Apple Offers Additional Details on Touch ID, iPhone 5s Won't Store Fingerprint Images

[vpro]

Thank you.

The keyhole analogy is not apt, in this case. With a traditional key/keyhole, the hole matches the key... thus, a locksmith can create a key from the keyhole.
However, every touch sensor is EXACTLY the same. It's a little circle on your phone.. nothing there to create a "key" from. Apple has stated that the "keyhole" exists only in a protected part of the processor.. briefly accessible ONLY by Touch ID just, as you touch the screen, to compare to your "key". Match or no match, the "keyhole" is then secured away again. This leaves little to no opportunity for a "locksmith" (read: hacker) to attempt to build said "key", as when it is briefly accessed, it is through the heavily encrypted Touch ID app, from the secure location in volatile memory.

Thanks topper that was really helpful and you didn't even belittle me, I appreciate when someone responds to me on here and doesn't make some snarky remark about my pea brain or something cos I'm a girl or what ever.

That was really clear, but I'm concerned about not so much the phone, I'm sure they will find a way to break into anything I mean, history proves people always find a way if they want something from you or anyone bad enough, they'll have it. Nothing we can really do. No reason to be paranoid but you have to think about these things.

 

[topmounter]

Half-truth - "Won't Store Fingerprint Images"

Full-truth - Won't Store Fingerprint Images Locally, Instead It Uploads Them Immediately

 

[vpro]

+1

Again: the problem is *NOT* that the NSA gets your fingerprints!!!!

In my case, getting a passport means that they take my fingerprint. Next thing: the German government sends it to the NSA. So this is not the point!

The point is:

WHATEVER you do with your 5s will be associated with your fingerprint and will therefore be attached to your file at the NSA!!!

And: everybody that ever used the Internet has such a file - you can be certain of it!

What we learned: what CAN BE DONE WILL BE DONE.

I really like your passion thank you. I can share this too because no matter what it is all attached to you, your name and all your data, history, preferences, style of shopping/transacting, all of this is stored somewhere and every business shares this information with other businesses, no matter what you ask them not to do with your information, that is why these businesses are still running and are growing exponentially right?

When it comes to security for me, one less device like the eye fone gives me an added level of feeling a little more secure? It is a funny topic 'security' because it is more about trust right?? I trust that when you close the door behind you that no one is gonna break in and ruin your lives, you trust when you walk down a quiet path that no one is gonna jump you at knife point, you trust that your money is actually valuable in a bank, right?

The most important lesson is if you have nothing to lose, nothing to hide - then perhaps you're set for a good quality of life, liberated from fear and excess need of security - perhaps???

This is a great topic - thanks!!

 

[StyxMaker]

The NSA will still have everyone's fingerprints

What makes everyone think that the NSA wants their finger prints? The NSA is signals intelligence agency. They want to track who you communicate with to build information about networks of people. They don't give a crap about your finger prints. If they need your finger prints, they'll ask the FBI for them.

 

[Appleusergerman]

What makes everyone think that the NSA wants their finger prints? The NSA is signals intelligence agency. They want to track who you communicate with to build information about networks of people. They don't give a crap about your finger prints. If they need your finger prints, they'll ask the FBI for them.

The NSA keeps files on EVERY PERSON ON THE PLANET that has used phones, The Internet or banks. The iphone 5s makes it easier for them to attach more info about your person. There are ever reports that they have phone calls form the 80s (!!!) still on file. They NEVER forget.

Besides: NSA knows backdoors to iOS and Android: so what is the point? You have to assume they listen in to everything.

I find it horrifying that people were fighting the evil german secret service (STASI) which was a joke compared to what is happening - and now people even pay for being spied upon. And sure the US gov never abused its powers against its citizens and others...lol. Or how about the US gov goes broke and cannot pay its NSA agents anymore? Knock, knock on your door: hello Mr. xy, what would you pay to us that your wife does not learn that you love to go to bigchicks.com? Get my drift?

