Slashdot Mirror

← Back to Stories (view on slashdot.org)

German Data Protection Expert Warns Against Using iPhone5S Fingerprint Function

Posted by samzenpus on from the keep-your-fingers-to-yourself dept.

dryriver writes "Translated from Der Spiegel: Hamburg Data-Protection Specialist Johannes Caspar warns against using iPhone 5S's new Fingerprint ID function. 'The biometric features of your body, like your fingerprints, cannot be erased or deleted. They stay with you until the end of your life and stay constant — they cannot be changed. One should thus avoid using biometric ID technologies for non-vital or casual everyday uses like turning on a smartphone. This is especially true if a biometric ID, like your fingerprint, is stored in a data file on the electronic device you are using.' Caspar finds Apple's argument that 'your fingerprint is only stored on the iPhone, never transmitted over the network' weak and misleading. 'The average iPhone user is not capable of checking, on a technical level, what happens to his or her fingerprint once it is on the iPhone. He or she cannot tell with any certainty or ease what kind of private data applications downloaded onto the iPhone can or cannot access. The recent disclosure of spying programs like Prism makes it riskier than ever before to share important personal data with electronic devices.' Caspar adds: 'As a matter of principle, one should never hand over any biometric data when it isn't strictly needed. Handing over a non-changeable biometric feature like a fingerprint for no better reason than that it provides 'some convenience' in everyday use, is ill advised and foolish. One must always be extremely cautious where and for what reasons one hands over biometric features.'"

50 of 303 comments (clear)

  1. Also it stands to reason by rolfwind · · Score: 4, Interesting

    That your fingerprints are all over your phones.

    I believe mythbusters showed how trivial it was to bypass fingerprint protections by making your own "finger" from said prints? (This time on an electronic door lock).

    1. Re:Also it stands to reason by Hentes · · Score: 4, Insightful

      But because of that the privacy concerns raised are pointless. Casual use is exactly where biometrics are useful, they are very convenient but don't provide any real security.

    2. Re:Also it stands to reason by ColdWetDog · · Score: 5, Interesting

      Yes. However, your greasy fingerprint on the phone can't be stolen remotely from the other side of the planet like the biometric one can.

      That said, it's not terribly useful to steal the identifier string stored on the phone since it won't allow you to reconstruct the print any more than a MD5 checksum will permit you to reconstruct the file it is from. What it would do, though, is allow a third party to steal the checksum and then use it with other biometric devices to identify when that same user has come in contact with a different device under the third-party's control. I can't think of a good scenario right now, where that's likely to be an issue. HOWEVER, that doesn't mean that systems won't evolve in the future that could make it a problem.

      There are ALWAYS downsides to security issues. It's how security consultants make money.

      But unless Apple opens up the internals of how it processes and stores the data, I don't think it will have any generic utility. It's NOT a fingerprint copier. It uses (presumably) unique biometric information to create a (presumably) unique electronic signal to allow access to a device. You can (presumably) erase / clear the memory so the information is no where else, thus bypassing another problem with biometrics - you can't easily change your fingerprints.

      I'm not sure it will work well, I've used a number of fingerprint scanners before ranging from the frankly stupid (on a number of laptops) to pretty good implementations on spendy locks. Presumably Apple will Do It Right(TM), but who knows?

      --
      Faster! Faster! Faster would be better!
    3. Re:Also it stands to reason by Nemyst · · Score: 4, Insightful

      Apple's fingerprint reader doesn't read the fingerprint, it reads the tissue under the skin. This makes it much harder to fake and very constant over time. They're much more secure than "traditional" fingerprinting.

    4. Re:Also it stands to reason by Bing+Tsher+E · · Score: 2, Insightful

      'Under the skin' is the magic dust the Apple marketing people came up with this time.

      It's the Altivec Unit of 2013.

