Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Your Next Phone Will Include Biometric Security

Posted by Soulskill on from the it'll-draw-blood-and-give-you-an-EKG dept.

An anonymous reader sends this quote from Forbes: "... it is an almost certainty that within the next few years, three biometric options will become standard features in every new phone: a fingerprint scanner built into the screen, facial recognition powered by high-definition cameras, and voice recognition based off a large collection of your vocal samples. ... We store an enormous amount of our most intimate and personal information on cell phones. Businesses today are already struggling with policies regarding bringing devices from home, and it’s only going to get more difficult. A study by Symantec highlighted the depth of the problem – around the world, all different types of companies consider enterprise mobile device security to be one of their largest challenges. ... Ever since Apple purchased Authentec Inc in July of last year, there has been an endless stream of news stories obsessing over whether Apple will include a fingerprint scanner in their next release. In reality, Apple is one among many players, and whether they include a biometric sensor in the 5S or wait till the 6 is largely irrelevant, the entire mobile industry has been headed this way for years now. ... There are separate questions as to whether these technologies are ready for such a wide-scale deployment."

110 comments

  1. Fingerprints? On a touch screen? by Zumbs · · Score: 3, Insightful

    How can anyone consider fingerprint identification on a touch screen as anything but toy security? You handle your phone pretty much each day, so it is highly unlikely that your fingerprints will not be all over it, in particular on the screen. With just a little bit of technique, every criminal will be able to get a usable finger print and unlock your phone. Mythbusters pretty much proved how easy these things are to bypass.

    --
    The truth may be out there, but lies are inside your head
    1. Re:Fingerprints? On a touch screen? by Anonymous Coward · · Score: 0

      It has nothing to do with security. This is really for Apple's other business line: collecting information for marketers and governments.

      Gov spook: "Well, well, well! We have this guy calling around gun stores and traveling to them. The fingerprints on the checks match - hmmmmm. There's a bunch of background checks for gun purchases, but yet, a lot of cash withdraws. Maybe he's buying guns from private parties that aren't doing background checks in addition to his arsenal. And why does he have an arsenal?!"

      They then go to judge, accuse gun buyer as being a terrorist, and BAM! black SUVs and helicopters all because of Apple!

      Am I paranoid? Maybe. But just because I'm crazy doesn't mean I'm wrong!

    2. Re:Fingerprints? On a touch screen? by Zumbs · · Score: 1

      In order to do that, they would have to order gun shops to get finger prints from buyers. And if they already are, getting finger prints from phones do not make any difference. You are right in considering that there are serious privacy implications if a government can and do use this to build a national finger print register, i.e. if the fingerprints are collected in central registers, that can be accessed by police or private investigators.

      --
      The truth may be out there, but lies are inside your head
    3. Re:Fingerprints? On a touch screen? by Anonymous Coward · · Score: 0

      Except it can all be boiled down to:
      "There's a bunch of background checks for gun purchases"
      No real need for apple.

    4. Re: Fingerprints? On a touch screen? by freezin+fat+guy · · Score: 1

      Except that there aren't.

    5. Re:Fingerprints? On a touch screen? by Anonymous Coward · · Score: 0

      Mythbusters showed, it didn't prove. People way before them did the pioneering work.

    6. Re:Fingerprints? On a touch screen? by gl4ss · · Score: 1

      it's just for providing a quick lock so that your bro/sis/mom/dad doesn't mess around with your facebook.

      --
      world was created 5 seconds before this post as it is.
    7. Re:Fingerprints? On a touch screen? by homey+of+my+owney · · Score: 1

      " the entire mobile industry has been headed this way for years now"

      Reference please?

    8. Re:Fingerprints? On a touch screen? by cristiroma · · Score: 1

      I'd say that rather provides answers to fake problems.

    9. Re:Fingerprints? On a touch screen? by Dan667 · · Score: 1

      My take is that people that want to sell the chips and software for biometrics are pushing this.

    10. Re:Fingerprints? On a touch screen? by Instine · · Score: 1

      With micron resolution 3D printers, I wonder if its practical to take stolen fingerprint data and print yourself a finger.

      --
      Because you can - or because you should?
    11. Re:Fingerprints? On a touch screen? by Jane+Q.+Public · · Score: 3, Insightful

      "Mythbusters pretty much proved how easy these things are to bypass."