There is no solution to it but some things you can do:

1. minimized your traffic and be aware that they are always listing. Create your own local network - if possible - that is NOT connected.
2. go no-tech whereever possible (get yourself a calender and addressbook - they are much cheaper btw!)
3. don't sync via icloud
4. get rid of icloud - any kind of cloud service (which are NSA access points)
5. avoid social networks! Hey: maybe you did not know: you can meet pretty boys and girls in the Starbucks next to your home!)
6. Buy local
7. Avoid Amazon and others bc they report your habits
8. Never use Yahoo, Google or other major ISPs for email. If possible get your own email server! Change passwords and change email addresses. Only use nicknames or fake names.
9. Pay in cash!
10. Start to become aware that there are no free-bees! They want to get your data - that is why they offer nice, free tools. Stop being lazy - and start to rediscover reality again!

IT IS VERY IMPORTANT THAT YOU START TO CHANGE YOUR PATTERNS OF HOW YOU USE YOUR DEVICES!

Again it is impossible to stop them completely. The point is to reduce your online data to the absolute minimum.

Ps.: Google glass is about to hit the streets! Over here people are already discussing hitting them into their faces. In a way a war is starting right now.

Paranoia? It happened before and it will happen again!

 

[StyxMaker]

This is going to be like Siri... People will use it for a few months - figure out it is just easier the old way and move on.

To a large degree that depends on how quickly the finger sensor reads and verifies the data. Before I retired the entire organization I worked for had finger print readers on all the computers. I opted to stick with passwords since I could type in my password faster than the finger print reader could read and process my print.

If this sensor works faster than I can type in four digits, then I'll use it.

----------

Try reading the U.S. Constitution for "why".

I have found no mention of finger prints in the Constitution.

----------

There's a lot of paranoia going on.

If the police has your fingerprints in a database, they they could find you if your fingerprints are found at a crime scene. (On the other hand, I think the infamous Unabomber was found because the police found a fingerprint on a letter that he sent, which was found to belong to an employee at a copy shop where the paper had been purchased, and that led eventually to the bomber. )

I wouldn't really know what the NSA could do with my fingerprints. They might be able to forge evidence against me. But if they wanted to do that, surely they could get hold of my fingerprints in some other way.

Now even with all the paranoia, there are lots of things that should be done to prevent people spying on us. But with all the paranoia going on, and idiotic claims about what the NSA can do or does, that kind of thing gets lost in the noise.

The Unabomber was found because his brother recognized the insane 'manifesto' he sent to the newspaper and called the FBI.

 

[StyxMaker]

You have obviously been living under a rock all year. See there was this guy Edward Snowden and he exposed... oh never mind.

And anyone who thought the NSA wasn't doing everything that Snowden 'leaked' was living under a rock their whole life. The NSA is a 'spy' agency 'spy' agencies 'spy'.

----------

Well I've been arrested so I'm in the system... Lol

I've never been arrested and my fingerprints have ben 'in the system' for 40 years since I've held the first of many jobs that required finger printing as part of the hiring process.

 

[nascimento]

Does Apple SECRETLY train my fingerprints, even if I never launch Touch ID? No. No, that's not what I "need to be asking". That seems so absurd & paranoid to me. Apple is NOT the NSA... Even if that was technologically feasible.. all you tin foil hat armchair conspiracy theorists believe that it's the NSA that so desperately want a fingerprint of yours, NOT Apple... why would they (Apple) even do this??? If they did (once again, as I understand the technology... not even possible).. if it came out, they'd lose customers en masse. Apple is in the business of keeping customers, not scaring them away. Would secretly sneaking your fingerprint make Apple more money by you buying more phones? No. Would it make you purchase more apps? No. Would it make you buy more songs? No. Then why would Apple do this? Unless your theories extend to believing that Apple is offered SUCH a lucrative amount of money by the NSA per user to sneakily steal their fingerprint, that it would completely offset their theoretical losses of costumers & amount sued if it ever came out that they directly lied about every single detail of how the tech works (30 seconds to train, only stored on chip, only trained when you launch app, etc.) this makes ZERO logical sense, business sense, or sense of any other kind. Try some rational thought.

I think its now common knowledge they were cooperating quite agreeably with the "agencies" What the hell are you talking about when you say they would not risk loosing customer base?

The whole point is to be forward thinking and looking at all the nefarious ways that such biometric data could be collected and then used. Even if "forced" surreptitiously by government.