    5. Re:Also it stands to reason by Hentes · · Score: 2

      I admit that it will make the job of the common thief hard, that's why I said that it's a good idea. Just don't trust unencrypted sensitive data on your phone.

    6. Re:Also it stands to reason by runenfool · · Score: 2

      If you Google you may have found this as the top result as I did:

      http://www.redmondpie.com/iphone-5s-touch-id-requires-a-live-finger-to-unlock-wont-work-with-one-thats-severed-from-body/

      The attack you describe doesn't work - you can't use a severed finger either. It's not so trivial to bypass.

    7. Re:Also it stands to reason by wvmarle · · Score: 2

      And even if so. Your fingerprints may be all over the phone - incomplete, streaked out, overlapping: most likely totally useless to harvest. It will work great against the casual theif, or the one who find the phone you just lost. They won't be able to get in that way, so it's working pretty well.

      The key of the issue is that more and more governments are demanding biometrics to be included in one's passport, including fingerprints (I'm using my thumb print to clear immigration - very convenient now they finally got a good reading of my thumb, the previous one didn't really work well). That makes my thumb print also rather valuable: everyone who has my thumb print and knows how to thwart Hong Kong's scanners can enter and leave the country pretending to be me. And that accounts for the other 6 mln or so Hong Kong permanent residents that use this system as well (it's mandatory for all adults).

      Now a casual device like the iPhone wants your fingerprint. That means that if I were to use my thumb for that and lose my phone, the person who finds it could theoretically extract my thumb print data (even if Apple says you can't: they got the actual device so I will assume it is possible, even if hard), and use that to clear immigration.

      Even if it is not possible now, those scanners get better over time and will likely store more and more detailed fingerprint details, making it more and more likely that it becomes possible. And the fear is that by that time everyone is so used to use their fingerprints for anything, that it's going to be the perfect avenue for identity theft.

    8. Re:Also it stands to reason by interval1066 · · Score: 3

      ...it reads the tissue under the skin.

      And you know this how? What does that mean exactly? How does it do that non-intrusively? Fingerprints are by definitions "on the skin", not under it, aren't they?

      --
      Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
    9. Re:Also it stands to reason by slick7 · · Score: 2

      That your fingerprints are all over your phones.

      I believe mythbusters showed how trivial it was to bypass fingerprint protections by making your own "finger" from said prints? (This time on an electronic door lock).

      You can pry my fingerprints from my cold dead hands you filthy apes.

      --
      The mind conceives, the body achieves, the spirit manifests.
    10. Re:Also it stands to reason by allo · · Score: 2

      yeah. So what? Other security features may copy this method. And then your "tissue under the skin" will be stored on a phone, maybe stolen by apps, and used on other security systems, maybe to identify as you on a ATM.

    11. Re:Also it stands to reason by greenbird · · Score: 4, Insightful

      But because of that the privacy concerns raised are pointless. Casual use is exactly where biometrics are useful, they are very convenient but don't provide any real security.

      Yeah, because having your fingerprint physically on something is exactly the same as having it digitally stored where it can be transmitted in seconds to any anywhere in the world. It's just as easy follow someone around until you can physically steal their phone and pull the fingerprints off as it is to plant some malware on it and have it transmit the info.

      --
      Who is John Galt?
    12. Re:Also it stands to reason by ceoyoyo · · Score: 4, Informative

      No, actually. What you think of as your "fingerprint" is a pattern in the layer of dead skin, the epidermis. That pattern is created by patterns in the dermis, the living cells underneath the epidermis. That's why if you wear away your fingerprints, unless you do serious damage to your finger pads, they'll grow back the same as they were.

      The sensor in the 5s uses a low frequency RF signal to read the fingerprint from the dermis, not the surface. That kind of sensor is much more reliable and easier to use than older ones, and can't be fooled by masks or dead fingers. Fujitsu has some notebooks in Asia that already have them, and Microsoft has demonstrated them as well.