      The problem is that in order to prevent false negatives, the recognition has to be loose enough to allow way too many false positives.

      But -- and here's the big issue, IMHO -- the same is true for facial recognition, and voice recognition.

      So you have 3 "biometric security" options, all of which are ridiculously easy to circumvent.

      Security theater, anybody?

      The really big problem here is that it's a false sense of security. People come to rely on means that aren't secure, they they feel they are secure. This just makes them sitting ducks for malicious people who know what they're doing.

    12. Re:Fingerprints? On a touch screen? by Jane+Q.+Public · · Score: 1

      In most cases, you don't have to. Just use a photocopier or make a mold and fill it with gelatin.

    13. Re:Fingerprints? On a touch screen? by Zumbs · · Score: 1

      Good point. People living in close proximity to you may manage to figure out your pin code, but they would need to do some extra work to fool the biometrics, which would discourage a lot of nosy people from reading or modifying your personal data.

      --
      The truth may be out there, but lies are inside your head
    14. Re:Fingerprints? On a touch screen? by Anonymous Coward · · Score: 0

      yes and it's been on the NWO agenda forever as well. the forbes article is propaganda in the sense that it tries to legitimize the idea that there is some sort of simple non conspiritorial reason that the whole industry will be rolling various spy tech out. i'd be very suprised if the [insert appropriate spook agency here] doesn't already have access to these companies databases without protest or warrant, but without biometrics it's just words someone entered into a form somewhere.

    15. Re:Fingerprints? On a touch screen? by Teun · · Score: 1

      Is it comfy under your rock?

      --
      "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
    16. Re:Fingerprints? On a touch screen? by fustakrakich · · Score: 1

      The idea is that all those fingerprints all get sent your favorite three letter agency to be stored for later use. I hope nobody thinks this is for our security.

      --
      “He’s not deformed, he’s just drunk!”
    17. Re:Fingerprints? On a touch screen? by oPless · · Score: 1

      So basically you have three, not-very-good biometric systems but putting them all together magically amplifies security?

      It sounds like a pretty bad film ... Sneakers perhaps?

    18. Re:Fingerprints? On a touch screen? by idji · · Score: 1

      if the hires camera is watching for the blood pulsing through the veins and fulling the warmth that is a different story.

    19. Re:Fingerprints? On a touch screen? by grantspassalan · · Score: 1

      The problem with the camera this is that it needs light. If the light from the devices insufficient, then the user is not able to use it in low light situations or darkness. If the biometric information is ever lost or stolen, it cannot be changed like a password. The user is then really stuck up a creek without a paddle.

      --
      A sufficiently advanced simulation is indistinguishable from reality.
    20. Re:Fingerprints? On a touch screen? by Lennie · · Score: 1

      Like the Chaos Computer Club.

      --
      New things are always on the horizon
  2. The Atrix had a fingerprint scanner by Anonymous Coward · · Score: 0

    And nobody cared.

    I got a Motorola Atrix and was surprised to know about the fingerprint scanner. Everybody was talking about the lapdock and the dual core processor, nobody cared about that extra security.

    1. Re:The Atrix had a fingerprint scanner by Barny · · Score: 1

      Indeed, I have mine right here and the button to bring it out of sleep is the fingerprint reader. Very nifty and no more smudge-pattern on a screen from the 'security swipe', which anyone can guess in about three tries by following that smudge-pattern.

      --
      ...
      /me sighs
    2. Re:The Atrix had a fingerprint scanner by Austerity+Empowers · · Score: 2

      My phone has had facial recognition for a real long time now. Then my son realized he can open the phone by pointing it at my face while I sleep, or a picture of me in the living room, and he can get in. So now I disabled it, because he was really the one I was trying to keep out...

  3. Sharing by Anonymous Coward · · Score: 0

    Sorry, I share my phone with other people. I won't buy one which can't fall back to a simple password and I'm not going to setup different users on my cell phone - way too much effort.

    1. Re:Sharing by Anonymous Coward · · Score: 0

      I didn't realize the Amish were on /.

  4. Ripe for problems by Mitreya · · Score: 2

    a fingerprint scanner built into the screen, facial recognition powered by high-definition cameras, and voice recognition

    Oooh, and if you cut your finger/forget to shave or lose your voice temporarily -- who needs to use their phone every day?

