Slashdot Mirror
Can the iPhone Popularize Fingerprint Readers?
Nerval's Lobster writes "Apple's iPhone 5S features a fingerprint scanner embedded in the home button. Of course, fingerprint-scanning technology isn't new: Bloomberg Terminals feature a built-in fingerprint reader to authenticate users, for example, and various manufacturers have experimented with laptops and smartphones that require a thumb to login. But the technology has thus far failed to become ubiquitous in the consumer realm, and it remains to be seen whether the new iPhone — which is all but guaranteed to sell millions of units — can popularize something that consumers don't seem to want. Security experts seem to be adopting a wait-and-see attitude with regard to Apple's newest trick. 'I'd caution right away, let's see how it tests and what people come up with to break it,' Brent Kennedy, an analyst with the U.S. Computer Emergency and Readiness Team, told Forbes. 'I wouldn't rely on it solely, just as I wouldn't with any new technology right off the bat.' And over at Wired, technologist Bruce Schneier is suggesting that biometric authentication could be hacked like anything else. 'I'm sure that someone with a good enough copy of your fingerprint and some rudimentary materials engineering capability — or maybe just a good enough printer — can authenticate his way into your iPhone,' he wrote. 'But, honestly, if some bad guy has your iPhone and your fingerprint, you've probably got bigger problems to worry about.'"
I very much dislike fingerprint readers. I find them to be hokey and just "feel" as if they are insecure. I would prefer they be used for two-factor authentication but, even then, I would prefer an SMS text or similar to the fingerprint scan.
very easy to remote wipe iphones
but if you have some super secret corporate info on your iphone you should be relying on a lot more than a consumer level fingerprint scanner for security
If someone has your iPhone, they have your fingerprint.
"First they came for the slanderers and i said nothing."
if someone else has managed to work up a way to fake them for access?
And now the NSA will have a finger print database for all iphone users with minimum effort.
I want to be the first to show how you can use the same old fingerprint reader defeating techniques on an iPhone. Internet fame, security researcher fortune, all will be mine! MUAHAHAHAHA!
"When information is power, privacy is freedom" - Jah-Wren Ryel
"But, honestly, if some bad guy has your iPhone and your fingerprint, you've probably got bigger problems to worry about."
Surely if they have your iPhone, they already have lots of copies of you fingerprints smeared all over it?
Wasn't fingerprint readers a big fad with laptops a few years ago? Then there was the facial recognition fad?
It seems this would be a simple job for a 3D printer -- 1) get the person's fingerprint; 2) print it out as a 3D object; 3) ??? 4) profit!!
How long until we start hearing stories about stolen iPhones along with stolen severed fingers?
'But, honestly, if some bad guy has your iPhone and your fingerprint, you've probably got bigger problems to worry about.'
Do the police or similar authorities count as 'bad guys'? Because they definitely have the means to access to both your phone and your fingerprints, often without just cause.
The fingerprint reader in the iPhone 5s uses a capacitive sensor, not an optical one, so Schneier's proposed hack wouldn't work.
Also, Apple requires you to create a PIN code when you enable the fingerprint sensor. If it's been 48 hours since you used the fingerprint sensor to authenticate, you have to use the PIN instead. Likewise, if you've just restarted the iPhone, you have to use the PIN for your first authentication, you can't use the fingerprint sensor.
HP Laptops with the fingerprint scanner, and kronos timeclocks with similar scanners can be defeated with two pieces of play-doh and 2 minutes careful molding. Make a finger impression in the first piece, fill it with the second, and allow it to dry a but before lifting the newly molded "finger". I am sure a better material for making the "finger" could easily be found, but this works well enough to defeat the biometrics on both of these devices so far.
It's not like any group has huge databases with large portions of the population's fingerprints anyway. Who would even want access to all the personal information kept on your phone?
Now, everyone calm down and go back to reading peaceful stories about how the NSA has hacked all internet cryptography.
Big apple, new Yorik, undig it, something's unrotting in Edenmark.
We'll have to wait to find out exactly what they're referring to, but if implemented well this should be resistant to fingerprint lifting. Only the outer layers of your finger's skin touch objects. You'd have to have somebody else touch a sensor like this one and then try to recreate the capacitive map.
This was going to be the next big thing back when it came out on the Thinkpad. Never really took root.
This technology reads the living tissue under the skin. You can't just take an outer-skin fingerprint from the screen and authenticate with it. You also can't "chop off someone's hand", as this reads living tissue under the skin.
