Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Fingerprinting offers no new security

H

Honza

macrumors member
Original poster
Apr 22, 2011
93
24
SF Bay Area
Reports are showing that you must have a passcode in order to use Touch ID, and after a certain number of unsuccessful attempts at authenticating by fingerprint, you can still unlock the phone by passcode. If this is true, then the fingerprinting is only for convenience sake (which would still be nice). But I'm a little disappointed that it isn't more secure.

Anybody know anything to the contrary? Or is this true?
 
It offers a great deal of "new security" for people like me who can't be bothered with the inconvenience of a lock screen passcode each time.

I don't mind a passcode as a fallback exception though if something goes wrong. That makes perfect sense.
 
Honza said:
Reports are showing that you must have a passcode in order to use Touch ID, and after a certain number of unsuccessful attempts at authenticating by fingerprint, you can still unlock the phone by passcode. If this is true, then the fingerprinting is only for convenience sake (which would still be nice). But I'm a little disappointed that it isn't more secure.

Anybody know anything to the contrary? Or is this true?
Click to expand...

FP sensor is no different than any other password based system. Instead of a 4-digit code that gets hashed the scanner detects the pattern on your finger and turns it into some hash.

Nothing is fundamentally different, just the simplicity under which you can enter your password.
 
codybriana said:
The passcode is simply a fallback measure.
Click to expand...

Considering that you can disable simple passcodes I see this as a non issue.

I'd just set a good, strong passcode and be done with it.

That said, if the fingerprint system works that great. Unless you lose a finger. I don't see the point of a fallback.
 
Ideally, the fingerprint should be more secure because it can't be stolen by someone watching you input your passcode, or written down, etc.

It is definitely more convenient, and will entice more people to implement some kind of security as a result. But it still relies on the passcode.
 
It offers a liability. Someone could hack your device, get your fingerprint and use it to frame you for a murder.

Also we are suppose to believe that Apple doesn't store it on their server. We have to believe their word for it. That there already seems iffy to me. Didn't they give the NSA backdoor access? By buying this phone you ultimately give up your biometric and other personal data which can be used against you in the future.
 
surjavarman said:
It offers a liability. Someone could hack your device, get your fingerprint and use it to frame you for a murder.

Also we are suppose to believe that Apple doesn't store it on their server. We have to believe their word for it. That there already seems iffy to me. Didn't they give the NSA backdoor access? By buying this phone you ultimately give up your biometric and other personal data which can be used against you in the future.
Click to expand...

Spoken like someone who truly doesn't get it.

In order to access the fingerprint data you'd have to physically disassemble the phone, somehow get through multiple layers of the A7 (while not destroying it in the process) and then pin out the hardware chip that is responsible for storing the fingerprint (It's not accessible through software, nor does the fingerprint ever leave the physical device, it's never transmitted).

Do you have a clean room?

:rolleyes:
 
surjavarman said:
It offers a liability. Someone could hack your device, get your fingerprint and use it to frame you for a murder.

Also we are suppose to believe that Apple doesn't store it on their server. We have to believe their word for it. That there already seems iffy to me. Didn't they give the NSA backdoor access? By buying this phone you ultimately give up your biometric and other personal data which can be used against you in the future.
Click to expand...


Of all the methods to "stole" a fingerprint this is surely the most stupid I've ever heard. Not to forget that, after having taken the "digital fingerprint" you would have to forge it.

Go back to watching action movies please.
 
Here is the deal, create a more secure 6 digit password which is infinitely more secure then the standard 4 digit (numbers only) password that most people use on the iPhone.

The downfall of the 6 digit password was that it brought up the alpha numeric keyboard and was a lot harder to type so no one used it even though it is much more secure.

The benefit now is, you can set a 6 digit passcode and use the fingerprint and not be bothered to have to type the 6 digit passcode now, thus a much more secure phone.
 
The more obvious method would be to lift your print off a cup or something you used, scan that and use to enter the iPhone.

The point? The print scanner is not fool proof. But it's a layer of complexity. Harder to crack than a number combo is. And the average thieves/hackers will leave you alone cause it's too hard for them. The trick here is not to make the iPhone 100% secure. The trick is to make it harder for the average thief. And this will reduce the iPhone theft rate a lot.
 
Honza said:
Reports are showing that you must have a passcode in order to use Touch ID, and after a certain number of unsuccessful attempts at authenticating by fingerprint, you can still unlock the phone by passcode. If this is true, then the fingerprinting is only for convenience sake (which would still be nice). But I'm a little disappointed that it isn't more secure.

Anybody know anything to the contrary? Or is this true?
Click to expand...
Its true.

It offers better security due to ease, by tempting those who don't use any passcode at all to now use this convenient system. For them, this new seamless transparent system is more secure.

This was all conveyed in keynote.
 
the8thark said:
The more obvious method would be to lift your print off a cup or something you used, scan that and use to enter the iPhone.

The point? The print scanner is not fool proof. But it's a layer of complexity. Harder to crack than a number combo is. And the average thieves/hackers will leave you alone cause it's too hard for them. The trick here is not to make the iPhone 100% secure. The trick is to make it harder for the average thief. And this will reduce the iPhone theft rate a lot.
Click to expand...

Again, read up on the touch ID, the underlined simply will not work.

Don't dismiss technology you haven't even bothered to do a simple google search on.
 
I find it more worrisome that apple has convinced us that using a password is necessary and that step by step they are collecting private data for the government. And people give it to them for the sake of convenience.