    1. Re:Ripe for problems by master_kaos · · Score: 2

      Oh shit, I cut my hand off at work, better call 911... o wait.

    2. Re: Ripe for problems by Anonymous Coward · · Score: 0

      All three at once?

    3. Re:Ripe for problems by Anonymous Coward · · Score: 0

      Both hands?

      I think if that happens, your fingerprints will be the least of your concerns.

    4. Re:Ripe for problems by Anonymous Coward · · Score: 0

      Oh shit, I cut my hand off at work, better call 911... o wait.

      I can dial 911 from my iPhone without unlocking

    5. Re:Ripe for problems by Opportunist · · Score: 1

      Yeah, I mean, what do you want to dial with?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    6. Re:Ripe for problems by Barny · · Score: 1

      Well, having used the built in 'droid security support for the fingerprint reader on my atrix, all I need to do is enter a pin number (that can be user set) to access it anyway.

      --
      ...
      /me sighs
    7. Re:Ripe for problems by Anonymous Coward · · Score: 0

      I know, I'll just use Siri... Well, fuck.

    8. Re: Ripe for problems by Anonymous Coward · · Score: 0

      I've had worse days.

    9. Re:Ripe for problems by Anonymous Coward · · Score: 0

      penis-print biometric security is far more useful. Secondary verification system by nut sac wrinkles.

      Who has access to it? How likely are you to list that appendage? Who would want to break into your phone if it smells like ball sweat?

      Brb, patenting.

    10. Re:Ripe for problems by Anonymous Coward · · Score: 0

      You can press the 9, the 1, and the call button without hands?

    11. Re:Ripe for problems by Anonymous Coward · · Score: 0

      Then it's not properly designed, the whole point of locking the phone is so that you don't butt dial 911.

    12. Re:Ripe for problems by johnw · · Score: 1

      Then it's not properly designed, the whole point of locking the phone is so that you don't butt dial 911.

      Quite the contrary - in many regions it's been a requirement of mobile phones that you can still dial whatever the local emergency code is (911, 999, etc.) or an international emergency code (112) without unlocking the phone.

      Just try it now on your phone if it has physical buttons. Not sure how this works with touch screens though.

    13. Re:Ripe for problems by Anonymous Coward · · Score: 0

      it works in the same way with real buttons and with touch screen ones. The telecom industry has been regulated and was in hands of the state long enough to have security issues like this early on i.e. not in an agile way (think of unlock for emergency calls when a nice busty lover of a politician got into trouble etc).

    14. Re:Ripe for problems by idji · · Score: 1

      then you tap the login button and type in your password. Some problems are really simple to solve

    15. Re:Ripe for problems by Anonymous Coward · · Score: 0

      This has actually happened, more or less.

      http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10710715/

    16. Re:Ripe for problems by AmiMoJo · · Score: 1

      IT departments everywhere will need to stock up on bolt cutters and alcohol swabs for when they need to "revoke" compromise credentials.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    17. Re:Ripe for problems by BasilBrush · · Score: 1

      I'd use my Dictaphone.

  5. Orly? by wonkey_monkey · · Score: 1

    it is an almost certainty that within the next few years, three biometric options will become standard features in every new phone

    Yeah? Who says?

    --
    systemd is Roko's Basilisk.
    1. Re:Orly? by Intrepid+imaginaut · · Score: 1

      You said it, they may as well be using taint configuration because they can stick their biometrics up their bottoms. Guess who will be the proud owners of a database of the fingerprints of most of the adult population in many countries if this is pushed ahead? The US government. I'm sure they are absolutely delighted with the surplus of freely given information already supplied by facebook and twitter, getting everyone's mugshot and prints is the final finishing touch.

      "It's a brave new world, or at least it better be" - Brill, Enemy of the State

    2. Re:Orly? by acedotcom · · Score: 1

      android phones already do facial recognition, and i have seen phones with finger print readers. really this is kind of non-news.

      --
      they say it is often more relevant then the comment above, all we know is its called the Sig!
    3. Re:Orly? by sgt+scrub · · Score: 1

      People exist electronically. Law enforcement moved on to DNA in the 90's. If you get arrested they take a DNA sample as well as prints for your physical identity. Having a guarantee you are the one using your phone ties you to anything that is associated with your phone. The more phones are being used for banking to purchasing goods, the more having it tied to you as an individual the better it will be for law enforcers. They can then easily identify a person physically and electronically.