Is it better to place your finger on the scanner or slide your finger across the screen?
It's easier to place your finger in the scanner. And if it's fast at reading the fingerprint then just that is awsome.
"But the technology has thus far failed to become ubiquitous in the consumer realm, and it remains to be seen whether the new iPhone — which is all but guaranteed to sell millions of units — can popularize something that consumers don't seem to want."
This is not how Apple thinks of design. Instead of asking people "Do you want a fingerprint scanner?" the question they ask themselves is "How do we make security easier if not completely transparent to the end user?" If you asked people if they wanted to be secure without having to do anything at all, your answer would be different. The fingerprint scanner just happens to be the right solution to the problem (in Apple's opinion).
I am not interested in articles about life extension advancements.
Did someone just imply that fingerprint scanners are a new technology? I was under the impression that it was not a secure technology and thus not used widely. Maybe new for Apple but I've got a couple old junk notebooks with fingerprint scanners here somewhere...
Two big differences. 1) This reads living tissue under the skin, which is more secure than a simple fingerprint that can be found anywhere. 2) This is integrated into something you touch already, the home button. It doesn't add any additional steps for the user.
Another example of Apple taking an old idea and applying it in a very elegant fashion.
And the NSA doesn't spy on Americans. "No Sir, we do not" - James Clapper
I don't believe our government is capable of telling the truth any longer. I don't believe the population, as a whole, is able to distinguish between truth and propaganda. And the surprising thing is, there is a large group of people who think government is the solution to the problems created by government.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Best Animaniacs adult humour: www.youtube.com/watch?v=1xmAC9Qu908
Now people can access you iPhone when you are unconscious or dead.
"Love heals scars love left." -- Henry Rollins
The phone has the owners fingerprints all over it.
Because, you know, Apple does not innovate anymore, yadda yadda yadda...
The NSA had my fingerprints for years... nothing bad happened yet.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
I think the benefit of this is that it would prevent small children from buying stuff.... if the parent is smart enough to set up the finger print authentication before giving the phone to the kid.
{Answer = No;}
Korma: Good
So yeah, AIDS tends to spread.
Many here seem to miss the point regarding consumer rejection of this technology. Giving your fingerprint to a company which, according to the latest news, could very well be cooperating with the NSA's privacy invading tactics would seem foolish, to say the least! If the print is in the phone, what is to stop Apple from cooperating or being ordered by a Court to send that data to the government? Open thine eyes, people .. Don't just read the news .. learn by it!
"There are 11 kinds of people: those who know binary, those who don't, and those who could not care less!"
... Fingerprints are taken of everybody who leaves and enters the US.
They already have fingerprints!
I have read this conspiracy about the NSA 10s of times since we first heard about the sensor, and somehow everyone is really worked up about it. Do you think the NSA has access to your Google data or all those pages Facebook tracks your visits to?
How does a fingerprint scanner on a phone change anything???
It they can access the fingerprint on the phone, they can access everything else on the phone as well, so what good is the fingerprint to them.
They can figure out who you without your fingerprint.
Except for ending slavery, the Nazis, communism, & securing American independence, war has never solved anything.
I don't believe our government is capable of telling the truth any longer.
Oh, they're capable. They're just not *incentivized* in any way. When there's every reward for pulling off a lie, and no punishment for getting caught in one--are you going to tell the truth?
The cow says "Moo." The dog says "Woof." The Timothy says "Thanks, valued customer. We appreciate your input."
They are different.
It doesn't add any additional steps for the user.
Except the additional step of entering a PIN if you haven't used the print reader in 2 days.
Another example of Apple taking an old idea and applying it in a very elegant fashion.
A) it's not an 'old idea;' tube-amplifiers are an old idea.
B) there's nothing all that elegant about utilizing the latest technology in your gadget. Sure, it's neat, and I look forward to the tech becoming widespread (and inevitably hacked), but calling it 'elegant' smacks of the Reality Distortion Field.
A ballet dancer's movements are elegant; putting modern tech in modern devices is par-for-the-course.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
One more headscratcher from Cupertino
No authentication system is perfect. On non-iThingies you have three choices: swipe to unlock, 4 digit PIN, or full encryption with a long password. Most people use option 1 or 2. Option 1 provides no security whatsoever. Option 2 provides a little security but it's very easy to crack a 4 digit password. Option 3 is much better but inconvenient. I tried it for a while and got tired of entering a long password every time I wanted to use the phone. So I got rid of it.