The best defense against theft is not a fingerprint password. Its not getting your phone stolen in the first place. A fingerprint scan isn't going to give you your phone back.

The guys at NSA are all wetting their pants with this new stash of fingerprints.
 
ematsui said:
Here is the deal, create a more secure 6 digit password which is infinitely more secure then the standard 4 digit (numbers only) password that most people use on the iPhone.

The downfall of the 6 digit password was that it brought up the alpha numeric keyboard and was a lot harder to type so no one used it even though it is much more secure.

The benefit now is, you can set a 6 digit passcode and use the fingerprint and not be bothered to have to type the 6 digit passcode now, thus a much more secure phone.
Click to expand...

What he said. ANd of course there needs to be a back up in case you chop off your fingertip. It happens all the time!:eek:
 
OneMike said:
Considering that you can disable simple passcodes I see this as a non issue.

I'd just set a good, strong passcode and be done with it.

That said, if the fingerprint system works that great. Unless you lose a finger. I don't see the point of a fallback.
Click to expand...

The point of a fall back is if it's it's my 12 year old daughter's iPhone I'd need access to it. I'm guessing it won't store multiple finger prints so the passcode is so I can access it. Same thing if my wife wants access to my phone. I've given her my passcode and she has access now so there needs to be a fallback, even if it worked 100% of the time.
 
I'm hoping for an option that makes it so the INTIAL unlock requires both a FP scan AND a passcode to unlock.

And I don't use 4 digit codes, more like 8-12 digit.
 
ckurt25 said:
The point of a fall back is if it's it's my 12 year old daughter's iPhone I'd need access to it. I'm guessing it won't store multiple finger prints so the passcode is so I can access it. Same thing if my wife wants access to my phone. I've given her my passcode and she has access now so there needs to be a fallback, even if it worked 100% of the time.
Click to expand...

It actually WILL store multiple fingerprints - up to 5 I believe.

I plan on storing 4 right off the bat, both my thumbs and both my index fingers, for convenience sake. The 5th, I might let my wife store one of hers.

And for all the conspiracy theorists out there, get a life. Apple explicitly stated the fingerprint scans are stored in a secure location on the A7 chip and are NEVER backed up to iCloud and NEVER stored on Apple's servers. TBH, it would be more convenient to have it all backed up to iCloud, but I commend Apple for making sure such sensitive info isn't anywhere but stored safely within the phone itself, where no one but the TouchID sensor can access it.
 
surjavarman said:
The guys at NSA are all wetting their pants with this new stash of fingerprints.
Click to expand...

If the NSA really wants something, if the government really wants something for that matter, I'm sure they'll find a way to get it. I really doubt that they are interested in reading every single one of the juicy text messages that come out of peoples' phones and sorting through scandalous browser history unless the government has turned into some sort of gossip magazine.
 
dotme said:
Are you a fiction novelist? Nothing you've posted so far on this thread is even remotely factually accurate.
Click to expand...

But you can't prove it either than NSA doesn't have backdoor access to your fingerprint. We'd just have to believe Tim's word for it and they already lied about it once in the past. You also can't prove the fingerprint reader isn't hackable.

So the safest option is not to use fingerprint scanners.
 
Hmmmmm...

jrswizzle said:
//snip//

And for all the conspiracy theorists out there, get a life. Apple explicitly stated the fingerprint scans are stored in a secure location on the A7 chip and are NEVER backed up to iCloud and NEVER stored on Apple's servers. TBH, it would be more convenient to have it all backed up to iCloud, but I commend Apple for making sure such sensitive info isn't anywhere but stored safely within the phone itself, where no one but the TouchID sensor can access it.
Click to expand...

As far as I am aware the A7 chip is not a memory (file storage) chip, it's a CPU. So the fingerprint data can't be stored on there. If it was, and you switched your phone off - BOOM you'd loose your fingerprint data!

I guess they are storing the fingerprint data in a secure encrypted space in the main Flash memory which the system limits access too. That said there must be some access as the system and the Apple store seem to be able to communicate with it and if the system can access it... :eek:
 
surjavarman said:
But you can't prove it either than NSA doesn't have backdoor access to your fingerprint. We'd just have to believe Tim's word for it and they already lied about it once in the past. You also can't prove the fingerprint reader isn't hackable.

So the safest option is not to use fingerprint scanners.
Click to expand...
You can't prove that the NSA doesn't have a satellite above your house right now. So the safest option is to never leave your home.

Here's how fingerprinting usually works in the digital world:

A scanner analyzes a live image and generates a hash based on a small number of plot points (ridges, loops, swirls etc) and that hash is stored on a chip. The image itself is NOT stored. And because the plot points are way too few to fully reconstruct a fingerprint from data, it's not reversible. It is impossible to take the hashed data and reverse it into a fingerprint - you're missing 95% of the original image.
 
Last edited by a moderator:
dotme said:
You can't prove that the NSA doesn't have a satellite above your house right now. So the safest option is to never leave your home.

Now that we've established you're a shut-in, here's how fingerprinting usually works in the digital world:

A scanner analyzes a live image and generates a hash based on a small number of plot points (ridges, loops, swirls etc) and that hash is stored on a chip. The image itself is NOT stored. And because the plot points are way too few to fully reconstruct a fingerprint from data, it's not reversible. It is impossible to take the hashed data and reverse it into a fingerprint - you're missing 95% of the original image.
Click to expand...

This. No sense in being paranoid, otherwise just stay inside. In fact, why even use the internet? :eek:
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back