      --
      Having to work for a living is the root of all evil.
  6. Great by HalAtWork · · Score: 2

    Now identity theft will become so much easier, trojans will be able to steal all that information too and spoofing access will be that much simpler.

    --
    Twinstiq, game news
  7. Motorola Atrix 4G by Anonymous Coward · · Score: 0

    I have owned this phone for two years. It uses a well-placed fingerprint scanner on the upper back site of the phone, where your index finger naturally rests. It works quite well.

  8. Security on Spyphones by Anonymous Coward · · Score: 0

    Get real.

    1. Re:Security on Spyphones by Knuckles · · Score: 1

      Get real.

      I intended to write a lengthy post about how random people are not the number one threat I perceive when using may smartphone. But the AC said it with 5 words.

      --
      "When I first heard Daydream Nation it quite frankly scared the living shit out of me." -- Matthew Stearns
  9. pwned by harvey+the+nerd · · Score: 1

    The perfect spy. The NSA, CIA, FBI, IRS, Google, MasterCard etc love it.

    1. Re:pwned by sensationull · · Score: 1

      Yeap, what government would not love this, no messy interigation, the device is with the key, the user, just twist their arms a little or give them a drink of water. Bang, access and no messy warrents or waiting.

  10. "Security" on the wrong end by Anonymous Coward · · Score: 0

    What good will this do me, when every Nth app sends my address book unbidden to some external server, when the RF side is only tested with the big few vendors instead of actually properly protocol validated, when OTA updates trade operator convenience for my ability to trust my phone, when the thing keeps a close log of wherever I've been, when the operators keep years and years of that same tracking data, and so on, and so forth?

    Oh, that's right. I have no rights. I'm the product, the piggy bank that needs to be broken. And the crowbar to do it is exactly that phone. Right, now we know why we "need" biometric security in our mobile leashes.

  11. Motorola Atrix by Anonymous Coward · · Score: 1

    The original Atrix has a fingerprint scanner. And Motorola abandoned it.

    1. Re:Motorola Atrix by Jay+Carlson · · Score: 3, Informative

      Apple buying the vendor for the fingerprint stack might have something to do with Motorola dropping the ATRIX 4G fingerprint sensor.

      The ATRIX 4G was supposed to get an ICS upgrade. There was a "leak" of a partially functional version. My guess is that the licensing issues with Authentec/Apple broke down. Guess Motorola didn't negotiate any long-term contract options.

      It's a shame about how AT&T handled pricing on the LXDE subsystem. The X server implemented on the NVidia framebuffer/compositing layer was pretty nice. In theory Android 4.2.2 should support non-mirrored HDMI better, so hopefully I can get a Linux desktop bigger than 1280x720 on this Galaxy S3.

  12. It better get here quick... by Syphonius · · Score: 1

    My next phone is just six months away.

  13. It could happen... by Anonymous Coward · · Score: 0

    There are always a bunch of "people" (I use the term loosely) who will go for crap like biometric authentication on cell phones.
    They hear buzzwords and think it is GREAT.

    Proof of this- Myspace, Facebook, Twitter etc.

    Crap, but people who crave being "on the edge" will jump at anything that lets them use buzzwords and buzz-worthy tech.

    Personally, if cell phones suddenly became biometric only, I would stop carrying one.
    I'd rather have a secure phone than one with nothing but buzzwords.

  14. slide to unlock is the problem by chowdahhead · · Score: 1

    Isn't this more of a problem of enforcing device security policies? If the data is encrypted, does it really matter if the device is locked by PIN, pattern, fingerprint, facial recognition, or some other mechanism?

    1. Re:slide to unlock is the problem by Opportunist · · Score: 1

      Your suggestion is really odd, how do you think that free app is supposed to read information that is encrypted by some other app or even by you, especially without you noticing it?

      Gee, some people...

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  15. Biometrics is a dead-end by gweihir · · Score: 5, Insightful

    What all the proponents conveniently gloss over is that biometrics has not solved one fundamental problem: How to change the "password" once it gets stolen. And it will get stolen. Storing hashes does not help at all, as an attacker can just get new samples with ease. They just need to hack the sensors. Other ways exist. And once the biometric print has been compromised, there is nothing that realistically can be done.