Basically any OS is hackable, given enough time and resources. The trick is to secure your system enough so that it becomes inconvenient for an intruder and they move on to an easier target. Sure, a fingerprint scan is not foolproof. I have no doubt that someone in the near future will post a hack on YouTube on how to bypass it. But it's still a heck of a lot safer than option 1 or 2 above, which is what the vast majority of people are using now. So I think that a fingerprint scan is a good compromise between good security and convenience.
For me the best security on my cellphone is to simply not put anything on it that could hurt me if it got lost or stolen. That means no mobile banking, no investment accounts, no passwords, no links to websites that have the username and password stored. If someone steals my phone and they get a copy of my music library and family vacation photos I can live with that. Remote wipe...poof, it's gone.
Cause I know some guys who used to own a mercedez benz with one of those who got "hacked" a few years ago.....I don't think thats the kind of hacked I would like to be when somebody steals my phone AND my fingers....
The problem with my laptop fingerprint scanner is I have to swipe like 16 times before it recognizes anything, so its just faster and easier to typing in my password.
However for phones and tablets, the Achilles heal of all touch devices is the on screen keyboard, so if your password involves characters, numbers and symbols is it freaking annoying. A fingerprint scanner would be welcome.
But, if Apple's fingerprint scanner is not 100% flawless and quick every time, then it will fail just like every other fingerprint scanner. The moment it takes longer to unlock something by a fingerprint then by entering a 4 character passcode, its going to fail.
The "privacy" arguments here are baseless FUD, once again, because Apple has specifically said the fingerprint is not sent or stored on the cloud, its used to generate a key that is compared against encrypted data stored directly on the CPU. Its no more less private than entering a 4 digit passcode or password that everybody does now.
I haven't thought of anything clever to put here, but then again most of you haven't either.
Everytime you enter and leave the US, you give a large organization, that is very likely to work together with NSA, your fingerprint!....
Seriously, you haven't noticed? And what good is that fingerprint to the NSA? If they can get that from the phone they can get everything else too... What are they going to use your print for?
B) there's nothing all that elegant about utilizing the latest technology in your gadget.
Look at how fingerprint readers were incorporated into laptops, and compare that to the iPhone 5S. That is elegance at its very definition.
Fingerprints are taken of everybody who leaves and enters the US.
What?
I leave the US & come back about twice a year.
I've never had my fingerprints taken.
Apple used a saphire cover for the lens cover. Why? One possibility was they needed a material that is transparent in the IR to do the sub dermal imaging. But there's other choices. Another possibility is that it's just cool. But what I'm thinking is that perhaps this cannot tolerate too much scratching so they had to use something super hard. I suppose there's also the requirement for mechanical stresses. I don't know. But if it's scratching I wonder if this will be robust.
In any case getting back to the post I'm replying to. there's no reason to store the finger print, just a hash of it, as is done for passwords. You would not want to hash the image of it either. You would want to distill it down to a set of rotationally and translationally invariant feature vectors. Of course that's still an ID of you from your fingerprint, but given the features they could not recreate your fingerprint itself.
Personally I'm very excited about this because I'm very concerned about my phone being the worlds worst 2 -factor identification. Since passwords resets from nearly all websites are sent to the address that you get all your other correspondence from them you have to use the same e-mail address for both. Your phone knows this address since you have to be able to get your e-mail. And if you also use your phone for a 2nd factor, then that doesn't really help. Anyone with your phone can just request a password reset and then they have your password and the 2nd factor. By by pay pal and google pay and your bank accounts.
So if the phone is to be that important having a biometric filter running transparently, regardless of whether it is 100%, is really welcome.
Some drink at the fountain of knowledge. Others just gargle.
One more headscratcher from Cupertino
Apple was the first company to incorporate BLE into their devices, a competing standard that is now incorporated into Android 4.3. Don't ever plan on seeing NFC in an iDevice. BLE takes less power, connects faster, has a higher bandwidth, and a longer range.
The sensor on the new iPhone is Capacitive. It is NOT sub dermal.
There ARE sub dermal sensors, however one would not fit in a phone at this stage as they are rather large.
Capacitive > Optical, but still not foolproof. A simple mold of the finger in something that is conductive like skin would fool it easily.
http://computer.howstuffworks.com/fingerprint-scanner3.htm
I also doubt that it looks for a pulse, as that is a hack optical scanners use to try to thwart pictures, something capacitive doesn't have an issue with.