    13. Re:Also it stands to reason by ceoyoyo · · Score: 2

      You're wrong.

      http://360biometrics.com/faq/fingerprint_scanners.php
      http://link.springer.com/chapter/10.1007%2F0-387-21685-5_2#page-1
      http://www.hanscan.com/en/radio-frequency-sensors

    14. Re:Also it stands to reason by Anonymous Coward · · Score: 3, Informative

      Here's the relevant patent. It's measuring your fingerprint by capacitance. It's only "subdermal" in that the epidermis doesn't register on a capacitance sensor, but the dermis does.

      The "subdermal patterns" are the same patterns as your ordinary fingerprint. I'm pretty sure that part is just thrown in to make the whole thing sound magical or futuristic.

      I don't know what your "low frequency RF" stuff has to do with anything, though. More magic, I suppose.

    15. Re:Also it stands to reason by Trax3001BBS · · Score: 3, Informative

      But because of that the privacy concerns raised are pointless. Casual use is exactly where biometrics are useful, they are very convenient but don't provide any real security.

      In the USA the privacy concerns are very real.

      * The Patriot Act allows for the ue of backdoors for counter-terrorist investigations.

      * Vendors are legally and commercially prevented from acknowledging their backdoors.
      Defense will not be able to prove their existence.

      * Users of Mobile devices and cloud stroage sign off on their rights to data scanning. There is no opt-out option.

      a few lines from http://www.techarp.com/article/LEA/Encryption_Backdoor/Computer_Forensics_for_Prosecutors_(2013)_Part_1.pdf

      Showing that in the USA, Apple can't make the claim that biometric data is never transmitted over the network'

    16. Re:Also it stands to reason by Anubis+IV · · Score: 4, Insightful

      Except that they've already confirmed that they're not storing your actual fingerprint. They're storing hashes of the fingerprints that they use to verify your fingerprint when you attempt to login, just the same as how a well-designed, traditional login system stores password hashes instead of the passwords themselves.

      So, for all intents and purposes, a malicious individual actually would have an easier time getting your fingerprint by lifting it from the smooth, glass surface on the front of the device than by hacking your phone and extracting it, given that it doesn't actually exist in the phone.

    17. Re:Also it stands to reason by neuroklinik · · Score: 2

      'Under the skin' is the magic dust the Apple marketing people came up with this time.

      It's the Altivec Unit of 2013.

      AltiVec is a Freescale Semiconductor trademark. Apple calls it Velocity Engine, IBM and P.A. Semi call it VMX.

      And, it's SIMD vector processing tech... hardly merely a marketing buzzword.

    18. Re:Also it stands to reason by Anubis+IV · · Score: 4, Interesting

      Absolutely. When this topic came up previously on Slashdot, I mentioned that even without storing or sending the fingerprint itself, they could still send fingerprint hashes to the devices and ask the devices to verify whether or not they recognize those hashes, effectively allowing them to do a dragnet for a particular set of prints. And they can do that without even storing the fingerprint. Obviously, if they were gagged and under court order, they could be creating a massive database of fingerprints.

    19. Re:Also it stands to reason by Yaztromo · · Score: 2

      I admit that it will make the job of the common thief hard, that's why I said that it's a good idea. Just don't trust unencrypted sensitive data on your phone.

      All data on every iPhone since the 3GS has been fully encrypted, so long as you have a passcode/passphrase setup.

      In the iPhone 5s presentation, it was mentioned that one of the main drivers for the fingerprint scanning technology is because in their research, a large percentage of users never bother to setup a passcode/passphrase, making all of the hardware encryption in the iPhone completely useless.

      Yaz

    20. Re:Also it stands to reason by AmiMoJo · · Score: 2

      Of course, there may also be a backdoor in iOS that makes it save and transmit the actual fingerprint on demand.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    21. Re:Also it stands to reason by VortexCortex · · Score: 2

      Except that they've already confirmed that they're not storing your actual fingerprint.