    This fundamental limitation is the cause that not real security expert takes biometrics seriously in unsupervised scenarios. There are enough wannabe security experts around that will gladly take a lot of money for biometrics that will not work.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:Biometrics is a dead-end by teidou · · Score: 4, Interesting

      Yep, that's a serious issue.

      There is a difference between identity and authentication, and that difference is lost when one uses biometric identity measures for authentication.

      Great writeup on this from 2006 over at MSDN

      Short version: identify and authentication must remain distinct if you want to have a system where users are held responsible for their actions.

    2. Re:Biometrics is a dead-end by Opportunist · · Score: 1

      That's less a factor than the fact that biometry may be much but it's not secret. Unless you're wearing gloves constantly (and, let's be honest, who does aside of some comic supervillains?) you leave fingerprints all over the place, all the time. The biometry print IS compromised, because it never was secret in the first place.

      It's great for establishing identity. There's nothing more you than you yourself. But it would be great to mix something secret into the fold. Unless you can at least ensure that nobody but you will access the device, something that is quite impossible with a device that you pretty much have to take out into public. Else, an old fashion cord phone would probably do.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re:Biometrics is a dead-end by Anonymous Coward · · Score: 0

      They are not trying to solve the problem that you think they are trying to solve. Yes, this security will fail against targeted advanced attackers. That's not the point. The lock on my door won't keep out SWAT either. The point is that it isn't worth the while for Joe Schmoe idiot mugger to obtain fingerprints, eye scans, face scans and voice samples from someone he just lifted that phone from. Your nosy neighbor isn't likely to go to that level of trouble to read your email if the phone is found on the street either. Well done biometrics can cut out half-assed attacks which means it cuts out almost all attacks. That's the point. No one is suggesting securing the nuclear codes with this system.

      The real problem for this kind of system is how often the phone will refuse access to you because it can't recognize you even though it should.

    4. Re:Biometrics is a dead-end by gweihir · · Score: 1

      I do very well understand that. The problem is that malware capturing fingerprints, voice-prints and faces is easy and has just not been so far because there is no point. So, no, I am not talking about targeted attacks at all, but automatized, wide-deployed ones.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    5. Re:Biometrics is a dead-end by swillden · · Score: 2

      What all the proponents conveniently gloss over is that biometrics has not solved one fundamental problem: How to change the "password" once it gets stolen.

      Biometrics are not passwords. They have some similarities, but also some important differences. Equating the two will just result in misunderstanding both -- as in this case; thinking that biometrics must be changeable like passwords to be useful.

      The intent of a biometric isn't to provide a replaceable, short-lived secret authenticator, it's to provide a public (though not necessarily widely-distributed) authenticator permanently bound to an individual. When designing a biometric security solution you should never assume that the biometric data is secret. Instead, you need to assure that the following assumptions hold:

      1. The object being scanned is actually the subject being authenticated. This is the greatest weakness of biometric authentication in most circumstances, because it's generally fairly easy to scan some other object which replicates the authorized user's characteristics. This is also where biometrics fundamentally differ from passwords, since if this assumption holds it doesn't matter if an attacker knows the characteristics of your face/fingerprint/whatever.

      2. The path between scanner and matching engine is secure, otherwise replay attacks can easily subvert the authentication.

      3. The template storage and matching engine are secure. This is also a problem for password authentication, but it's generally fairly easy to assure in both cases.

      4. The resolution of the matching, at the selected match threshold, is sufficient. The analogous concern in the case of passwords is password length/complexity, but it's a little different because when we talk about password complexity we do it in the context of brute force attacks. The biometric analogy of a brute force attack is presenting many different people, trying to find one that coincidentally matches, which is rarely a concern (assuming the biometric isn't being misused for both identification and authentication). With biometrics, used properly, you just need to assure that the false positive rate is low enough for the threat model.

      So, what does that mean for the idea of biometric security for phones? Assumptions 2 and 3 can probably be invalidated by a sophisticated attacker, but a sophisticated attacker can likely bypass the whole authentication process regardless, so biometrics are no worse than passwords. The same is basically true of assumption 4.

      For cellphones, the problem is obviously assumption #1. The sensors that will be embedded in a phone will of necessity be inexpensive. Even worse, the phone's environment is completely uncontrolled. This creates an ideal environment for an attacker to spoof the sensor with gummy fingers, photographs, etc.