 

[satcomer]

Half-truth - "Won't Store Fingerprint Images"

Full-truth - Won't Store Fingerprint Images Locally, Instead It Uploads Them Immediately

Please prove that statement.

 

[topmounter]

Please prove that statement.

Prf

 

[cybeross]

I'd like to clarify -- to those who are saying that "the NSA already has your fingerprint" etc, yes, that's true, but that's not the point here. The point is that now, even though they are tracking you already, they can't PROVE that you are in actual possession of your phone at any given moment. Now they will be able to prove beyond a reasonable doubt that where your phone is, you are. If you don't see the difference between this and having your fingerprint on file somewhere, you are missing something very big indeed.

 

[juanmanas]

Im in the UK but i didnt need to scan my finger print for my passport... think i just have some facial recognition thing so i guess it depends where in the EU people are.... saying that, i wouldnt hesitate to give them my finger print if it sped up customs!!





sorry i should have used the [Facetious][/facetious] script...

True. Not in the UK, but most people don't have a problem to register their IRIS at the airport!

 

[Appleusergerman]

I think its now common knowledge they were cooperating quite agreeably with the "agencies" What the hell are you talking about when you say they would not risk loosing customer base?

As a matter of fact:

a. NSA forced companies to cooperate!
b. gag order. not even allowed to talk about it! secret courts! (starts to smell like communist or nazi germany)
c. they pay hundreds of mils of US$ to those companies incl. major foreign corps (!)
d. NSA is making jokes about "idiots" buying 1984-enabled iphones and androids

And the fingerprint thingy is the next logic step to always ID your data and you.

Nothing to hide? Frankly I don't have anything to hide! But it is MY PRIVATE data. Like you demand to have the right to wear arms in the US, i demand that it is not any government business what cooking recipies I download, what books I read or what the size of the condoms is, I use.

Just to give you an idea what is happening – and its maybe 0.1%:

Let us assume that Germany takes the role of America and vice versa:

Germanys spy agency (named BND btw.) has a file for every single person on the planet they know of. That includes you! Same thing for every company. They access and process every single byte used in the US. They record every bank transaction, every phone call, every sale by the major wholesale companies and such. They also record all credit cards. Not to mention they spy on every company and its traffic. The USA is allowing that bc. of secret treaties or because they are just cowards. Germany also spies on its own citizens and gets more infos from governments around the world. They know EVERYTHING.

Again in this example, with turned tables, the US government allows to have the German government a major competitive advantage because of industrial espionage and it betrays its own citizens. Would you not agree? Would you feel comfortable that the German government knows EVERYTHING about you, including your little visits to a porn site – or what lube you are using? And if you are a boss of a US company – you can only be outraged. Guess why Russias secret service is now buying TYPEWRITERS from Germany??

By all accounts and definitions you would call that high treason as lawyers call it here. Of course the German government will do nothing before the elections 9/22 and nothing after it. And of course ppl can sue the government “for high treason” and nothing will happen, but the German business people will not accept that and they have the power over here. This will however only become a topic after the elections bc businesses prefer the present parties in power. The NSA scandal – and I watch a lot US TV – is not the major topic it is over here – but believe me the long term consequences will be catastrophic…and in a way it starts with Apples major mistake to build a fingerprint sensor into its spyphone because even them dumbest people have now an idea what is happening!

 

[StyxMaker]

The NSA keeps files on EVERY PERSON ON THE PLANET that has used phones, The Internet or banks. The iphone 5s makes it easier for them to attach more info about your person. There are ever reports that they have phone calls form the 80s (!!!) still on file. They NEVER forget.

Besides: NSA knows backdoors to iOS and Android: so what is the point? You have to assume they listen in to everything.

I find it horrifying that people were fighting the evil german secret service (STASI) which was a joke compared to what is happening - and now people even pay for being spied upon. And sure the US gov never abused its powers against its citizens and others...lol. Or how about the US gov goes broke and cannot pay its NSA agents anymore? Knock, knock on your door: hello Mr. xy, what would you pay to us that your wife does not learn that you love to go to bigchicks.com? Get my drift?