Sensing pulse without an optical sensor would be difficult. And I see no mention of it in any Apple marketing or materials.
That would give a rough indication as to how many might use the fingerprint reader. My guess is not very many - I use one because the company I work for requires it to secure access to their Exchange server. But consumers? I understand they're going to tie the fingerprint to the iTunes store login as well. Not sure if people use the store frequently enough to make that integration useful.
Um, so I have to comment on this.
Again Apple has stated this information is not stored on a cloud or server. It also doesn't send your fingerprint scan to a server, your fingerprint generates a data key that is compared against data stored in an encrypted section of the CPU. So there is no centralized "data" to send to the NSA, court approved or otherwise. Apple is not consolidating a list of user profiles with fingerprint scans that the NSA or any policing agency could then demand access too.
Leaving a fingerprint on a cup at Starbucks is not going to lead to the NSA hacking into your iTunes account to profile your taste in music and movies to find out if you are a suspect terrorist.
You have the audacity to ask people to learn by the news, but when the news is spreading FUD and garbage all you are asking, and contributing to, is an increase in social ignorance.
The only thing I fear these days is a growing lack of common sense and outright stupidity of the Idiot Elite that would rather believe in Hollywood fictitious level of government conspiracy, and "report" on it, rather than actually trying to understand the science of the technology they are using.
I haven't thought of anything clever to put here, but then again most of you haven't either.
Apple built the fingerprint reader right into a button that a user can't avoid pressing simply to use this device. So even if a user doesn't want to use the fingerprint feature, doesn't want their computer to be able to scan their fingerprint, it can. We know that the NSA can spy on data from smart phones, and we know that the NSA is sharing data they collect with law-enforcement agencies---law enforcement agencies that maintain massive fingerprint databases on everyone they can.
Go ahead and call it paranoid. All of the above stories would've been dismissed as paranoid two years ago, too.
Liberty in your lifetime
It's how you apply the tech, and what you do with it. The ATRIX 4G had a fingerprint sensor, but it was definitely a less elegant implementation, having to swipe your finger down across a sensor on the back of the phone. Apple puts it right where you always touch to activate the phone anyway, and dooesn't even make you change your behavior -- just touch. It also allows touch from any orientation and tilt of your finger so you don't have to worry about getting the touch perfect.
Fingerprint scanning while allowing the user to not do anything special to scan the fingerprint. That's the elegance. That's what's going to get it used in large numbers as opposed to the ATRIX, where it ended up being a rarely used gimmick.
It occurs to me that if you use a good passcode to lock your phone, a law enforcement or intelligence agency cannot compel you to give up the passcode if you don't want to. But they can take your fingerprint or use your finger to unlock it by force if necessary. All without violating your rights or the 5th amendment. I would prefer a fingerprint AND a passcode required together.
Then they've been failing to comply with their own standards - but I don't believe you.
ARGH!
Ok, I know sometimes a type-o or two can get through even the most closely proofread post, English isn't necessarily a given poster's primary language and I was raised in a family with multiple English teachers. However, lately this one drives me absolutely bonkers on a daily basis, seemingly on every thread, here on /.
http://grammarist.com/usage/than-then/
Thank you!
Foreign nationals get their fingerprints taken and retinas photographed at the customs desk (where they also check our passports and ask us the funny questions like "business or pleasure?", "anyone handled your luggage but you?", "what address are you staying?" etc).
The NSA has had my fingerprints and retina pattern for over a decade now.
"Total destruction the only solution" - Bob Marley
Report it stolen and the 'find my phone' feature will also forward the fingerprint of the thief to the cops.
Not that this will make any difference. Some friends in Seattle had their house cleaned out, including a laptop that had a 'LoJack' feature in firmware. The tracking company will turn over the location data to law enforcement upon request. So they had the opportunity to round up what may have been a major burglary ring operating in the area. Cops response: We can't be bothered.
The cops probably get a cut of the take.
I know Slashdot is mostly single guys, but I'd be curious to know if this feature supports multiple fingerprints for family situations. I unlock my phone, my wife will unlock it to look something up, my kids will unlock it to play a game or watch a video - How will this work in these scenarios? I'd also expect customization - I'm fine with my kid using a fingerprint to unlock the phone, but I don't want them to be able to make iTunes purchases at all. I own that right.
Its not meant to have a longer range...
Considering that in 2011 the Motorola Atrix 4G had a finger print reader (which was made by the company that apple later bought to produce their own version) I don't see how this is "Apple's newest trick." And if it's not now, why would it revolutionize things now when it failed to do so over two years ago?
