Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old May 11, 2013, 02:52 PM   #101
iSunrise
macrumors regular
 
Join Date: May 2012
Quote:
Originally Posted by mikemch16 View Post
What if a phishing scam convinces you to enter in your fingerprint and now they have that data. Couldn't that information now be used to hack all of your accounts. Not to mention you can't change the data of your fingerprint like you can with a password. It seems like you are now forever vulnerable. Any thoughts? Am I mistaken?
No, youīre not mistaken. Thatīs only one of the potential risks.

If itīs like current Apple technologies, Apple will provide an API that handles the I/O and encrypts/decrypts your fingerprint data, so potentially, that API could always be misused. Personally, I would only use this feature if Apple provides me with enough information that tells me how exactly they are encrypting and storing these fingerprints. They also need to provide info that no one else other than me can access and decrypt it.

Apple has hopefully cleared the use of the fingerprint sensors with countries that are in the EU, especially Germany. Also, if you introduce fingerprint sensors into your products, there must be an option to turn that sensor off and everyone that enables that features needs to be informed about the potential risks.

The vast amount of people have absolutely no idea how much security problems could arise with this. Young people nowadays grow up with the notion that personal data doesnīt need to be protected, they give all their personal data to facebook, twitter, google, etc. and are just stupidly naive. Now, companies also get access to fingerprints. Where does it stop?

Last edited by iSunrise; May 11, 2013 at 03:02 PM.
iSunrise is offline   0 Reply With Quote
Old May 11, 2013, 03:59 PM   #102
Clocks
macrumors newbie
 
Join Date: May 2013
Quote:
Originally Posted by gotluck View Post
I'm afraid of the solutions, botox shots or the removal of a gland in my armpit is scary.
That sucks. I hope you find a less scary solution.
Clocks is offline   0 Reply With Quote
Old May 11, 2013, 04:45 PM   #103
Rossatron
macrumors 6502
 
Join Date: Apr 2013
Location: in a ziplock bag inside a car's trunk
Nobody said that your finger print HAS to be stored at any sort of database. If, indeed, it would work with 1 way encryption and 2 keys, your finger print will only be needed locally, on your device to validate your public key.

What I think will come out of it, is users who wish so to do, could register with fingerprintsRus, which in turn generate a two key set for each individual, based on their finger print. The finger print and the private key will both be stored on your phone (encrypted, of course). When you want to pay for something, you swipe your finger, the phone compares it to the private key locally and if, and only if, they match, you validate your public key with which you pay.

Think your keys were compromised? No problem. Just call them like you would if it were your credit card and after the identify you, they issue a new set of keys. And the old set? It's now useless because the public key it had to authenticate against is no longer in existence, making the print stored at a stolen iPhone, useless.

Come on people, open your mind -dare I say - to a good outcome from the matter. Yes, it could be implemented badly. But who said that it will? Maybe something more along the lines I portrayed here will be implemented?
Rossatron is offline   0 Reply With Quote
Old May 11, 2013, 05:46 PM   #104
iSunrise
macrumors regular
 
Join Date: May 2012
Quote:
Originally Posted by Rossatron View Post
Nobody said that your finger print HAS to be stored at any sort of database. If, indeed, it would work with 1 way encryption and 2 keys, your finger print will only be needed locally, on your device to validate your public key.

What I think will come out of it, is users who wish so to do, could register with fingerprintsRus, which in turn generate a two key set for each individual, based on their finger print. The finger print and the private key will both be stored on your phone (encrypted, of course). When you want to pay for something, you swipe your finger, the phone compares it to the private key locally and if, and only if, they match, you validate your public key with which you pay.

Think your keys were compromised? No problem. Just call them like you would if it were your credit card and after the identify you, they issue a new set of keys. And the old set? It's now useless because the public key it had to authenticate against is no longer in existence, making the print stored at a stolen iPhone, useless.