There is no solution to it but some things you can do:

1. minimized your traffic and be aware that they are always listing. Create your own local network - if possible - that is NOT connected.
2. go no-tech whereever possible (get yourself a calender and addressbook - they are much cheaper btw!)
3. don't sync via icloud
4. get rid of icloud - any kind of cloud service (which are NSA access points)
5. avoid social networks! Hey: maybe you did not know: you can meet pretty boys and girls in the Starbucks next to your home!)
6. Buy local
7. Avoid Amazon and others bc they report your habits
8. Never use Yahoo, Google or other major ISPs for email. If possible get your own email server! Change passwords and change email addresses. Only use nicknames or fake names.
9. Pay in cash!
10. Start to become aware that there are no free-bees! They want to get your data - that is why they offer nice, free tools. Stop being lazy - and start to rediscover reality again!

IT IS VERY IMPORTANT THAT YOU START TO CHANGE YOUR PATTERNS OF HOW YOU USE YOUR DEVICES!

Again it is impossible to stop them completely. The point is to reduce your online data to the absolute minimum.

Ps.: Google glass is about to hit the streets! Over here people are already discussing hitting them into their faces. In a way a war is starting right now.

Paranoia? It happened before and it will happen again!

Or, you can just accept the fact that privacy and anonymity have never been anything but illusions.

 

[Appleusergerman]

Or, you can just accept the fact that privacy and anonymity have never been anything but illusions.

Really? I did not know that the US, the USSR or the STASI of East Germany back then did even know my most private habits. For them to get this kind of information in East Germany they had to employ for their 16.000.000 ppl about 274.000 paid spies. Even then they did not know what lube I am using...if you get my point.

NOW we are paying tons of money to get a golden spyphone that reports us automatically. I call that progess. Apple you have betrayed us!

http://www.theverge.com/2013/6/6/44...-apple-google-facebook-microsoft-others-prism

http://en.wikipedia.org/wiki/Stasi

The illusion is that nothing has changed!

 

[StyxMaker]

Really? I did not know that the US, the USSR or the STASI of East Germany did even know my most private habits. For them to get this amount of information in East Germany they had to employ for their 16.000.000 ppl about 274.000 paid spies. Even then they did not know what lube I am using...if you get my point.

NOW we are paying tons of money to get a golden spyphone that reports us automatically.

http://en.wikipedia.org/wiki/Stasi

The illusion is that nothing has changed!

Don't you just love righteous indignation?

 

[Appleusergerman]

Don't you just love righteous indignation?

I like to deal with facts. Same time i am no coward. And what is happening is the end of trust....hence the end of business.

 

[StyxMaker]

Really? I did not know that the US, the USSR or the STASI of East Germany back then did even know my most private habits. For them to get this kind of information in East Germany they had to employ for their 16.000.000 ppl about 274.000 paid spies. Even then they did not know what lube I am using...if you get my point.

NOW we are paying tons of money to get a golden spyphone that reports us automatically. I call that progess. Apple you have betrayed us!

http://www.theverge.com/2013/6/6/44...-apple-google-facebook-microsoft-others-prism

http://en.wikipedia.org/wiki/Stasi

The illusion is that nothing has changed!

On a more serious note. Three hundred or so years ago Paris had a great mail service. Mail was picked up and delivered every two hours from every address in the city. It was taken to a central location where it was sorted to be delivered. Oh, yeah, it was also opened and copied.

You're suffering from the illusion that this is all, somehow, new.

Edited for grammar correction.

 

[Glassed Silver]

Dear Apple, I'm sorry because I realise it's not really your fault, but I don't trust that the NSA haven't nobbled you, and nothing you have said so far leads me to… um think different, as it were.

They say they don't store the image of the fingerprint... Well, woop die woop, does it really matter? The image needs to be processed a lot of times during the day, why not snoop at the source?

How would we know this isn't possible?

If there is a sufficient answer to this question, please enlighten me, so far I remain skeptical.

Glassed Silver:mac

 

[lazard]

it's also quite easy to fool biometric scanners.

http://www.theregister.co.uk/2002/05/16/gummi_bears_defeat_fingerprint_sensors/

 

[StyxMaker]

I like to deal with facts. Same time i am no coward. And what is happening is the end of trust....hence the end of business.

If you deal with facts, then deal with the fact that every government has always spied on its citizens to whatever extent the currant technology allowed.

 

[Appleusergerman]

On a more serious note. Three hundred or so years ago Paris had a great mail service. Mail was picked up and delivered every two hours from every address in the city. It was taken to a central location where it was sorted to be delivered. Oh, yeah, it was also opened and copied.

Your suffering from the illusion that this is all, somehow, new.

Governments always have tried to gather information on its citizens and foreigners. Very true! As it was just reported: not only the east Germans spied on the mail from and to West Germany. No! Also the US did and West Germany on all mail from/to East Germany.

So what is new?

That a.) we pay for it by buying expensive gadgets; b.) it is automatically done and c.) it is a spying on a level - so deep and so comprehensive as never before.

It is a new quality of spying - hence not "the same".

Your way of thinking seems to be like:

You have one person, you have 2 persons, your have 5 persons, then 20, then 100, then 1000 then 50000 then 1.000.000 - it is just bigger numbers of the same. Right?

As a matter of fact: no. with bigger numbers new "qualities" arise:

individual, relationship, family, bigger family, clan, village, city, country.

Got it?

----------

They say they don't store the image of the fingerprint... Well, woop die woop, does it really matter? The image needs to be processed a lot of times during the day, why not snoop at the source?

How would we know this isn't possible?

If there is a sufficient answer to this question, please enlighten me, so far I remain skeptical.

Glassed Silver:mac

AGAIN. http://www.theverge.com/2013/6/6/44...-apple-google-facebook-microsoft-others-prism

Backdoors all over the place!

 

[xVeinx]

It's not as nefarious as people think. The fingerprint reader doesn't store the fingerprint, it reduces the "fingerprint" to a set a features to use for identification in the machine learning algorithm used to separate a true/false print in unlocking the phone. It's not the same thing. Using a different algorithm or a transform of the data renders the original useless. Your fingerprint is not stolen, and isn't forever useless if the software gets cracked somehow. Apple isn't stupid .

 

[StyxMaker]

Governments always have tried to gather information on its citizens and foreigners. Very true! As it was just reported: not only the east Germans spied on the mail from and to West Germany. No! Also the US did and West Germany on all mail from/to East Germany.

So what is new?

That a.) we pay for it by buying expensive gadgets; b.) it is automatically done and c.) it is a spying on a level - so deep and so comprehensive as never before.

It is a new quality of spying - hence not "the same".

Your way of thinking seems to be like:

You have one person, you have 2 persons, your have 5 persons, then 20, then 100, then 1000 then 50000 then 1.000.000 - it is just bigger numbers of the same. Right?

As a matter of fact: no. with bigger numbers new "qualities" arise:

individual, relationship, family, bigger family, clan, village, city, country.

Got it?

----------



AGAIN. http://www.theverge.com/2013/6/6/44...-apple-google-facebook-microsoft-others-prism

Backdoors all over the place!

You certainly don't seem to be following your own advice, otherwise you wouldn't be posting on an Internet forum where all those nefarious spies can read it.

 

[eoblaed]

The problem with most sensors and their software, is that they must allow a wide variation range, in order to recognize the real user, whether their finger is moist, dry, hot, cold, has scratches, lotion, etc.

That range has been used in the past to demonstrate how to spoof fingerprint sensors (including capacitive) using fairly ordinary materials. (Play Doh, Gummi Bears, etc.)

Apparently a severed finger will work on a regular capacitive sensor for about 15 minutes, and possibly much longer if you figure out the right fluid to pump through it. (Actually, I guess some blood from the victim would do.)

Now, this one is an RF (also often called AC/active capacitance) type, which measures both signal intensity and phase change as it passes through the finger. Not sure yet how easy it is to fool, but would guess it's pretty similar. Will keep looking for more info.

(As I noted in another post, AuthenTec has some patents on using other electrical tests to make sure the variation isn't too much. So they might be less prone to simple spoofing.)

But really, the thing is, is that if someone is willing to mutilate your body to get into your phone, it'd be faster, easier, and less messy for them to just put a gun to your head and have you unlock it on the spot. Going through the trouble of cutting off a digit (and hope you have the right one!) and using this bloody, floppy thing to try to unlock their phone is totally impractical. Much easier to just point the gun and yell at them.