I don't trust anything technological anymore that requires uniquely identifying information to be used and stored for my access to the device. In theory it is the best thing since sliced bread; in reality it is a much different story. The whole catch-22 about supplying uniquely identifying information is that it has to be stored and anything that is stored has already been proven to be vulnerable to collection and that collection is further vulnerable to mass distribution or to be used against you. Security is no longer secure in a digital format in a connected world. I can change my password, not so much my fingerprint without great pain I'd imagine.
You know, it probably wouldn't kill you to expand the acronym out just once. A link to a web page with a definition is also warranted. Just saying...
Uh, no - the definition of elegance is "pleasingly graceful and stylish in appearance or manner," not "doing the same thing as everyone else, in a slightly different manner."
An enigma, wrapped in a riddle, shrouded in bacon and cheese
... haven't you been reading the news? Apple just invented the fingerprint scanner! :p
I'll concede the point to you, since you actually have a solid, reasonable explanation and aren't responding out of pure fanboy-ism like GP did.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Law Enforcement will fall in love with the sweet ring of truth; just grab a suspect's hand and try every finger, no fancy warrants needed; College girls are going to think twice on bringing their hot new fancy phone to a party, on fear of passing out and having their lives ravaged; Criminals groups like the Mexican cartels are going to have an easier time obtaining intelligence assets from enemies, "Syndicate" style. Thanks Apple!
The iPhone will popularize fingerprint readers because companies are run by idiots incapable of thinking for themselves. No one brought this up when Motorola and LG both brought the functionality to their phones, or when a multitude of other companies started sticking it on their laptops. The difference here is that Apple didn't allow engineers and accountants to compromise aesthetics by plopping down whatever suppliers had available wherever it fit on the device. That's an important detail and a key to Apple's continued success, but it doesn't make the technology better than prior implementations.
Interestingly, I've already seen a number of usability flaws with Apple's implementation in demo videos. First, there's a momentary delay which I assume is by design so that the scanner isn't responding to every minor touch. People don't like waiting, they'd rather be engaged doing something than waiting even when the delay is short. Second, most people seem to mistakenly keep the home button press resulting in the phone loading Siri or whatever the instant the phone unlocks. I suppose they could patch the OS to not react to the initial press, but now we're just adding complication. Undoubtedly there's an exploitable fail safe in place because there must be a way to unlock or reset this in the event that something happens to the phone, the sensor or the owner.
What I'm really curious to know is what Apple is going to take credit for next year. Last year Apple somehow got a patent for facial recognition unlock, something that's been present on Android for several years.
The NSA has had my fingerprints and retina pattern for over a decade now.
Mine, too, with a lot of visits to the US. I wonder if they're doing any sort of analysis of changes over time in fingerprints and patterns in the retina and cornea. More interestingly, would this weaken further the FBI's insistence that fingerprints are unique identifiers which are invariant over long periods.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Again Apple has stated...
Stop right there. Anything that Apple has 'stated' cannot be trusted in this context (*even* if you consider them generally trustworthy). We *know* that they can be ordered by the NSA via a secret court appearance to collect the fingerprints, and then lie about it. This technology allows the NSA to potentially harvest millions of fingerprints (in the same way as they harvest colossal amounts of other data) with almost no effort at all. They don't care if it's illegal, or even if it's particularly useful at present, they obviously just harvest 'because they can' for unspecified future use. The fact that they could get *your* fingerprints from a cup in starbucks is completely irrelevant; they couldn't get millions of fingerprints, all conveniently associated with named people, that way.
While I understand some users concerns about theft of the print/data/etc my concern is more to do with legal issues that have been brought up about this. The fingerprint could be considered a key and used to circumvent 5th Amendment issues. Currently the government (US at least) cannot compel you to give them a password or combination to unlock something but they can compel you to give them blood/urine or any other forensic item. They can already fingerprint you at arrest so it is not a far leap to envision the courts deciding that compelling you to unlock your phone by fingerprint is permissible.
Example: They cannot compel you to revel the combination of a safe because that requires you to give them knowledge that only you know that could incriminate yourself. However, they *can* compel you to hand over the key to a lock as that is evidence and is not considered knowledge covered by the 5th. This technology removes the lock code which would be considered 5th Amendment territory and places the fingerprint into evidentiary collection. They could compel you to place your finger on the phone for the purpose of unlocking it same as they could compel you to provide the key to unlock a door/safe/etc. Now the 2 day PIN code would help, but seriously who has not unlocked their phone in 2 days?