      Bullshit. Haven't confirmed shit. Talk is cheap, show me the code.

    22. Re:Also it stands to reason by dmesg0 · · Score: 2

      For the last 12 years US Custom and Border services take the fingerprints of any non-american entering the USA, and share them with NSA. Now it's time to get the fingerprints of all the Americans as well.

    23. Re:Also it stands to reason by mjwx · · Score: 2

      In the iPhone 5s presentation, it was mentioned that one of the main drivers for the fingerprint scanning technology is because in their research, a large percentage of users never bother to setup a passcode/passphrase, making all of the hardware encryption in the iPhone completely useless.

      And nothing of value was gained.

      I'll put good money on the fact that people didn't set up passcodes/phrasess on their devices because they thought "I've got nothing worth stealing" or "I dont really care" or the perennial favourite "It'll never happen to me". Adding a new method of authentication wont make these attitudes automagically change.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
  2. He is not an expert... by ImdatS · · Score: 5, Insightful

    Basically, he is the guy legally overseeing German Privacy Laws in the State of Hamburg. He is not a privacy expert. The only two guys in Germany I would listen to (maybe three guys) is the Privacy Commissioner of the State of Schleswig-Holstein, the Federal Privacy Commissioner and someone from Chaos Computer Club.

    That being said, the question rather should be how the fingerprint scanner is implemented. If it generates a hash that is stored on the device and never stores the finger-print itself outside of RAM, I wouldn't have a problem with that.

    The devil usually is in the detail - and in this case in the details of implementation. I would assume that Apple generates a hash code, stores it on the device and compares only hashes and never has a finger-print picture stored on the device (which would be better in any case). One might even consider storing up to 3, 5 or 10 hashes in order to have some heuristics.

    Also, one wouldn't generate a has of the picture but rather the relationship of certain finger-print lines in order to not rely on a picture that might be different every time. But the line-relation is not so much different. I'm not an expert in biometrics, but I believe this is the same approach for face-recognition (certain specific face-points and their relationship to each other is analyzed, a hash generated and stored and next time compared against a new hash).

    Being myself a German, I sometimes worry about German "alarmism". As Sigmund Freud said: "some times, a cigar is only really a cigar..."

    1. Re:He is not an expert... by jonbryce · · Score: 2

      Hash values work for passwords where you enter exactly the same password every time. However, you don't enter exactly the same fingerprint every time you scan it, so the device has to decide whether it is close enough to the one you entered previously. For that, I think you would need the un-hashed fingerprint.

    2. Re:He is not an expert... by ImdatS · · Score: 4, Interesting

      This is going nuts (replying to own reply to own message):
      If I was Apple, I would generate a completely new hash every time I recognize the finger print with a completely new salt. This way, the system could get better over time as well as protect the users privacy because the hash and the salt keeps changing every time...

    3. Re:He is not an expert... by Glock27 · · Score: 4, Informative

      It highlights the need for Apple to tell us exactly how the fingerprint security works, which was a part of the point of the original article.

      Apple has revealed enough detail:

      According to an unnamed spokesman at Apple, the fingerprint detector won't actually record images of your fingerprints.

      and...

      This is in line with what Apple said during the actual announcement, specifically that the information was stored "in the Secure Enclave inside the A7 chip on the iPhone 5s." The information would not be store on Apple's servers or in the iCloud.

      From the WSJ.

      --
      Galileo: "The Earth revolves around the Sun!"
      Score: -1 100% Flamebait
    4. Re:He is not an expert... by ImdatS · · Score: 3, Interesting

      Thanks, I'd wish it wouldn't even leave the finger-print scanner chip as that might allow for even higher security. But this is probably "good enough". Now the next question would be how it gets transferred from the finger-print scanner to the "Secure Enclave inside the A7 chip". If there is direct connection from the reader to the A7 chip, it's probably ok. If it goes through main memory, there could be possible attack vectors...