Come on people, open your mind -dare I say - to a good outcome from the matter. Yes, it could be implemented badly. But who said that it will? Maybe something more along the lines I portrayed here will be implemented?
That sounds like a good solution, actually. Itīs like PGP/OpenPGP but with a fingerprint, instead of actual random data and a password. Itīs still up to discussion though if Apple does a backup of that, when youīve activated iCloud backup.

Letīs reserve further judgement until we know more about it. It could be a great feature if implemented right. You would think that they ironed out everything (Authentec should have taken care of that, even before Apple bought them) before they make it a mass-market feature.
iSunrise is offline   0 Reply With Quote
Old May 11, 2013, 11:48 PM   #105
rGiskard
macrumors 6502
 
Join Date: Aug 2012
Quote:
Originally Posted by gnasher729 View Post
I wonder who the second largest technology provider in Cupertino, Calif. would be.
Heh. I'm interested in how long it is until someone figures out a way to hack a person's iPhone using fingerprints left by that person in some public place. Lift the print off a cup left at some cafe, use it to somehow create a replica finger, and voila, instant paypal account access.

Admittedly it would be more sensational to snip off a finger at the time of the iPhone theft, but lifting the prints and creating a 3D finger hack would be cooler, and much harder to trace. A bleeding stump would probably alert the mark that it's time to change their passwords or limit fingerprint access to their accounts.

----------

Quote:
Originally Posted by jameskatt View Post

You don't have to use your finger. You can use your toes or other parts of the body.
Image of a thief hacking off parts one by one to see which it is, lol.
__________________
Mac Pro • 3.46 GHz Hexa-Core W3690, 24 GB RAM, GeForce GTX 680, 6G PCIe SSD RAID
rGiskard is offline   0 Reply With Quote
Old May 12, 2013, 12:35 AM   #106
marksman
Banned
 
Join Date: Jun 2007
Quote:
Originally Posted by topper24hours View Post
On the patent they filed it shows a diagram to the right of the home button of a "hidden" below the surface fingerprint sensor that only becomes visible momentarily as it is being used.

----------



Don't you think it would then default to your actual password (which will clearly still be an option for the small amount of people that are burn victims or simply have issues with the technology)?

----------



I believe that Apple entered into an agreement with Australian biometric security firm, Microlatch for the specific reason- that they have a protocol that meets the security requirements of all of the world banks and does NOT require an external housing of fingerprints for verification. (that is to say, the comparison is done LOCALLY on the device & Apple would NEVER have your biometric information).
Yeah it seems like quite a few people do not understand how this would work.

It does not require remote verification of the fingerprint. The fingerprint need only to be recognized on the mobile device and then trigger authorization with the remote site. Besides common password links, there will undoubtedly be more secure authentication paths available to work with various sites for stricter authentication.

It is not like I will be able to pick up your phone and login to my sites. I would have to use my phone. Your phone would have no way to verify my fingerprint.

I get the impression people think this data is being delivered to remote sites for authentication. It will not be. Someone would need both my device and me to access my accounts.

----------

Quote:
Originally Posted by mikemch16 View Post
What if a phishing scam convinces you to enter in your fingerprint and now they have that data. Couldn't that information now be used to hack all of your accounts. Not to mention you can't change the data of your fingerprint like you can with a password. It seems like you are now forever vulnerable. Any thoughts? Am I mistaken?
Yes you are mistaken. Your fingerprint data is not going to be transmitted anywhere.
marksman is offline   0 Reply With Quote
Old May 12, 2013, 09:31 AM   #107
coolspot18
macrumors 6502a
 
Join Date: Aug 2010
Voice Biometrics is probably a better choice. Non special hardware needed and is compatible with all mobile phones. Accuracy is very good too.
coolspot18 is offline   0 Reply With Quote
Old May 12, 2013, 09:33 AM   #108
Rossatron
macrumors 6502
 
Join Date: Apr 2013
Location: in a ziplock bag inside a car's trunk
Quote:
Originally Posted by coolspot18 View Post
Voice Biometrics is probably a better choice. Non special hardware needed and is compatible with all mobile phones. Accuracy is very good too.
voice, of all things? and what if you have a sore throat?
Rossatron is offline   0 Reply With Quote
Old May 12, 2013, 02:18 PM   #109
topper24hours
Banned
 