      However, that doesn't make it useless. In particular, incidental and continuous re-authentication is idea. Rather than using your face or finger to "unlock" the phone, have the phone occasionally check the faces within view of the front-facing camera, or the print of the finger swiping. That won't make it impossible for an attacker to use the phone, but it will make it significantly more difficult and -- this is the key -- do so with zero inconvenience to the authorized user. That sort of security should be added to a password for unlock, though for some people with low personal security requirements it might be able to stand alone.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    6. Re:Biometrics is a dead-end by grantspassalan · · Score: 1

      In addition to the stolen "password problem" there's this: Sometimes the actual biometric information differences are quite subtle, so that common digital encodings that are practical will generate the same code for two individuals. That means with millions of individuals, there is an increasing chance that a fingerprint encoder or other biometric device will generate the same code for two or more individuals., Common practical face recognition systems often have problems differentiating identical twins.

      --
      A sufficiently advanced simulation is indistinguishable from reality.
    7. Re:Biometrics is a dead-end by Namarrgon · · Score: 1

      Obligatory analogy: the difference between a contract with your signature on it, and a contract with your DNA on it.

      Biometrics are not authentication in themselves, but can still be useful as the identity component of two- or three-factor authentication.

      --
      Why would anyone engrave "Elbereth"?
  16. How about just having whole disk encryption? by gelfling · · Score: 1

    I think my employer already demands too many agents scanners, tools, audits, logs and processes. Just encrypt the phone and even go so far that after the nth failed login it performs a factory reset.But enough of this "Let's add just 3 or 4 MORE steps to logging into your device" nonsense.

    1. Re:How about just having whole disk encryption? by scdeimos · · Score: 2

      iThingies have had hardware encryption for years. That's why a device erase is so quick - it only needs to erase the master key and everything else is toast. http://support.apple.com/kb/ht4175 and http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf (page 7 onwards)

    2. Re:How about just having whole disk encryption? by Anonymous Coward · · Score: 0

      Too bad device encryption is largely worthless.

      Tether jb / root and bam, 10,000 possible passwords -- a joke for even old Pentium 3s.

    3. Re:How about just having whole disk encryption? by Anonymous Coward · · Score: 0

      Only if the user is using a four-digit PIN. And if the user is using a four-digit PIN, odds are he or she has nothing on the device worth stealing anyway.

    4. Re:How about just having whole disk encryption? by GigaBurglar · · Score: 1

      Believe it or not the majority of smart-phone users have absolutely no idea of the correlation between password length and a secure hash.

  17. Great until you need to revoke it by Gothmolly · · Score: 1

    How do I get a new thumbprint exactly? When Mythbusters can clone my print with a gummibear or scotch tape, and my phone gets hacked, how do I get a new one?

    --
    I want to delete my account but Slashdot doesn't allow it.
  18. 666 by Anonymous Coward · · Score: 0

    Hmmm...identify...buy either the hand or forhead ...I've heard this before....Revelations 13 :-)

    1. Re:666 by Opportunist · · Score: 1

      How much for your hand or for head?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  19. Fingers are removable by nickovs · · Score: 1

    Given that much of the rise in crime in New York last year was due to people having the iOS devices stolen, how long will it be before muggings at knife-point typically also involve the thief stealing the owner's index finger too?

    --
    If intelligent life is too complex to evolve on its own, who designed God?
    1. Re:Fingers are removable by teidou · · Score: 1

      The MSDN article I cited above mentions "Police in Malaysia are hunting for the members of a violent gang who chopped off a car owner’s finger to get round the vehicle’s hi-tech security system"...

    2. Re:Fingers are removable by Anonymous Coward · · Score: 0

      Continuing use of the device would then require lugging someone else's finger around. How is the mugger going to unload something like that?

    3. Re:Fingers are removable by Zumbs · · Score: 1

      Just like you can change a pin code, can't you just change the unlocking fingerprint as well? If not, reselling would be pretty difficult ...