      I don't mean to say I'm a better security expert than Apple has - but, even though I'm an Apple fan/user, I don't think Apple's security track-record is as clean as one might want it...

    5. Re:He is not an expert... by MCSEBear · · Score: 3, Interesting
      There is a standard feature made available by ARM called TrustZone which enables hardware based separation of a device's OS and apps from a trusted environment, including trusted peripherals such as biometric devices or storage devices.

      It's been around for a while now and has also been adopted by AMD for their upcoming X86 chips.

      Details here:

      The security of the system is achieved by partitioning all of the SoC hardware and software resources so that they exist in one of two worlds - the Secure world for the security subsystem, and the Normal world for everything else. Hardware logic present in the TrustZone-enabled AMBA3 AXI bus fabric ensures that Normal world components do not access Secure world resources, enabling construction of a strong perimeter boundary between the two. A design that places the sensitive resources in the Secure world, and implements robust software running on the secure processor cores, can protect assets against many possible attacks, including those which are normally difficult to secure, such as passwords entered using a keyboard or touch-screen. By separating security sensitive peripherals through hardware, a designer can limit the number of sub-systems that need to go through security evaluation and therefore save costs when submitting a device for security certification.

      http://www.arm.com/products/processors/technologies/trustzone.php?tab=Hardware+Architecture

      So yes. ARM enables Apple to physically separate the operation of the biometric device and storage of encrypted biometric information in what Apple calls "secure enclave" storage where it is not available to the OS or to apps.

  3. Usable Fingerprint data? by Rosyna · · Score: 4, Interesting

    Aside from the fact the government and many institutions (like Banking in the US) already have your fingerprint...

    Is there any evidence at all that the fingerprint data store in the A7 is even usable outside of iOS? There's no reason at all to store a raw image of the fingerprint. How would you recreate the fingerprint to make it usable to someone?

    1. Re:Usable Fingerprint data? by lxs · · Score: 4, Interesting

      There is no evidence either way. Better err on the side of caution. There wasn't any evidence of iPhones logging GPS data either, until somebody found it.

    2. Re:Usable Fingerprint data? by larkost · · Score: 2

      Except thre was no GPS logging ever. What they actually found was iOS caching observed WiFi and Cell tower locations that had been near where you were in order to more quickly locate you when an applicaiton you ran requested that information. Your actual location was never recorded, but since much of the data was timestamped with when it was last verified some rough guesses on where you had been on what days was possible from the information.

      So there never was "GPS logging" and the best accuracy you could have gotten from the data was that someone had probably been within 5-10 miles of a location within 3-4 days of a specific time.

  4. just FUD IMHO by kencurry · · Score: 5, Interesting

    Some recent uses of my fingerprints in which I had no real say:

    1. Passport check at CDG airport
    2. Applying for a Speedpass for CA toll roads
    3. Getting some papers notarized

    So, there are many current uses of fingerprinting in routine life that one has to comply with, and who can say how secure any of it is? But, trust Apple? This is a worthy debate and I trust my fellows slashdotters will post good comments on both sides. Me? I want better security on my phone, as I use it for purchases and banking. I think biometrics is a move in the right direction, what do you think?

    --
    sigs are for losers (except to point out that sigs are for losers)
    1. Re:just FUD IMHO by Andreas+Mayer · · Score: 2

      A thought experiment: Replace 'Apple' with 'Chinese phone manufacturer' and 'NSA spying scandal' with 'Chinese spy scandal'. Would you still trust them?

      Actually, that would worry me less, since I can't think of anything the Chinese would want to do with that information. The US on the other hand has already proven, that they think they are the world police.

