry it from my cold, dead hand.
Oh wait.
"How is it any worse than entering a PIN?"
It isn't - because nobody locks their phones ... and the nobodies who do, its almost always 5-5-5-5-5, because that's easy to key in without really looking (like when driving). It's the cell phone equivalent of 1-2-3-4-5.
So then, you thought you were a clever chops and it turns out you're just a wannabe an donce discovered you turn to insult based on your incorrect stereotypes.
The clue is in the "know binaries" not "know binary".
Christ, even java programmers encounter BCD occasionally, though this isn't that scheme.
You lose, twice!
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
dave, lol, welcome to texas
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
So now I have to remove my glove in sub zero temps to answer my phone.
I guess I will not buy one, I will stick with my samsung thank you...
-- I am the NRA, enough said...
I really haven't met anyone who locks their phone, regularly, with a PIN anyway. It's a lot of hassle for what is often data that is more important to have a backup copy of than to secure from other people.
So it seems to me that this is even more overkill.
I did have a phone once, a Sanyo (SCP-6400 I think) that allowed you, if you setup the feature, to send a specially encoded text message with a password, to the phone, which would erase the phones data. I thought that was a nifty feature if the phone were lost.
To be fair however, I never setup the feature.
So now when my phone gets hacked, they will have my fingerprints too.. Thats Just what I need .. Oh the crimes they could stage with all the free fingerprint.
Ad eundum quo nemo ante iit!
Of course, McGyver could then use anyone's phone.
Have you read my journal today?
I bought an F901iC in 2004 with a fingerprint scanner built in. Works surprisingly well.
Now imagine your phone being able to make purchases directly without something like a biometric finger scan -- very scary.
This isn't just to protect the data in your address book -- get over yourself, you don't have that many secret numbers... this is to allow the phone to evolve towards an all-in-one device that lets you leave your wallet behind.
And can we stop the ranting that everyone will start cutting fingers off right and left.
So much of what you say is so easily refuted it's not worth the effort. No wonder you posted as an AC.
It would be neat one day to have a fingerprint login to your phone and GPS capability. Then if you lose your phone, no one will really bother with it (i.e. hopefully not throw it in the trash) and you can call it, get the location (mapquest) and recover the phone (with all it's valuable info).
The problem isn't really the cell phone, the problem is the inability of the majority of the population to focus on more than one task at once.
If by the majority of the population you mean "human beings," I would agree with you. It's a fundamental problem in the hardware of the brain. Basically, paying attention while driving uses the same "channel" in the brain that responding in conversation uses. We "speak" to ourselves when navigating. There's a fundamental bandwidth limitation.
Read more on dual-task separation research at the University of Utah's psychology department.
Invariably, some politician will 'correct' the problem by restricting *my* right to use a phone.
The problem is that a lot of people are fundamentally unaware of how much talking while driving detracts from their ability to drive. Studies show that you're just as dangerous as "those other drivers." You just might not be aware of it.
(Well, I suppose there is a difference between people who are *trying* to pay attention to the road and blathering idiots, but you're still not as safe as someone who isn't talking.)
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
First off, I have a toshiba laptop with the built in scanner. It works most of the time (often enough that I still use it to log in when I'm inpublic and don't want people looking over my shoulder while I log in.)
Second I think that the idea of getting someones fingerprints from the phone and using them to unlock it is a little misplaced this time. Most of the posts that I have seen here suggest that you could make a fake finger print from some sort of gelatin. This works with the kind of fingerprint scanner that reads the whole print at the same time. The one in my laptop requires you to drag your finger over a very slim portion of the reader (I assume that it reads your fingerprint one line at a time.) I do not think gelatin would hold up to this kind of activity.
As to the breakability of the scanner: I have dropped several heavy things on mine (yes my laptop is a poor miserable wretch) and it still works fine. I think this is also due to the small size of the scanner. It would take a very hard and directed hit to break the thing. The scanner itself if down in a hole and is only about one eigth by three quarters of an inch.
Some other uses that might make this more palatable for people: if the software works the same way as my laptop you could have each finger represent a different speed dial number (the software for my lappy actually remembrs 20 fingerprints.) I could see this being very useful as you wouldn't even have to open the phone (clamshell) or get it near your head to start dialing. just run your finger and it starts dialing up gramma's house.
You could also assign different user levels with it. For example you have limited calling features for your teenager when they swipe a finger but you have full access.
This one isn't for everyone but you could take theabove use a step further and track calls by each user.
AnyWho just thought I would suggest some uses tht might not make this thing all bad.
Normal mobile phones are "secure" when you have locked them ...and so resetting these stolen fingerprint phone to pristine
to the inserted sim (i.e. locked it to country/network _and_
sim serial number) and activated mandatory pin entry. Then
the phone will refuse any other sim but the one present when
that simlock was set and force you to present PIN1 to that
sim. But let's not kid ourselves, there is not a phone out
there that doesn't have details and even original internal
service and diagnostic software leaked...
out-of-the-box factory conditions should be no problem after a
while once command sequences, secret keys and software are leaked.
Which is too bad, because a phone really should turn into a brick
once it is taken from its owner and not at all be capable of
carrying out factory commands once it has been personalized
and put into service... but I disgress...
the fingerprint reader is not about making authenticating yourself
to the phone more convenient, or making the authentication process
more secure.. it's about getting people used to presenting their thumbs
to readers. I know that to some this might sound moronic at first but if you
think about it I believe you can see the point I am making here.
"Give me your fingerprints, or I'll hold my breath till I turn blue!" would probably be sufficient... if not, one could always threaten to say some really bad words.
Of course it also means that someone is more likely to chop your hand off if they desperately want your data
Has this ever happened? People always bring it out as an argument against fingerprint scanners (or other biometrics) but I've never seen a news report of anyone having their bits chopped off to access their data. And you'd think if it happened it would definitely make the headlines just for the yuck factor.
"'I pass the test,' she said. 'I will diminish, and go into the West, and remain Galadriel.'"
- JRR Tolkien.
I think this is good feature but like many of these low cost biometric devices it has some limitations like if you have a cut on your finger then it would deny you access... especially when when you really need like when you are injured.
I seen and have used several of these biometric ID devices and some are surprisingly good of identifying you properly even though the device is dirty, the finger has some damage (cut, etc), use of alternate finger (if your ID finger is covered with bandages). There were a few I had to have absolutely clean finger to get a good ID.
I think a biometric ID phone would be great for those in high security group that have good reason worry about wrong person calling someone important. Again like some movies someone really desperate would cut your finger to get access to the phone.
At the moment there are still alternative methods of access so the forcible removal of body parts is not happening yet (except for people carrying a donor codicil, but that's organ /trade/ and another story altogether). Under threat you can choose to give access.
:-). CERN has shown a sense of humo(u)r and put up a page matching the book against reality.
There are already scanners that check for things like body heat and (IMHO a more clever idea) a pulse in roughly the same way as a hospital finger pulse reader does it, but the pulse one has the problem that it's possible to pick up latent prints from the way it works (it's not a 'swipe' style scanner). But that too will be bypassed - it's the usual arms race.
You would be right with your millions vs. a few incidents (incidentally, also the same argument to put a terror threat into a reasonable perspective) if you consider that not everyone has data worth stealing except for your very identity. So you could say that the height of your presence on the food chain ought to directly correlate with an increased aversion to biometrics..
BTW, as a slight aside, the popping eyeball idea for bypassing biometrics was used in the "Angels and Demons" book by Dan Brown (better known for "The Davinci Code"
Insert