Fingerprinting offers no new security

Discussion in 'iPhone' started by Honza, Sep 11, 2013.

  1. Honza macrumors member

    Joined:
    Apr 22, 2011
    Location:
    SF Bay Area
    #1
    Reports are showing that you must have a passcode in order to use Touch ID, and after a certain number of unsuccessful attempts at authenticating by fingerprint, you can still unlock the phone by passcode. If this is true, then the fingerprinting is only for convenience sake (which would still be nice). But I'm a little disappointed that it isn't more secure.

    Anybody know anything to the contrary? Or is this true?
     
  2. codybriana macrumors member

    Joined:
    Jun 16, 2009
  3. KeanosMagicHat macrumors 65816

    KeanosMagicHat

    Joined:
    May 18, 2012
    #3
    It offers a great deal of "new security" for people like me who can't be bothered with the inconvenience of a lock screen passcode each time.

    I don't mind a passcode as a fallback exception though if something goes wrong. That makes perfect sense.
     
  4. Kurso macrumors 6502

    Joined:
    Sep 10, 2013
    #4
    FP sensor is no different than any other password based system. Instead of a 4-digit code that gets hashed the scanner detects the pattern on your finger and turns it into some hash.

    Nothing is fundamentally different, just the simplicity under which you can enter your password.
     
  5. OneMike macrumors 603

    OneMike

    Joined:
    Oct 19, 2005
    #5
    Considering that you can disable simple passcodes I see this as a non issue.

    I'd just set a good, strong passcode and be done with it.

    That said, if the fingerprint system works that great. Unless you lose a finger. I don't see the point of a fallback.
     
  6. Honza thread starter macrumors member

    Joined:
    Apr 22, 2011
    Location:
    SF Bay Area
    #6
    Ideally, the fingerprint should be more secure because it can't be stolen by someone watching you input your passcode, or written down, etc.

    It is definitely more convenient, and will entice more people to implement some kind of security as a result. But it still relies on the passcode.
     
  7. surjavarman macrumors 6502a

    Joined:
    Nov 24, 2007
    #7
    It offers a liability. Someone could hack your device, get your fingerprint and use it to frame you for a murder.

    Also we are suppose to believe that Apple doesn't store it on their server. We have to believe their word for it. That there already seems iffy to me. Didn't they give the NSA backdoor access? By buying this phone you ultimately give up your biometric and other personal data which can be used against you in the future.
     
  8. NT1440 macrumors G4

    NT1440

    Joined:
    May 18, 2008
    Location:
    Hartford, CT
    #8
    Spoken like someone who truly doesn't get it.

    In order to access the fingerprint data you'd have to physically disassemble the phone, somehow get through multiple layers of the A7 (while not destroying it in the process) and then pin out the hardware chip that is responsible for storing the fingerprint (It's not accessible through software, nor does the fingerprint ever leave the physical device, it's never transmitted).

    Do you have a clean room?

    :rolleyes:
     
  9. SwisströM macrumors newbie

    Joined:
    Sep 30, 2012
    #9

    Of all the methods to "stole" a fingerprint this is surely the most stupid I've ever heard. Not to forget that, after having taken the "digital fingerprint" you would have to forge it.

    Go back to watching action movies please.
     
  10. ematsui macrumors member

    Joined:
    Aug 12, 2009
    #10
    Here is the deal, create a more secure 6 digit password which is infinitely more secure then the standard 4 digit (numbers only) password that most people use on the iPhone.

    The downfall of the 6 digit password was that it brought up the alpha numeric keyboard and was a lot harder to type so no one used it even though it is much more secure.

    The benefit now is, you can set a 6 digit passcode and use the fingerprint and not be bothered to have to type the 6 digit passcode now, thus a much more secure phone.
     
  11. the8thark macrumors 68040

    the8thark

    Joined:
    Apr 18, 2011
    #11
    The more obvious method would be to lift your print off a cup or something you used, scan that and use to enter the iPhone.

    The point? The print scanner is not fool proof. But it's a layer of complexity. Harder to crack than a number combo is. And the average thieves/hackers will leave you alone cause it's too hard for them. The trick here is not to make the iPhone 100% secure. The trick is to make it harder for the average thief. And this will reduce the iPhone theft rate a lot.
     
  12. Curun macrumors 6502

    Curun

    Joined:
    Sep 10, 2013
    #12
    Its true.

    It offers better security due to ease, by tempting those who don't use any passcode at all to now use this convenient system. For them, this new seamless transparent system is more secure.

    This was all conveyed in keynote.
     
  13. NT1440 macrumors G4

    NT1440

    Joined:
    May 18, 2008
    Location:
    Hartford, CT
    #13
    Again, read up on the touch ID, the underlined simply will not work.

    Don't dismiss technology you haven't even bothered to do a simple google search on.
     