  5. Paranoia by countach · · Score: 4, Insightful

    While there are good reasons for paranoia when it comes to the NSA, I think this paranoia is over the top. Firstly, if Apple is lying, and the fingerprint information is not stuck inside the chip like they say, hackers WILL discover it. Then Apple will have bad publicity from here to eternity. So I don't think Apple would lie. Secondly the government has lots of better and easier ways to harvest fingerprints if they really want to. Thirdly, I don't think fingerprints will really do the government much good, except in crime investigations. If you're worried about that, then you've probably got bigger problems.

  6. Never transmitted... until the next update by Chemisor · · Score: 5, Interesting

    Android used to store your wi-fi password locally and never transmit it anywhere. Then came Gingerbread, and all your local data got helpfully "backed up" to google servers. Setting turned on by default, probably before you had a chance to learn it's there. They say they delete your stuff when you turn off the setting, but, naturally, there is no way to really know. Suddenly, google has all your wi-fi passwords, whether you like it or not. It would be naive to assume Apple would behave differently.

  7. Your Fingerprint isn't ever stored in flash by rabtech · · Score: 5, Interesting

    If you check the design, the fingerprint image itself is never stored anywhere. The fingerprint profile is only stored on silicon in the A7 chip. There is no API to access that data, only flags to tell you that it exists (so the OS can discover there are four stored prints and their names, but nothing about the actual fingerprints themselves).

    Apple touts the fact that the fingerprint is never sent over the network as a feature but in reality it can't send it over the network even if it wants to, nor can any application access it.

    If you think Apple is lying... well... There must be some level of trust somewhere or we may as well give up. I tend to draw the line at the CPU because if that is compromised or includes back doors, we are all screwed anyway.

    --
    Natural != (nontoxic || beneficial)
    1. Re:Your Fingerprint isn't ever stored in flash by CaymanIslandCarpedie · · Score: 5, Insightful

      Apple touts the fact that the fingerprint is never sent over the network as a feature but in reality it can't send it over the network even if it wants to

      So the data exists on the phone. The phone is connected to a network. But it is physically impossible for that data to be sent over the network? Not sure how that would work.

      --
      "reality has a well-known liberal bias" - Steven Colbert
    2. Re:Your Fingerprint isn't ever stored in flash by Wraithlyn · · Score: 4, Interesting

      In theory, yes.

      From what I understand, The secure region of the A7 chip that the fingerprint profile is stored on has a WRITE function, and an AUTHENTICATE function. There is no READ function.

      So yeah... because it is protected like this at the hardware level, you're not getting that information out again, period (short of physically breaking into the NVRAM with some sort of forensics tech).

      --
      "Mind, as manifested by the capacity to make choices, is to some extent present in every electron." -Freeman Dyson
    3. Re:Your Fingerprint isn't ever stored in flash by jsepeta · · Score: 2

      Technically, Apple never stores your fingerprint. When you train the device, it recognizes signature parts of your fingerprint, such as the location of whorls etc, and then saves that not as a photograph of your finger, but as an abstract number that corresponds to where that whorl exists on your finger. So your fingerprint is never stored, just a series of numbers that represent aspects of your fingerprint. Big difference.

      --
      Remember kids, if you're not paying for the service, YOU ARE THE PRODUCT THAT IS BEING SOLD.
  8. Who will be first by lars_boegild_thomsen · · Score: 3, Interesting

    Back in 2005 some car thieves in Malaysia tried to steal a Merc S Class with some kind of biometric immobilizer. When they realized they couldn't get the darn thing running without a finger print, they merely chopped the owner's finger off with a machete (I swear it's true: BBC Article).

    I wonder who will be the first to lose an iPhone along with a finger.

    1. Re:Who will be first by Anonymous Coward · · Score: 2, Insightful

      Appropriate : http://xkcd.com/538/

      However : there is a vital difference : a Merc S class costs 100k and there is no reset button. An iPhone 700 bucks.
      Chopping of a finger for 700 bucks isn't worth it. Just restore it with iTunes. Much easier. :-)

      In other words : no. It won't happen. It's just FUD. Fear mongering.