Yes, I know they can currently confiscate your phone and break into it same as they could any other obstruction, but that is not the point. As phones get ever more sophisticated encryption this is opening a very large door for the government to walk through.
Apple,
You are only causing market confusion with the term "fingerprint scanner". Use "finger scanner" or some other term. Otherwise you lead people to believe that lifted fingerprints or chopped off fingers can be used to circumvent security.
You're one heck of a prolific astroturfer. Apple probably isn't even paying you. The Unification Church never pays their Moonies either, though.
I know Slashdot is mostly single guys,
...How? That seems a really stupid thing to say. Having a quick look at the US Census http://www.census.gov/population/www/socdemo/hh-fam/cps2011.html above 15 only 30% have never been married. I suspect the numbers here are higher.
The problem with finger prints is that they are not secret, since you leave them all over the place every day and you cannot change them. So as a login password, a finger print is a really dubious idea.
Bill Hathaway
Makes a lot of sense ! Especially with all the wacky ideas proposed including the new "penis-press" ID reader ! LOL !
Everytime you enter and leave the US, you give a large organization, that is very likely to work together with NSA, your fingerprint!....
Seriously, you haven't noticed? And what good is that fingerprint to the NSA? If they can get that from the phone they can get everything else too... What are they going to use your print for?
Only you dirty furriners have to do that. The pure people just use a passport and answer a few questions.
I've been waiting to break out my foil hat since launch. LET THE DONNING BEGIN!
Where I work they have fingerprint scanners, so you swipe your ID card and then it asks you for one of the two registered fingerprints.
It don't work that well.... lots of false negatives, if your skin is dry... And occasionally I can use about seven of my eight fingers and get it to accept them, when only two of my fingers are supposed to work.
In this time-clock setup it is possible that the software involved is poor--and to that end, a device like a cellphone could get software updates pushed to it. Ultimately it would make more sense to just scan the fingerprint, and upload the image to a more-powerful remote system for processing,,,, but then, that blows the whole "fingerprints don't get uploaded" thing out of the water, as well as allowing for cataloging them permanently.
So they're probably lying about that part. I would bet. Maybe not right now, but eventually.
Is there some new kind of weed that makes the smoker think they're a cryptographer?
No.
a 'hash' isn't some sort of inviolable crypto-packet...it's a string of numbers that correlate to the graph from the scan of the fingerprint
hash away!
whatever hash function you use is completely crackable
using a fingerprint is, from a Claude Shannon type perspective is exactly the same as using a 'password'
fingerprints are harder to copy, lose, or steal and impossible to 'forget'
that's the benefit from a user's perspective
in that sense fingerprint ID is 'more secure' but it's not on the system side...it's on the human side of the equation...
Thank you Dave Raggett
Part of my job requires me to take digital fingerprints and if I've learned anything over the last 2 years of doing so, fingerprints are a crap way of identification. 8 out of 10 people I print have problems with their hands. Being to sweaty, to dry, prints rubbed down to nothing, wrinkles, handling chemicals, cuts, lotions, unable to use their fingers appropriately for the scanner to read. Its a good thought, but thousands of people are going to be locked out of their phones or in the least annoyed by it.
A better solution is similar to retina scans. Using the built in front-facing camera to photograph and compare the users eyes. Doesn't even have to be a real retina scan, use color identifiers and differences in the shape of the iris.
I can see someone turning the function on one day and burning their ident finger on a pan the next...
I'm sure its either off by default and/or can be turned off at will but why waste the time and effort on the stuff if almost nobody will be able to use it? Put that time and effort into something usable by everyone.
Or update with a piece of software that compares users irises instead of a fiddly hardware finger scanner.
Silly question: If you're only storing a hash of the fingerprint, derived from a picture taken at "ZOMG 500dpi", how do you handle finger placement and rotation?
that's because they don't know what they are talking about ;)
GP is confusing pass/key interface with a signal intercept.