Join Date: Jul 2012
Quote:
Originally Posted by coolspot18 View Post
Voice Biometrics is probably a better choice. Non special hardware needed and is compatible with all mobile phones. Accuracy is very good too.
Voice is a handy addition to controlling a device, as a biometric.. maybe not so good...
"Please speak aloud your pass phrase now.
Umm.. myfavoriteponyisfluttershy.
Please repeat... I did not get that.
My favorite pony is fluttershy...! Ok?
*awkward stares in bank*
Access to voicemail granted"
=P
topper24hours is offline   0 Reply With Quote
Old May 12, 2013, 05:13 PM   #110
gotluck
macrumors 68030
 
gotluck's Avatar
 
Join Date: Dec 2011
Location: East Central Florida
Quote:
Originally Posted by Clocks View Post
That sucks. I hope you find a less scary solution.
cheers mate, at least it's not a consistent sweat.. seems to be related to anxiety
__________________
iPad Air LTE 7.1.2 JB (T-Mobile) - GS 4 Google Edition 4.4.4 ART (AT&T) - Windows 7 PC's - iPhone 4 6.1 JB
"Give me liberty (root access), or give me death!" - Patrick Henry
gotluck is offline   0 Reply With Quote
Old May 12, 2013, 10:56 PM   #111
flux73
macrumors 6502a
 
Join Date: May 2009
Quote:
Originally Posted by coolspot18 View Post
Voice Biometrics is probably a better choice. Non special hardware needed and is compatible with all mobile phones. Accuracy is very good too.
And if you're in a public place, like a Starbucks??
flux73 is offline   0 Reply With Quote
Old May 12, 2013, 11:06 PM   #112
maxosx
macrumors 68020
 
Join Date: Dec 2012
Location: Southern California
Several models of ThinkPads have been equipped with finger print scanners, for years. My first hand experience has been quite satisfactory. I'm surprised Apple has waited this long to give it consideration.
maxosx is offline   0 Reply With Quote
Old May 13, 2013, 12:01 AM   #113
BvizioN
macrumors 68000
 
BvizioN's Avatar
 
Join Date: Mar 2012
Location: Manchester, UK
Send a message via Skype™ to BvizioN
Quote:
Originally Posted by Ryth View Post
Then they'll take live fingers..meaning the person...hostage, etc...

Apple will get blamed for something with this...trust me.
Seriously, you people....

To start with, I don't know why someone would be dying to get into your iPhone. iPhone's usually are stolen or people are mugged for the sole value of the phone and not for what information does contain inside.

And second, if they have you a hostige for whatever "DA VINCI CODE" you may have inside it, it would be just as easy for them to get the pasword out of your brain as cuting off your fingers.
__________________
Born Albanian.
BvizioN is offline   0 Reply With Quote
Old May 13, 2013, 12:14 AM   #114
Solomani
macrumors 65816
 
Solomani's Avatar
 
Join Date: Sep 2012
I'm all for a security solution that goes above and beyond passwords (bothersome since we have to remember dozens of passwords and dozens of user IDs).... but fingerprint technology as it exists in the market today is CRAPTASTIC.

I'm opining from experience since the USA's largest fitness chain (24-Hour Fitness) has embraced fingerprint scanner entry on all their gyms, they got rid of membership ID cards in the past year. The fingerprint scanner only works 50% of the time for me on a good day. I have to keep swiping it 4 or 5 times before it recognizes my fingerprint. I'd like to blame it on all the sweaty dirty fingers of the gym members that used the scanner before me. But methinks that fingerprint scanners (and the algorithm tech they currently use) really are crap. Maybe they will be solidly reliable in 7-8 years. Here's to hoping that someone (Apple or whoever) does lead the charge for improving on the current situation.
Solomani is offline   0 Reply With Quote
Old May 13, 2013, 12:54 AM   #115
flux73
macrumors 6502a
 
Join Date: May 2009
Quote:
Originally Posted by maxosx View Post
Several models of ThinkPads have been equipped with finger print scanners, for years. My first hand experience has been quite satisfactory. I'm surprised Apple has waited this long to give it consideration.
The iPhone is only 5 years old. Also, the timing is probably only ripe now for mobile payments - Apple needed a critical mass of users and scanners/NFC reader technology needed time for maturation.