      --
      The truth may be out there, but lies are inside your head
  20. An Argent Sheathing? by rmdingler · · Score: 1

    If I had to bet the light bill money one way or the other, my tens of dollars bet on Gov't using the the fingerprint information if they have the ability. I consider it a good sign that all American fingerprints, and DNA for that matter, are not in a database accessible to government/law enforcement entities. Despite all the "compelling" buzzphrases used by officials (children, terrorists, drugs, safety), some evidence still suggests we are a republic.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  21. Already done. by Anonymous Coward · · Score: 1

    I had a win 6 phone with a fingerprint scanner years ago from HTC. My current phone (nexus 4) uses the front camera to recognize my face. Are we talking about new to IOS phones?

    1. Re:Already done. by Tapewolf · · Score: 2

      I had a win 6 phone with a fingerprint scanner years ago from HTC. My current phone (nexus 4) uses the front camera to recognize my face. Are we talking about new to IOS phones?

      They were all the rage ten years ago. HP's PocketPC 3 devices had them. I think they may even have still been Compaq at the time. Using the screen is new, but now I think about it, the scanning devices were probably the same kind of capacitive matrix we're using now.

      What most of these systems did was they hashed the fingerprint anyway, since they were IIRC vectorised, measuring the size and shape of the print. If the new devices do that too, it's less of a security problem, but if there's userspace access to the capacitive grid, you might be able to grab the image of the fingerprint with a trojan.

  22. And so... by roc97007 · · Score: 1

    ...we get a security system with proven flaws and workarounds, and the vendor gets even more of our private information. Bonus.

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  23. How about a builtin smartcard reader and fips140-2 by Anonymous Coward · · Score: 0

    Just sayin

  24. fingerprint sensor on a phone is great by Vormhat · · Score: 1

    Ask any owner of an Atrix 4g (the original). Too bad Motorola left us hanging with gingerbread.

  25. Money is the real reason by houghi · · Score: 1

    It will force the masses to buy a new phone because advertising will make the people believe that you must have it. Whether this is because of security or because it is the latest gimmick is irrelevant.

    Your 4 digit code is enough security. If people steal your phone, they want to sell it. They are not interested in your data. If people are after the data on your phone, then biometric security will not stop them.

    If your data is something they might be after, then you should also think if having it on a phone (that might get stolen) is the right place to have it.

    One scenario if I am after your data could be that I call you from another stolen phone when you are in public. The moment you are saying hello, I grab the phone and have your phone while it is unlocked. I then change the lock settings.
    There are many flaws with this idea, but I am sure there will be many more options if you think about then the 2 seconds I have.

    --
    Don't fight for your country, if your country does not fight for you.
  26. Fingerprints are more convenient than good passwor by raymorris · · Score: 1

    My phone isn't locked at akk, nectar of convenience. A FAST fingerprint reader is better them a password just because it would be more convenient, so I might use it. Which also refutes "fingerprint readers can be hacked". Yeah, so can PINs, much more easily, and I can pick any common lock within a minute, but they are still useful.

  27. no thanks. i dont want this. by Anonymous Coward · · Score: 0

    pass for me.

  28. Security Theater by Anonymous Coward · · Score: 0

    This is security theater at its best. It will provide no more security than the current Android "swipe" screen. Nosy cops are still going to be able to bypass any security by attaching their data sucking devices. Not to mention that Android is currently been getting hit hard by data leaking Trojans from the Android store. I don't want these virus writing scumbags having access to my fingerprint, face scan and voice print. Thanks, but no thanks, I'll stay with a swipe or a passcode.

  29. Good security or by GigaBurglar · · Score: 1

    "You mean all my biometric data stored on a Google/Apple device? Where do I sign up?? I hope that in the future it's uploaded to the cloud - it would be so cool to have it integrated into every facet of my life" - Timfoil Hatticus

    Let's not forget that a SHA512 salted 8 digit mnemonic encoded password is far harder to crack than obtaining one's fingerprint on a touch-screen.

    1. Re:Good security or by Anonymous Coward · · Score: 0

      I agree. My current phone is a pos clamshell, and I intend to not upgrade until it is unable to connect. I do willingly give information to a great many people on a daily basis through my computer use, but that is something that I can control to some extent through selective program use and modified code. And not downloading free fonts advertised in the corner.
      But this verification method could have the potential to allow someone to imitate me in the commission of a crime, something that has happened very recently. I feel more than uncomfortable about that, and for that reason I will never get a device that requires such input at any time. If it is willing to accept a blank screen, or an impression of, as stated earlier, my nut sac I would feel more comfortable. But the ability to take a print scan without me knowing could be there still.
      SHA512 is preferable to me if I have to use a verification system of any sort. The security is better, and without my biometrics almost assuredly getting publicly available at some point in time.