  14. surjavarman macrumors 6502a

    Joined:
    Nov 24, 2007
    #14
    I find it more worrisome that apple has convinced us that using a password is necessary and that step by step they are collecting private data for the government. And people give it to them for the sake of convenience.

    The best defense against theft is not a fingerprint password. Its not getting your phone stolen in the first place. A fingerprint scan isn't going to give you your phone back.

    The guys at NSA are all wetting their pants with this new stash of fingerprints.
     
  15. Loke2112 macrumors regular

    Loke2112

    Joined:
    May 11, 2011
    Location:
    3 blocks off the Atlantic
    #15
    What he said. ANd of course there needs to be a back up in case you chop off your fingertip. It happens all the time!:eek:
     
  16. ckurt25 macrumors 6502a

    ckurt25

    Joined:
    Mar 25, 2009
    Location:
    Grand Rapids, MI
    #16
    The point of a fall back is if it's it's my 12 year old daughter's iPhone I'd need access to it. I'm guessing it won't store multiple finger prints so the passcode is so I can access it. Same thing if my wife wants access to my phone. I've given her my passcode and she has access now so there needs to be a fallback, even if it worked 100% of the time.
     
  17. dotme macrumors 6502a

    Joined:
    Oct 18, 2011
    Location:
    Iowa
    #17
    Are you a fiction novelist? Nothing you've posted so far on this thread is even remotely factually accurate.
     
  18. Makaveliarts macrumors 6502

    Joined:
    Jun 30, 2010
    #18
    I'm hoping for an option that makes it so the INTIAL unlock requires both a FP scan AND a passcode to unlock.

    And I don't use 4 digit codes, more like 8-12 digit.
     
  19. jrswizzle macrumors 603

    jrswizzle

    Joined:
    Aug 23, 2012
    Location:
    McKinney, TX
    #19
    It actually WILL store multiple fingerprints - up to 5 I believe.

    I plan on storing 4 right off the bat, both my thumbs and both my index fingers, for convenience sake. The 5th, I might let my wife store one of hers.

    And for all the conspiracy theorists out there, get a life. Apple explicitly stated the fingerprint scans are stored in a secure location on the A7 chip and are NEVER backed up to iCloud and NEVER stored on Apple's servers. TBH, it would be more convenient to have it all backed up to iCloud, but I commend Apple for making sure such sensitive info isn't anywhere but stored safely within the phone itself, where no one but the TouchID sensor can access it.
     
  20. LostMoose macrumors newbie

    LostMoose

    Joined:
    Jul 11, 2012
    Location:
    SeaLax
    #20
    If the NSA really wants something, if the government really wants something for that matter, I'm sure they'll find a way to get it. I really doubt that they are interested in reading every single one of the juicy text messages that come out of peoples' phones and sorting through scandalous browser history unless the government has turned into some sort of gossip magazine.
     
  21. surjavarman macrumors 6502a

    Joined:
    Nov 24, 2007
    #21
    But you can't prove it either than NSA doesn't have backdoor access to your fingerprint. We'd just have to believe Tim's word for it and they already lied about it once in the past. You also can't prove the fingerprint reader isn't hackable.

    So the safest option is not to use fingerprint scanners.
     
  22. elistan macrumors 6502a

    Joined:
    Jun 30, 2007
    Location:
    Denver/Boulder, CO
    #22
    You'll be happy to know, then, that you've guessed incorrectly. Apple says it will store multiple fingerprints.
     
  23. spacemanspifff macrumors 6502

    spacemanspifff

    Joined:
    Jan 23, 2010
    Location:
    SPACE
    #23
    Hmmmmm...

    As far as I am aware the A7 chip is not a memory (file storage) chip, it's a CPU. So the fingerprint data can't be stored on there. If it was, and you switched your phone off - BOOM you'd loose your fingerprint data!

    I guess they are storing the fingerprint data in a secure encrypted space in the main Flash memory which the system limits access too. That said there must be some access as the system and the Apple store seem to be able to communicate with it and if the system can access it... :eek:
     
  24. dotme, Sep 11, 2013
    Last edited by a moderator: Sep 11, 2013

    dotme macrumors 6502a

    Joined:
    Oct 18, 2011
    Location:
    Iowa
    #24
    You can't prove that the NSA doesn't have a satellite above your house right now. So the safest option is to never leave your home.

    Here's how fingerprinting usually works in the digital world:

    A scanner analyzes a live image and generates a hash based on a small number of plot points (ridges, loops, swirls etc) and that hash is stored on a chip. The image itself is NOT stored. And because the plot points are way too few to fully reconstruct a fingerprint from data, it's not reversible. It is impossible to take the hashed data and reverse it into a fingerprint - you're missing 95% of the original image.
     
  25. LostMoose macrumors newbie

    LostMoose

    Joined:
    Jul 11, 2012
    Location:
    SeaLax
    #25
    This. No sense in being paranoid, otherwise just stay inside. In fact, why even use the internet? :eek:
     

Share This Page