I'd also imagine it's quite a bit more difficult to get a fingerprint scanner into a phone than a notebook computer, especially in a manner that suits Apple's aesthetics.
flux73 is offline   0 Reply With Quote
Old May 13, 2013, 03:56 AM   #116
MacConvert
macrumors newbie
 
Join Date: Dec 2006
Location: Seattle, WA
Quote:
Originally Posted by goobot View Post
It doesn't matter, the phone doesn't work with dead fingers.
It may not work on dead fingers, but if you make a duplicate of someone's fingerprint(s) and somehow attach it to your finger, it would pass the 'is it dead' test. The only 'difficult' thing would be what type of material can be attached to the top of your finger that would still trick the fingerprint sensor into thinking it's the real finger.

Fingerprints alone aren't sufficient as a security measure - they must be combined with a password to be effective.
MacConvert is offline   0 Reply With Quote
Old May 13, 2013, 07:17 AM   #117
bbeagle
macrumors 65816
 
bbeagle's Avatar
 
Join Date: Oct 2010
Location: Buffalo, NY
Quote:
Originally Posted by waldobushman View Post
It's not negative. It is certainly one of the Use Cases that every vendor will have to have a solution for, in addition to allowing users to authorize others to use, say in an emergency or handing your phone over to wife, because the call is actually to her or your driving, or any other reason.
It DEFINITELY IS negative.

I guess you should be criticizing phone manufacturers because you can't take the phone in the shower with you. That's a use case they don't allow either.

Here's an example just as loony as what you described:
Say that you're in an emergency, you're passed out and your leg is bleeding, you need gauze. You're at the store. The only 'money' is YOUR ATM card. Nobody else knows the PIN to your card, nobody else can buy the gauze to save your life because the ATM card is locked to you. You'll die now. ATM card manufacturers should have thought about this and created a way for others to use your card, right? *sigh*

Last edited by bbeagle; May 13, 2013 at 07:23 AM.
bbeagle is offline   0 Reply With Quote
Old May 13, 2013, 09:56 AM   #118
hayesk
macrumors 65816
 
Join Date: May 2003
Quote:
Originally Posted by Ryth View Post
Queue up the new stories blaming Apple of people getting their fingers cut off for access to their devices when they are stolen. Here come the Hollywood movie scenes...whenever people need some bio access...
Why? You could just reset the phone and put your own fingerprint in.

Quote:
Originally Posted by goobot View Post
It doesn't matter, the phone doesn't work with dead fingers.
The fingerprint sensor might. The ones on Thinkpads work with silicone facsimiles.

This is not where the security flaw lies. The security flaw lies in the collection and transmission of the fingerprint data to the authenticator. Do they all go through a central authentication service? Do you trust them? Or if they don't go through a central service, do you trust app developers to properly encrypt your fingerprint data to protect it from hackers? Or the app developer themselves? Once your fingerprint profile is compromised, then what?
hayesk is offline   0 Reply With Quote
Old May 14, 2013, 08:02 AM   #119
coolspot18
macrumors 6502a
 
Join Date: Aug 2010
Quote:
Originally Posted by Rossatron View Post
voice, of all things? and what if you have a sore throat?
It still works, a cold or sore throat doesn't influence the base factors of your voice print.

As you use the voice print more often (i.e. every day?) it can adapt to changing parameters - at least with more advanced voice biometrics engines.