  30. I've got it by Anonymous Coward · · Score: 0

    We should all carry keychain fobs that have a access code that changes every five minutes...

  31. Nothing but problems by Anonymous Coward · · Score: 0

    What happens when thieves can fake your finger-print or your voice-print? You will have no security at all.

    What happens when your voice-box or fingers are injured. All that data will be locked inside the device.

    No-one is mentioning the obvious: The NSA and DHS will demand back-door access and ban high-level encryption for their 'war on terror'.

  32. My next phone will not. by Nyder · · Score: 1

    When my current phone dies, I'm buying another dumb phone. I do NOT need a "smart" phone to track me and let others track me, I'll stick with a dumb phone that makes phone calls.

    --
    Be seeing you...
    1. Re:My next phone will not. by miroku000 · · Score: 1

      When my current phone dies, I'm buying another dumb phone. I do NOT need a "smart" phone to track me and let others track me, I'll stick with a dumb phone that makes phone calls.

      You are pretty naive to think a dumb phone doesn't allow people to track you. Why would you think that? It has been a required feature in cell phones in the US for years...

  33. Sneakers by Anonymous Coward · · Score: 1

    My voice is my passport. Verify me. Please?

  34. Can I change how it is used? by sgt+scrub · · Score: 1

    Biometric devices are very good at providing a user name. I would never us them for anything else.

    --
    Having to work for a living is the root of all evil.
  35. Bio-metrics are static passwords by ad454 · · Score: 1

    Bio-metrics are static passwords with very painful revocation, that one typically leaks all over the place.

    Unless I wear gloves all the time to hide my fingerprints, wear a mask to hide my face, stop talking to hide my voice, etc., it is nearly impossible to hide my bio-metrics. And once captured electronically as data, they can be copied indefinitely, and cannot be revoked without a lot of pain and suffering.

    Right now, criminals typically ignore capturing the bio-metrics of victims, since they are barely used by the public. But the public starts to use bio-metric for accessing high valued assets, there will be a huge financial incentive for criminals to dust drinking glasses at restaurants, photographing peoples, recording voices, etc.

  36. We already have biometric authentication by miroku000 · · Score: 1

    Android phones have come with biometric authentication and have since October, 2011... http://www.android.com/about/ice-cream-sandwich/

  37. For tracking purposes, not security. by Anonymous Coward · · Score: 0

    This is so when the feds are tracking where all these phones are, they will also be able to confirm who is using them. (As opposed to just knowing who they belong to.)

  38. More features to make a phone unusable by Lime+Green+Bowler · · Score: 1

    Just what we need. Another dopey mechanism to interfere with the user experience. I'm already saddled with a dipshit policy pushed down from the corporate Exchange server that forces a password and timed lockups. The policy setting idiots will take something like this and further hobble my phone. Maybe even prevent me from say, handing my phone to a somebody even temporarily. "Here, take my phone. It's Bob. He wants to say 'hi'". The unauthorized biosignature detector fires off and disables my phone until I can contact the security Na.. er, supremacists.

    I'm hoping people will wake up from the Matrix soon and realize that so many smart phone features are useless or making us useless. Here we've got marvelous tiny computers in our pockets that are capable of so much... and what do we use them for? Mind wasting via Angry Birds. Facebook, instead of socializing properly. Fart videos on YouTube. And Twitter? Please.

  39. Information is on the phone??? by Anonymous Coward · · Score: 0

    We store an enormous amount of our most intimate and personal information on cell phones

    This is a regular and unfortunate misunderstanding. Most user data are not exclusively on the phone but stored on servers managed by third parties (think your Google Calendar if you're using Andriod). The better way to think of the cell phone is an access point to user data. The value of biometrics on the phone can be debated in terms of the ability for others to access one's data from the phone. It doesn't do anything to secure other vectors allowing acces to that same data.

  40. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  41. Consider the Source by dwightk · · Score: 1

    When a Forbes column includes "...it is almost a certainty that" X, I think it is safe to assume that X is almost certain to not happen.

    --
    Like anyone can even know that