I'd wager GP got their understanding from Wired articles and TED talks, b/c most of the cutting-edge-ooh-shiny-'quantum' literature on cryptography involves 'man-in-the-middle' attacks where anyone can intercept the signal (in this example, the whole world would have to be able to look over your shoulder as you type your iphone password for the his analogy to work)
entering a password onto an iPhone is not a 'man-in-the-middle' scenario...(now, theoretically a person could use a man-in-the-middle attack to, say, snif your IP traffic via your mobile browser which is different than circumventing password access, but this attack in this scenario would require cracking the encryption of the signal).
for one single instance, a good and proper user generated password with a direct interface to the device (not transmitted externally) is theoretically practically uncrackable, especially if you have say 3 chances to guess, and the # of characters is long enough
so why need fingerprint technology if 99.999999% of phones are secure under the conditions I described above?
1. those conditions don't happen very often in real life
2. marketing
3. platform for expansion across all devices
That's what's going on here....it's about marketing and weening users over to a new system for corporate profit
In marketing and TED talks, Apple can say this fingerprint shit is 'more secure' but that's **only if the user was an idiot before hand...**
Thank you Dave Raggett
I sure hope Apple could improve Motorola's implementation. They've had 3 years to study it.
ayottesoftware.com
Certain countries take my fingerprint when I enter them. My country takes fingerprints when registering for certain papers (even if you are not a criminal).
So .. my fingerprint is out there, it is not for authentication. If you use it to log-into your laptop, phone, anything: you are fooling yourself into thinking it is anyhow safe.
I think even more to the point is that this data is irrelevant.
Let's pretend that Apple is lying through its teeth. Does that actually change anything? Not really.
If the NSA wants your data, they'll get it. Your fingerprint is only meaningful as a method to get that data. They can crack your phone themselves, or ask Apple to do it for them. The fingerprint is a humongous waste of time.
Your fingerprint isn't sufficiently unique that they care about a fingerprint database anyway. We KNOW there's overlap in fingerprints. The fact that the phone is yours and tied to your bank account and that you're paying for it is FAR more information than they need if you're in court. Your fingerprint is on the OUTSIDE OF THE PHONE.
They don't need your digitised fingerprint for anything. This is to keep your friends from taking your phone at parties and photographing their junk and sending it to your Mom. It's so that if you drop your phone and someone else picks it up, they don't have immediate access to all your stuff. It's a faster authentication method, and that's it.
You've asserted this in at least three different posts in this thread. What exactly do you mean by "reads living tissue under the skin"? What is it looking for there? How does it differentiate between the living tissue of my finger versus the living tissue of your finger? And here's a big ol' [citation needed] tag for the claim that it's more secure than a fingerprint scanner. What's the basis of that claim?
Chelloveck
I give up on debugging. From now on, SIGSEGV is a feature.
> Again Apple has stated this information is not stored
> on a cloud or server.
Maybe they would claim that the hash is just "metadata". Or maybe that's just the current situation, no guarantees for the future. We don't know.
> So there is no centralized "data" to send to the NSA,
> court approved or otherwise.
There is data, and maybe it's sent to the NSA, or available on request, or anything. We don't know.
> Apple is not consolidating a list of user profiles with
> fingerprint scans that the NSA or any policing agency
> could then demand access too.
Maybe it is, maybe it isn't (but it now certainly could). We don't know.
> Leaving a fingerprint on a cup at Starbucks is not going
> to lead to the NSA hacking into your iTunes account
Now there, we can agree (I think). That would require an awful lot of *manual* scanning of cups by Starbucks employees, and a lot of cooperation. That's not AT ALL the same as people carrying round the scanners (which are fully connected) all the time.
> all you are asking, and contributing to, is an increase
> in social ignorance.
We are all ignorant, admit it. We only know a fraction of what goes on. But the stuff we hear about, makes us suspicious of the possibilities. Now do you see?
" Apple is not consolidating a list of user profiles with fingerprint scans that the NSA or any policing agency could then demand access too."
I pretty much assume everyone that has an interest--however slight--will immediately bend over for the NSA and cough up everything they have. Why? Because it is pretty obvious that everyone is lying. Corporations covering their asses, Clapper himself lying directly to Congress numerous times, governments feigning surprise and disgust although the leaked documents clearly show their direct involvement. Has nobody else noticed the massive PR blitz all of these implicated companies have started in the last few weeks? Fuck that--we've all suspected these people of massive fraud, corruption and manipulation on a global scale for a very long time. They've done well covering it up with the media outlets they own, but Snowden has pulled aside the curtain and shown us the Wizard. Your suspicions and intuition were correct.
We all have to assume we are being lied to--anything less leaves us just as exposed as if we continued to believe the likes of James Clapper. Assuming Apple is acting in your best interests is just plain stupid. In terms of privacy and electronics, my advice would be the exact opposite--TRUST NOBODY. While you may be an entirely trust-worthy person in your field of expertise, even you cannot vouch for the guy in the next cubicle, or the guy running the company (and making the big bucks).