----------

Quote:
Originally Posted by topper24hours View Post
Voice is a handy addition to controlling a device, as a biometric.. maybe not so good...
"Please speak aloud your pass phrase now.
Umm.. myfavoriteponyisfluttershy.
Please repeat... I did not get that.
My favorite pony is fluttershy...! Ok?
*awkward stares in bank*
Access to voicemail granted"
=P
Voice biometrics has an extremely high rate of success. Unlike automatic speech recognition, it doesn't need to understand the words. What it needs is the intonation, speed, pitch, etc. to match with your profile.

In fact, many voice biometric engines support static and dynamic text options. With static text, you repeat a common passphrase, i.e. "Let me in" which all users will use. Based on your voice, it can determine if you are indeed who you are.

With dynamic text, it can ask you to speak something unique, i.e. the date, your name, etc. to ensure the audio isn't pre-recorded.

So yes, voice biometrics will work quite well in a mobile environment - definitely cheaper than a finger print reader and totally possible with today's technology and phones.

----------

Quote:
Originally Posted by flux73 View Post
And if you're in a public place, like a Starbucks??
There's actually passive voice biometrics technology that can determine who you are as you talk - i.e. when ordering. So as you talk to the barista for your order, it can authenticate you. Only if it fails, then it can resort to a fall back method.

Voice biometrics can work for many applications at a much lower cost than finger print reader, since no specialized hardware is required except for a microphone.
coolspot18 is offline   0 Reply With Quote
Old May 14, 2013, 08:56 AM   #120
aliensporebomb
macrumors 65816
 
Join Date: Jun 2005
Location: Minneapolis, MN, USA, Urth
Send a message via AIM to aliensporebomb Send a message via Yahoo to aliensporebomb Send a message via Skype™ to aliensporebomb
But

But utterly useless when connecting to corporate legacy systems. Ask any windows support rep how well fingerprint authentication works when connecting to a Microsoft Active directory network. Word: it doesn't.
__________________
ASB Music Web is at http://www.aliensporebomb.com/
"This is Aliensporebomb" (a soundtrack with no film) is available at http://itunes.apple.com/us/album/thi...mb/id391880218
aliensporebomb is offline   0 Reply With Quote
Old May 15, 2013, 11:03 AM   #121
smoledman
macrumors 65816
 
Join Date: Oct 2011
Quote:
Originally Posted by Solomani View Post
I'm all for a security solution that goes above and beyond passwords (bothersome since we have to remember dozens of passwords and dozens of user IDs).... but fingerprint technology as it exists in the market today is CRAPTASTIC.

I'm opining from experience since the USA's largest fitness chain (24-Hour Fitness) has embraced fingerprint scanner entry on all their gyms, they got rid of membership ID cards in the past year. The fingerprint scanner only works 50% of the time for me on a good day. I have to keep swiping it 4 or 5 times before it recognizes my fingerprint. I'd like to blame it on all the sweaty dirty fingers of the gym members that used the scanner before me. But methinks that fingerprint scanners (and the algorithm tech they currently use) really are crap. Maybe they will be solidly reliable in 7-8 years. Here's to hoping that someone (Apple or whoever) does lead the charge for improving on the current situation.
That's because whatever they're using isn't AuthenTec. There is a reason Apple bought that company. I guess their fingerprint recognition accuracy is near 100%.
__________________
2013 27" iMac running Windows 8.1, XBox One, Surface Pro
smoledman is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
TSMC Provides First Batch of Fingerprint Sensors for iPhone 6, iPad Air 2, and iPad Mini 3 MacRumors MacRumors.com News Discussion 100 May 13, 2014 06:22 AM
Samsung Said to Follow Apple's Lead with Fingerprint Sensor, No Iris Scanner in Galaxy S5 MacRumors MacRumors.com News Discussion 165 Jan 23, 2014 02:10 PM
Not joking - How long will it take for Galaxy to adopt fingerprint sensor? Kendo Alternatives to iOS and iOS Devices 57 Sep 23, 2013 12:44 PM
$1 charge from paypal!? Will2145 Community Discussion 6 Feb 9, 2013 11:20 PM
Help needed with charge lead purplenut MacBook Pro 1 Nov 7, 2012 02:06 PM

Forum Jump

All times are GMT -5. The time now is 07:35 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC