Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

German Data Protection Expert Warns Against Using iPhone5S Fingerprint Function

samzenpus posted about a year ago | from the keep-your-fingers-to-yourself dept.

Privacy 303

dryriver writes "Translated from Der Spiegel: Hamburg Data-Protection Specialist Johannes Caspar warns against using iPhone 5S's new Fingerprint ID function. 'The biometric features of your body, like your fingerprints, cannot be erased or deleted. They stay with you until the end of your life and stay constant — they cannot be changed. One should thus avoid using biometric ID technologies for non-vital or casual everyday uses like turning on a smartphone. This is especially true if a biometric ID, like your fingerprint, is stored in a data file on the electronic device you are using.' Caspar finds Apple's argument that 'your fingerprint is only stored on the iPhone, never transmitted over the network' weak and misleading. 'The average iPhone user is not capable of checking, on a technical level, what happens to his or her fingerprint once it is on the iPhone. He or she cannot tell with any certainty or ease what kind of private data applications downloaded onto the iPhone can or cannot access. The recent disclosure of spying programs like Prism makes it riskier than ever before to share important personal data with electronic devices.' Caspar adds: 'As a matter of principle, one should never hand over any biometric data when it isn't strictly needed. Handing over a non-changeable biometric feature like a fingerprint for no better reason than that it provides 'some convenience' in everyday use, is ill advised and foolish. One must always be extremely cautious where and for what reasons one hands over biometric features.'"

Sorry! There are no comments related to the filter you selected.

Also it stands to reason (4, Interesting)

rolfwind (528248) | about a year ago | (#44855509)

That your fingerprints are all over your phones.

I believe mythbusters showed how trivial it was to bypass fingerprint protections by making your own "finger" from said prints? (This time on an electronic door lock).

Re:Also it stands to reason (4, Insightful)

Hentes (2461350) | about a year ago | (#44855575)

But because of that the privacy concerns raised are pointless. Casual use is exactly where biometrics are useful, they are very convenient but don't provide any real security.

Re:Also it stands to reason (0)

Anonymous Coward | about a year ago | (#44855721)

And in this instance, they allow the remore collection of your fingerprints by (possibly) malevolent parties.

Re:Also it stands to reason (4, Insightful)

Nemyst (1383049) | about a year ago | (#44855781)

Apple's fingerprint reader doesn't read the fingerprint, it reads the tissue under the skin. This makes it much harder to fake and very constant over time. They're much more secure than "traditional" fingerprinting.

Re:Also it stands to reason (2, Insightful)

Bing Tsher E (943915) | about a year ago | (#44855807)

'Under the skin' is the magic dust the Apple marketing people came up with this time.

It's the Altivec Unit of 2013.

Re:Also it stands to reason (2)

Hentes (2461350) | about a year ago | (#44855847)

I admit that it will make the job of the common thief hard, that's why I said that it's a good idea. Just don't trust unencrypted sensitive data on your phone.

Re:Also it stands to reason (0)

Anonymous Coward | about a year ago | (#44855595)

But which Finger?

You have 10 digits. Not everyone would be so silly as to use the right index finger.

Re:Also it stands to reason (0)

Anonymous Coward | about a year ago | (#44855611)

Yes you're correct. Some of the mindless sheep who buy Iphones are left-handed.

Re:Also it stands to reason (0)

Anonymous Coward | about a year ago | (#44855621)

Also be sure to wipe used glassware before you leave any resturant.

Re:Also it stands to reason (1)

Anonymous Coward | about a year ago | (#44855625)

Yes. However, your greasy fingerprint on the phone can't be stolen remotely from the other side of the planet like the biometric one can.

That said, it's not terribly useful to steal the identifier string stored on the phone since it won't allow you to reconstruct the print any more than a MD5 checksum will permit you to reconstruct the file it is from. What it would do, though, is allow a third party to steal the checksum and then use it with other biometric devices to identify when that same user has come in contact with a different device under the third-party's control. I can't think of a good scenario right now, where that's likely to be an issue. HOWEVER, that doesn't mean that systems won't evolve in the future that could make it a problem.

Re:Also it stands to reason (5, Interesting)

ColdWetDog (752185) | about a year ago | (#44855707)

Yes. However, your greasy fingerprint on the phone can't be stolen remotely from the other side of the planet like the biometric one can.

That said, it's not terribly useful to steal the identifier string stored on the phone since it won't allow you to reconstruct the print any more than a MD5 checksum will permit you to reconstruct the file it is from. What it would do, though, is allow a third party to steal the checksum and then use it with other biometric devices to identify when that same user has come in contact with a different device under the third-party's control. I can't think of a good scenario right now, where that's likely to be an issue. HOWEVER, that doesn't mean that systems won't evolve in the future that could make it a problem.

There are ALWAYS downsides to security issues. It's how security consultants make money.

But unless Apple opens up the internals of how it processes and stores the data, I don't think it will have any generic utility. It's NOT a fingerprint copier. It uses (presumably) unique biometric information to create a (presumably) unique electronic signal to allow access to a device. You can (presumably) erase / clear the memory so the information is no where else, thus bypassing another problem with biometrics - you can't easily change your fingerprints.

I'm not sure it will work well, I've used a number of fingerprint scanners before ranging from the frankly stupid (on a number of laptops) to pretty good implementations on spendy locks. Presumably Apple will Do It Right(TM), but who knows?

Re: Also it stands to reason (0)

Anonymous Coward | about a year ago | (#44856041)

You assume, contrary to TFA, that Apple is telling the truth about just keeping some hash of the print and in a no-get environment (to check a print, the system sends a new print to the black box and only expects a binary T/F on the match in return). The author's point is that you don't know that Apple isn't lying, that there isn't hidden functionality and a hidden ___NSAGetPrint() secret API, and that such seems more rather than less likely given recent events.

Re:Also it stands to reason (0)

Anonymous Coward | about a year ago | (#44855837)

I think this is over-reach. If the biometric is simply some kind of "if 86% match, proceed to unlock device" then the worst case scenario is simply someone coercing you to into unlocking the device (eg customs/border) instead of beating the password out of you. A fingerprint is convenient, but not exactly reliable (remember you can change your fingerprints with surgery, and various accidents can change your fingerprints as well) Before DNA came along, fingerprints were used exclusively by law enforcement.

At this point I don't see the privacy implication unless someone figures out what checksum (salt) is on the device and then applies it to their own database of fingerprints they already have, to figure out... when a criminal is using a iPhone5S and tracking them. Maybe if we were signing contracts with finger prints or in blood maybe I'd be a bit concerned. However there is no practical application where a fingerprint is any better than a password, and it can still be MITM'd if it's processed in software. It's like SIM cards really. You can't copy a SIM card because the SIM card is not a serial number, it's a crypto-processor.

More than one kind of fingerprint reader (2)

danaris (525051) | about a year ago | (#44855715)

That your fingerprints are all over your phones.

I believe mythbusters showed how trivial it was to bypass fingerprint protections by making your own "finger" from said prints? (This time on an electronic door lock).

Except that various people have already been investigating the fingerprint reading technology Apple is using, and they seem to think that it's really not that easy [arstechnica.com] , because they're using a more robust technique than the classic scan-the-surface-optically method.

Dan Aris

subdermal imaging (4, Insightful)

goombah99 (560566) | about a year ago | (#44855969)

I don't have special knowledge about how the Apple print scanner works but what I've read makes me believe it uses infrared sub dermal imaging. That is it seems below the surface. If so it's seeing more than just your finger surface print. That should make it harder to forge from lifted surface prints. It also will mean that it will work for people who have worn their finger prints off (apparently some types of labor do this--they grow back)

Moreover I would say this so called "expert" has it backwards. If you fingerprints really are a one-shot biometric that can't be unspoiled then we want to use them for casual things not critical things.

This finger print scanner is not eliminating passwords, it's just a second factor. I'ts a great idea used well.

Disney... (0)

Anonymous Coward | about a year ago | (#44855521)

... uses such biometric data to "hand stamp" people entering their theme parks.

Better tell people to stop going to Disneyland/Disney World!

Re:Disney... (1)

ImdatS (958642) | about a year ago | (#44855619)

Oh, now I understand why everybody in Duckburgh uses gloves (Mickey Mouse, Donald Duck, etc...)

Re: Disney... (1)

Anonymous Coward | about a year ago | (#44855673)

They use capillary scanners and not finger print readers, at least. You don't leave your capillary patterns everywhere you touch, like with your prints, and it works better with wet dirty fingers and shallow ridged finger prints.

Re: Disney... (0)

Anonymous Coward | about a year ago | (#44855773)

The Apple fingerprint supposedly uses "sub-dermal" information, which presumably is different than the smudges one leaves on the phone.

And, that doesn't affect the argument from TFA, which decries the use of biometric data for trivial purposes (like unlocking a phone or getting back in to a theme park).

But what if... (0)

Anonymous Coward | about a year ago | (#44855525)

It was the back of my finger?

He is not an expert... (5, Insightful)

ImdatS (958642) | about a year ago | (#44855527)

Basically, he is the guy legally overseeing German Privacy Laws in the State of Hamburg. He is not a privacy expert. The only two guys in Germany I would listen to (maybe three guys) is the Privacy Commissioner of the State of Schleswig-Holstein, the Federal Privacy Commissioner and someone from Chaos Computer Club.

That being said, the question rather should be how the fingerprint scanner is implemented. If it generates a hash that is stored on the device and never stores the finger-print itself outside of RAM, I wouldn't have a problem with that.

The devil usually is in the detail - and in this case in the details of implementation. I would assume that Apple generates a hash code, stores it on the device and compares only hashes and never has a finger-print picture stored on the device (which would be better in any case). One might even consider storing up to 3, 5 or 10 hashes in order to have some heuristics.

Also, one wouldn't generate a has of the picture but rather the relationship of certain finger-print lines in order to not rely on a picture that might be different every time. But the line-relation is not so much different. I'm not an expert in biometrics, but I believe this is the same approach for face-recognition (certain specific face-points and their relationship to each other is analyzed, a hash generated and stored and next time compared against a new hash).

Being myself a German, I sometimes worry about German "alarmism". As Sigmund Freud said: "some times, a cigar is only really a cigar..."

Re:He is not an expert... (1)

ImdatS (958642) | about a year ago | (#44855531)

Oh, one more thing: if I was Apple, I would also salt the hash with a device-specific (device-unique) random code in order to make sure that the Government cannot send me a list of hashes asking: "We want data from users with these hashes..." - and the device salt could be generated anew every time the device is restored...

Re:He is not an expert... (4, Interesting)

ImdatS (958642) | about a year ago | (#44855561)

This is going nuts (replying to own reply to own message):
If I was Apple, I would generate a completely new hash every time I recognize the finger print with a completely new salt. This way, the system could get better over time as well as protect the users privacy because the hash and the salt keeps changing every time...

Re:He is not an expert... (0)

Anonymous Coward | about a year ago | (#44855661)

These are actually good ideas, and I appreciate this insightful conversation you're having with yourself. It highlights the need for Apple to tell us exactly how the fingerprint security works, which was a part of the point of the original article.

Re:He is not an expert... (4, Informative)

Glock27 (446276) | about a year ago | (#44855701)

It highlights the need for Apple to tell us exactly how the fingerprint security works, which was a part of the point of the original article.

Apple has revealed enough detail:

According to an unnamed spokesman at Apple, the fingerprint detector won't actually record images of your fingerprints.

and...

This is in line with what Apple said during the actual announcement, specifically that the information was stored "in the Secure Enclave inside the A7 chip on the iPhone 5s." The information would not be store on Apple's servers or in the iCloud.

From the WSJ [wsj.com] .

Re:He is not an expert... (3, Interesting)

ImdatS (958642) | about a year ago | (#44855719)

Thanks, I'd wish it wouldn't even leave the finger-print scanner chip as that might allow for even higher security. But this is probably "good enough". Now the next question would be how it gets transferred from the finger-print scanner to the "Secure Enclave inside the A7 chip". If there is direct connection from the reader to the A7 chip, it's probably ok. If it goes through main memory, there could be possible attack vectors...

I don't mean to say I'm a better security expert than Apple has - but, even though I'm an Apple fan/user, I don't think Apple's security track-record is as clean as one might want it...

Re: He is not an expert... (1)

iamhassi (659463) | about a year ago | (#44855809)

Do you have more information on Apple's security track-record? Seems to me to be much better than Microsoft or Android. As to biometrics not being safe, where has this guy been for 10 years? Biometrics is everywhere, my laptop and desktop both have biometric scanners. Passwords don't seem much better with cameras being everywhere now days, I remember a story of some thieves stealing debit cards by hiding a card reader and tiny camera that watched the keypad at gas stations. Nothing seems to be secure if a thief is determined enough, although I would feel more comfortable if the biometric scanners also checked for a heat signature so a simple photocopy of a fingerprint could not work.

Re: He is not an expert... (1)

ImdatS (958642) | about a year ago | (#44855995)

Indeed, if I compare Apple's track record to Microsoft's, it seems a lot better. I have no idea on Android, but anecdotal evidence (read: stuff I read on the Internet), it seems better than Android, too - but I can't judge it as I haven't done an analysis myself.

But "better" doesn't, at least for me, mean "good". Apple could do better. I've seen too many security issues in Safari and some in OS X as well. I don't mean that there are more than Windows or Android, but some times Apple's reaction was not optimal. So, going from, let's say, 100 security vulnerabilities per year to 50 might sound better than going from (e.g., no real numbers) from 300 (e.g. Windows) to 200, or even 150 (though in latter case, both would be 50% reduction). But Apple could do a lot more. They have been doing some great strides but I wish they would do even more.

One thing with security, where Apple has a lot to do, is transparency: sometimes I feel Apple is not being transparent enough on what they do with regards to security. But again, it might be perception bias as I'm a lot closer to Apple and might be criticizing them a lot more than Microsoft or even Android.

TL;DR - Apple could do more just in absolute terms, and be more transparent. Comparing to Microsoft/Android, they seem "better", but not necessarily "good" - in my world only.

Re: He is not an expert... (0)

Anonymous Coward | about a year ago | (#44856027)

Do you have more information on Apple's security track-record? Seems to me to be much better than Microsoft or Android.

Ya, you can't crash a MS or Android OS by sending a string of random gibberish in an Arabic font to the built-in font rendering engine.
MS hasn't had a security hole that large since the 90's when the "ping of death" was all the rage, and Android never has.

Track records are misleading. What matters is what is happening right now, not 20 years ago.

Re:He is not an expert... (1)

lesincompetent (2836253) | about a year ago | (#44855777)

After James Clapper i don't trust words anymore. I want facts.

Try this next time. (1)

Anonymous Coward | about a year ago | (#44855671)

Instead of rushing to get your comment out there as quickly as possible, take a few minutes to think about what you want to say. I'm not suggesting that you need to spend an hour on it. Just take 5 or 6 minutes, think through what you want to say, and then write it out in a single comment. Then you can submit that single comment, without replying to yourself again and again and again.

Re:Try this next time. (1)

ImdatS (958642) | about a year ago | (#44855697)

Thanks, I was actually in a different forum on a different website. Unfortunately, the discussion there was quite unfocused and what happened was that the first posting I did here was the result of my thoughts there ... and, as you suggest, I thought a little bit more about it, I came to other insights. Being an author, it is sometimes weird to notice that my ideas are generated while I'm writing and not always while I'm thinking. In a book, it's no problem: I can just re-edit. Here, on slashdot, as there is no EDIT possibility, I can't do that. But the additional insights were, IMHO, interesting enough (I thought) to write down here.

