Apple Offers Additional Details on Touch ID, iPhone 5s Won't Store Fingerprint Images

[nascimento]

BC2009:"For those who don't understand cryptographic one-way hashes, they cannot be reversed to produce the original data without a dictionary attack"

Thank You...A calm voice of reason in a cacophony of paranoia.

nice gobledeegook but tech evolves and what cant be undone today will be tomorrow. Thats as certain as the sun rises in the morning and sets in the afternoon.

Global fingerprint database is what will be created.

 

[LV426]

nice gobledeegook but tech evolves and what cant be undone today will be tomorrow. Thats as certain as the sun rises in the morning and sets in the afternoon.

You're dead wrong.

Here is a cryptographic hash (a real world example):

5542589304642608077

It's a hashed representation of a 600x450 pixel image. One of tens of millions of images in a database that I operate. I don't use this hash for security purposes, but I do use it to quickly establish whether two images in the database are the same. Think: does a given fingerprint image match the hash stored in my phone?

Can you (or anyone else) convert 5542589304642608077 into an image of the Mona Lisa? No, I thought not.

Best put that tinfoil hat back in the cupboard.

 

[nascimento]

You're dead wrong.

Here is a cryptographic hash (a real world example):

5542589304642608077

It's a hashed representation of a 600x450 pixel image. One of tens of millions of images in a database that I operate. I don't use this hash for security purposes, but I do use it to quickly establish whether two images in the database are the same. Think: does a given fingerprint image match the hash stored in my phone?

Can you (or anyone else) convert 5542589304642608077 into an image of the Mona Lisa? No, I thought not.

Best put that tinfoil hat back in the cupboard.

No foil here other than in the kitchen!

Wish I could speak with you in a few years time when they find a way to break the system and when the unsolvable is finally solvable. (Even with the unwilling participation of Apple)

As always people will say this security is full-proof and as such it is the exception... I say avoid it at all cost, it is the start of something that will end up badly, sadly Apple was the first one to take it mainstream.

 

[adnbek]

The point isn't about them not storing your fingerprint on their servers or iCloud. It has already been disclosed that the NSA works with companies and builds backdoors to access the type of information kept on you, even the hidden, encrypted kind. And even if your fingerprint isn't stored or whatever, that isn't the point. It's the fact that they are trying to condition us to use it, to make us think its okay, because believe me, in the future they will be storing your fingerprint.

So what you're saying is that if the NSA had physical access to the phone, they have a way of getting to the fingerprint data stored within it. Pardon me, but unless you're wearing gloves or wiping it off all the time, your fingerprints are already all over the device!

I think this is being a massive apple fanboy forum, most did not clearly get your message. If I can understand from your post, by giving a fingerprint approval on everything - it basically puts you in a situation where the government can confirm everything you do as it can see you have confirmed it with your fingerprint approval. The phone itself can be used against you. I am not a paranoid, the gov. is after me crazy type guy (as I dont have anything to hide), but I would want to know if I was being followed without my knowledge.

hmm, seriously something to think about.

An iPhone is already tied to an Apple ID, so this pretty much the case already anyway.

 

[Taz Mangus]

I review some actual Performance Scores of GeekBench (multi-platform benchmark), and I saw this:

iPhone 5: ~1560 pts
Galaxy S4 (SnapDragon 600): ~3000 pts.

Asume the iPhone 5S really performs Twice Fast as the iPhone 5, it GeekBench (especulative) must be about 3200 pts Max, a bit faster than the S4, but not as faster as the Note 3 Snapdragon 800 (above 4100pts - ArsTechnica), by first time an iPhone doesnt lead any performance benchmark, I hope the A7X on the new iPad can do...

Sad, iPhone 5sad, I'm selling my Apple Stocks too...

Benchmark tests that Samsung was caught cheating on with the S4: http://gizmodo.com/samsung-rigged-the-s4-to-unnaturally-perform-better-in-971577921.

This is an interesting read about the 64-bit ARM processor used in the iPhone 5S. Truely a desktop class CPU in the iPhone 5S: http://appleinsider.com/articles/13...sung-may-have-lost-apples-a7-contract-to-tsmc.

 

[Appleusergerman]

The PR disaster for Apple in Germany

The PR disaster for Apple in Germany and its finger-printing sensor iPhone 5S – the third or forth most important market for Apple worldwide - continues – mostly ignored in the US and especially at this site.

Today’s headlines:

Golem.de – the major tech website in Germany: “Niemand weiß, was iPhone-Apps mit Fingerabdruck machen“ – „Nobody knows what IPhone-Apps do with the finger-print“.

http://www.golem.de/news/datenschue...ingerabdruck-machen-1309-101617.html#comments

and 136 mostly negative comments about Apple telling the truth.

The #1 news site in Germany, DER SPIEGEL writes: Touch ID - Datenschützer warnt vor Fingerscanner in iPhone“ - „Touch ID - Commissioner for Data Protection and Freedom of Information warns about the fingerscanner in the IPhone.

http://www.spiegel.de/netzwelt/netz...rnt-vor-fingerscanner-im-iphone-a-922288.html

The Commissioner for Data Protection and Freedom of Information in Hamburg, Germany doubts Apple story about the finger print being stored only inside the device.

THIS IS A GOVERNMENT OFFICIAL!

Followed by 303 mostly negative comments about Apple telling the truth.

Even the very conservative and always pro-US magazine focus.de asks: „Wie sicher ist Apples neuer Fingerabdruck-Sensor?“ – „How safe is Apples new fingerprint-sensor“ and it states: „everything that is based upon tech can be falsified“.

I am really disappointed that macrumors totally fails to report on those stories and behaves as if nothing has happened! Smells!

 

[MacDav]

BC2009:"For those who don't understand cryptographic one-way hashes, they cannot be reversed to produce the original data without a dictionary attack"



nice gobledeegook but tech evolves and what cant be undone today will be tomorrow. Thats as certain as the sun rises in the morning and sets in the afternoon.

Global fingerprint database is what will be created.

To you, good sound logical reasoning and knowledge are nothing but gobledeegook. You live your life ruled by emotional paranoia.

 

[aggri1]

I wonder how the hash is calculated each time from the scanned fingerprint. If very small changes in the input (i.e. the fingerprint scan) result in totally different hashes, then I wonder how they deal with slightly altered fingertip placement angles and locations, slightly different pressures (squishes out differently), marks such as cuts, etc... I'll be interested to see how reliable it is.

 

[keatth]

So what you're saying is that if the NSA had physical access to the phone, they have a way of getting to the fingerprint data stored within it. Pardon me, but unless you're wearing gloves or wiping it off all the time, your fingerprints are already all over the device!



An iPhone is already tied to an Apple ID, so this pretty much the case already anyway.

so the realization of being tracked makes the paranoia of being tracked ok?

 

[silvershamrock]

The NSA will still have everyone's fingerprints

The NSA is an exclusively US organization, right? I guess everyone who is not subject to American law has nothing to worry about then, eh?

 

[Brother Esau]

Can someone please enlighten me on why people are so fussy about the NSA getting fingerprint data? What can they do with that information? It's not like they can even sell it to marketers.

With a fingerprint, their is a definitive and positive correlation associated with whatever is being done vs "speculation or assumptions on exactly who did what at said given time.

In other words, their is no saying o'h...someone used my phone to do such and such where they would need to prove this. There will now be definitive data supporting and confirming everything that any individual does throughout the day or evening while using the phone!

In the lamest terms...the Jig is up and your ass is grass and they have you dead to rights!

I said from the beginning that whoever trusts Apple or Google with their personal and private data is as stupid as a bag of bricks!

 

[Appleusergerman]

what makes it even worse is this m7 chip. It can tell if you are moving around or if you do sport or if you just put it some place.

Over here the press is full of critisism. I am really curious to see the sales results of the nsa iphone.

 

[AppliedMicro]

The Commissioner for Data Protection and Freedom of Information in Hamburg, Germany doubts Apple story about the finger print being stored only inside the device.

To be fair, that's not exactly what the article states.
He's rather saying that "normal" users are unable to tell which data (assumedly "rogue") apps might access on the phone.

what makes it even worse is this m7 chip. It can tell if you are moving around or if you do sport or if you just put it some place.

iPhone 5, 4s and 4 have had gyroscopes, accelerometer and GPS for years, allowing pretty reliable tracking.

Both Apple & Google have been very forthcoming about what types of requests they are forced to comply with

They might have been as "forthcoming" as they have been legally allowed to tell.

...which might just be the tip of the iceberg.
Gag orders seem to be imposed routinely on these companies.

 

[val4321]

I find it interesting that people seem to think encryption will keep their data safe.

http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

 

[adnbek]

so the realization of being tracked makes the paranoia of being tracked ok?

I'm saying the paranoia is overblown. Read my post again.

 

[h4ck]

Android people care. they can't sell the experience, they can't sell something on the premise of "this works, it's effective, it's good" - they use the ol' 1990 standby of "higher numbers = better device" which is entirely untrue in real, practical terms.

Who cares about geekbench scores besides nerdy tech geeks? At the end of the day it's about performance. As long as my phone does what I want it to with no performance lags I could give a crap less what geekbench score it gets.

Then there's this: http://forums.androidcentral.com/samsung-galaxy-s4/301349-samsung-cheats-benchmarks.html

 

[Paulio]

The point everybody is speaking of is to get your print remotely, without having to deal with the old methods ever again. Apple wants a feature that's useful, the government kindly agrees. The new M7 can record any activity, it even knows when you park your car. The government doesn't need any tracking hardware anymore, welcome to the new world, where everyone kindly agrees to be tracked, even when told not to.

You're right about the paranoia part. It's not without reason, though.

Yes, but the point Apple so carefully (and initially) made is that they are making it as hard as they can for that to be done maliciously.
Why are all you people so worried about having your fingerprints known? Because the government will have access to them? They already have nearly every piece of digital information you have created or changed, nothing that is digitised is truly private. But why worry? Because the government is an evil, all powerful entity with only their best intentions at heart? Maybe so, but just as likely is that they are as unaware as everybody else and by enabling super large scale analysation they actually have potential to turn that around.
You could worry that Obama knows what lot your car is in, or you could respect the fact that some people might be more interested in why you exist and have a car in the first place, and how is any body meant to figure that out when everybody is so prone to distractions and worrying about fabricated non-issues.
Obviously I'm making some grand assumptions here, but in my mind they sit well with the human condition and would honestly explain a lot.

 

[mechno]

you are paranoid, and it is unwarranted in this case. apple isnt a g-man. they have said in the past they store as little as possible so they dont have to hand it over if ordered. this is one perfect example of that.

----------
I may be paranoid, but given the recent revelations of our NSAs abuse of powers it would be absolutely foolish not to be.

http://www.webpronews.com/how-police-bypass-locked-iphone-android-screens-2012-04

The simple fact that Apple HAS a back door into the phones was a bad design move.