    2. Re:Who will be first by wvmarle · · Score: 2

      So rude! They could have politely asked the owner to start the vehicle for them - and change the registered fingerprint(s) in the process.

  9. More than one kind of fingerprint reader by danaris · · Score: 2

    That your fingerprints are all over your phones.

    I believe mythbusters showed how trivial it was to bypass fingerprint protections by making your own "finger" from said prints? (This time on an electronic door lock).

    Except that various people have already been investigating the fingerprint reading technology Apple is using, and they seem to think that it's really not that easy, because they're using a more robust technique than the classic scan-the-surface-optically method.

    Dan Aris

    --
    Fun. Free. Online. RPG. BattleMaster.
  10. FP readers dont capture your fingerprints by mysidia · · Score: 4, Informative

    They capture metrics based on your fingerprints

    These are not cameras, that take an optical image; or collect data that can be used to reproduce your fingerprints.

    The readers provide only enough data to authenticate the ridge pattern, by taking some simplified metrics that represent your pattern with a relatively high fraction of uniqueness.

    See the citeworld article for more information about the iPhone's reader; apparently, this reader will be harder to trick than most laptop readers from Authentec have been in the past.

    If they were worthwhile; then this seems worthwhile.

    It's certainly a better idea to have fingerprint + 4-digit passphrase than a 4-digit passphrase.

    Long passphrases are inconvenient; more convenient security means the bar is raised: people's risk will go down.

    Also, since the reader requires live skin, it cannot be faked easily ---- it may reduce thefts of these devices by pickpockets and the like.

  11. Re:True with caveats by mysidia · · Score: 2

    So apple say that they wont transmit the biometric id. That they can control.

    It doesn't matter so much if they do transmit the biometricc ID; it could be useful, to "authorize someone else to use your iphone" in advance --- or authorize someone to use a feature; such as the fingerprint-based ability to unlock your front door's biometric lock, by just picking an option on their ID in your contact list.

    A biometric ID doesn't capture your fingerprint; the bio ID is specific to a kind of fingerprint reader, and it's more like a hash than a password.

    For example: there is a chance that 300 or 400 people in the world may have the exact same or very similar biometric ID key, but totally different fingerprints.

    That's because all the bits of data the fingerprint reader manufacturer has selected to authenticate a fingerprint has to be boiled down into a very short string of numeric values forming an ID key.

    It's not like the reader will be storing a high-resolution capture of your fingerprint, that could be used to manufacture fake fingerprints -- or be capable of being used with other readers.

  12. subdermal imaging by goombah99 · · Score: 4, Insightful

    I don't have special knowledge about how the Apple print scanner works but what I've read makes me believe it uses infrared sub dermal imaging. That is it seems below the surface. If so it's seeing more than just your finger surface print. That should make it harder to forge from lifted surface prints. It also will mean that it will work for people who have worn their finger prints off (apparently some types of labor do this--they grow back)

    Moreover I would say this so called "expert" has it backwards. If you fingerprints really are a one-shot biometric that can't be unspoiled then we want to use them for casual things not critical things.

    This finger print scanner is not eliminating passwords, it's just a second factor. I'ts a great idea used well.

    --
    Some drink at the fountain of knowledge. Others just gargle.
  13. How about a DNA sensor by spitting at the phone? by JoeyRox · · Score: 4, Funny

    I predict a day in the not-to-distant future where lazy consumers will tire of having to touch their devices to unlock them and will demand a DNA sensor that lets you unlock phones by spitting at them. I wouldn't want to be sitting in the front row of that Apple media event.

  14. Re:Mythbusters busted, by MrKaos · · Score: 2

    If thieves have access to your finger, they don't even need to chop it off, they just have to press it against your iPhone to unlock it and then register their own fingerprint. So no, it will not protect you from thieves, it will just let you keep your fingers.

    I'm sure anyone who is prepared to steal a phone is educated enough to know this.

    --
    My ism, it's full of beliefs.