I'm sure it'll popularize finger-cutting among iPhone thieves...
Ah, but what if a passcode were required in order to use your phone for purchases?
Then, the number of people using the fingerprint scanner would be the number of people who want to utilize their phone's new iBeacon feature for commerce.
Hint: a lot more then who currently use a passcode.
You leave fingerprints EVERYWHERE. Besides, if you can't come up with a 14 character password (2 upper case, 2 lower case, 2 special characters, 2 numbers, no dictionary words) for your phone, that you change every 90 days, never write down, and is contains no information related to your personal life or interests, you shouldn't be using a smartphone!
The smartphone has been used as a tracking device for some time now. With fingerprint reading technology, it will be easier to ensure who you are tracking is who you think it is.
A fingerprint is a password. It's a password in physical form. It's read and then a hash is generated. The hash is the actual "password" that is passed to the program.
Now you're using this hash everywhere that uses the same kind of fingerprint reader. Because manufacturers are lazy.
What's the first rule about passwords besides "it shouldn't be easily guessable"? Never share passwords. Because one leaked password can be used to unlock other accounts if you do. But now you've been using your fingerprint on various devices, and the same hash is shared everywhere now.
So say you're someone evil. You write a program that grabs these hashes off of iPhones (or some other device) through a security hole (because there are always vulnerabilities). Now you've got the hashes that can be used to unlock other devices/accounts.
The same can be said for other biometric security schemes. Irises, retinas, nose prints (security has gone to the dogs!), whatever.
--
BMO
The PRISM program would LLuuuuuvvv you to buy and use a finger print swiping iPhone, JJJuuuusssttt LLLuuuvvv it!
The ATRIX 4G had a fingerprint sensor, but it was definitely a less elegant implementation, having to swipe your finger down across a sensor on the back of the phone. Apple puts it right where you always touch to activate the phone anyway
On Atrix 4G, back of the phone IS where you touch to activate the phone anyway. There is only one physical button on Atrix 4G, and that is the back button, which is the fingerprint reader.
Bingo Dictionary - Pragmatist, n. A myopic idealist.
What happens if a person is in an auto accident? I have an ICE app so EMTs and hospital personnel can access my medical info. If I'm out and driving around, I turn my lock screen off just in case something were to happen. And, with new technology there are always glitches. If the thumbprint sensor was to malfunction, am I locked out of my phone? Having just seen a person who'd survived burns over 85% of his body and that included his hands, what would he have done to access his phone? My daughter is in the Navy and they are always issued the latest iPhones for her particular job. The Dept of Defense will still require a very secure pin in any case. I'm seeing any number of issues which might arise. I'm definitely not liking the thumb print. I wish they'd gone with NFC and, I really wish they'd allow interaction between apps (like android's pocket app) and a built in a swype keyboard. I would also like to be able to put various files on my computer rather then having access to my files only through my iTunes account. The other problem I have with IOS 7 is the new UI. Why go to the ugly pastels when the UI sets them apart from android and windows. The new notifications are great but the new UI looks like a unicorn ate a bag of skittles then threw up. If I wanted a windows phone, I'd have purchased one.
I lost my thumbs?
When I read a question like "can such and such do whatever" it comes off like somewhere there's a group of people desperately hoping it will.
K-mart, BestBuy and RadioShack are all forcing you to press No on a touch-screen if you don't want a credit card or Yes, to a receipt, etc. I find it totally infuriating and I've refused to do it a few times and the teller has to reach over and press it for the transaction to take place. If I'm paying in cash, why do I have to take a survey to NOT have a credit card or TO get a receipt. I need a receipt to leave the store with merchandise.
It occurred to me right away that they're scanning my fingerprint on the screen. Then I started thinking that the ATM would probably do that too. I'm not sure the technology is that advanced and ubiquitous. Obviously they think they can make more money by harassing you about credit cards and receipts and such, but I'm really irritated by it and I'm boycotting this annoyance, and I'd expect everything biometric these days.
A side note, is it just me who's bothered by the ubiquitous creepy ATMs that look like they have a conspicuous eyeball scanner right in your face. I saw them first being installed during the second election that Bush won. It seemed fishy, as Diebold was making the new ATM's and the election machines that I suspected fraudulently handed him the election. He seemed suspiciously sure of the outcome, too..