I know it is really more than stupid to respond to yourself and I will definitely follow your suggestion to take more time before posting next time.

Thanks again - especially as your tone was really quite nice and positive, so it helps to think about your recommendation...

Re:Try this next time. (1)

Anonymous Coward | about a year ago | (#44855839)

You're welcome, son. Your humbleness is a testament to your honest nature.

Just keep in mind that Slashdot is a harsh place. When you're commenting here, you need to be on the top of your game. This isn't the schoolyard where children play baseball and tag; this is where real men battle it out to the digital death over topics that are extremely critical to all of humanity. If you don't have your arguments in order before you comment, then you'll very likely get trampled, and it will be excruciatingly painful.

You've learned a valuable lesson here today. I know you'll be better prepared in the future. You're a good kid, and you've got a lot going for you. I look forward to reading your future comments.

Re:He is not an expert... (1)

Nerdfest (867930) | about a year ago | (#44855547)

There are people working on 'revocable' biometrics for exactly the reason he's citing here. IBM and a few other have been working on it for some of their fingerprint, face, and iris devices. You can probably dig up some details with a few searches. It is a valid concern, although if the hashes truly do not leave the device, I'm not sure it's a concern here.

Re:He is not an expert... (0)

Anonymous Coward | about a year ago | (#44855577)

if the hashes truly do not leave the device, I'm not sure it's a concern here.

Yes, as long as they've developed a way of making bits non-copyable, everything should be fine.

Re:He is not an expert... (1)

ImdatS (958642) | about a year ago | (#44855609)

Couldn't it work like a smart card chip? Meaning: The chip that does the authentication is connected directly to the reader. The reader can communicate only with this specific chip. The chip itself receives the pictures, calculates the hash and stores the hash in its own non-volatile memory. The chip has only two api-calls: "Train" and 'Authenticate'.

With "Train", it would train on a users finger-print and return "DONE" or "NOT SUCCESSFUL". With "Authenticate", it would only return "ACK", or "NACK". I know, I know, the company building the chip would still be able to put in back-doors, etc, but at least this way the finger-print picture or hash would never leave the chip.

Also, best would be to open-source the chip code so that it can be verified. I know, it still doesn't GUARANTEE that the verified source is what is in the chip that is shipped but at least SOME security/privacy check would be in there..

Re:He is not an expert... (1)

Bing Tsher E (943915) | about a year ago | (#44855861)

"ACK" or "NACK"

Acknowledge, or Acknowledge-Inverted? So it approves in all instances?

Re:He is not an expert... (1)

ImdatS (958642) | about a year ago | (#44855951)

Either you are very young or you or just pulling my leg:
ACK - ACKnowledge
NACK - Not ACKnowledged (old school computer stuff, back from the 1960s-1990s)

Re: He is not an expert... (0)

Anonymous Coward | about a year ago | (#44856003)

Thar would actually be less secure.

You see, using the fingerprint to generate a salted hash makes it possible to not only validate the hash on-device but to use that hash to generate a valid re-salted token to be used for authentication with the cloud services.

Securing the device is one thing. Securing the entire authentication path is quite another.

Re:He is not an expert... (2)

jonbryce (703250) | about a year ago | (#44855555)

Hash values work for passwords where you enter exactly the same password every time. However, you don't enter exactly the same fingerprint every time you scan it, so the device has to decide whether it is close enough to the one you entered previously. For that, I think you would need the un-hashed fingerprint.

Re:He is not an expert... (0)

Anonymous Coward | about a year ago | (#44855641)

The fingerprint would be stored as a feature matrix and a co-variance matrix. Those would have to be un-hashed to work properly.

Re:He is not an expert... (0)

Anonymous Coward | about a year ago | (#44855753)

There is a lot of research done to find methods of storing biometric data as hashes. Fingerprints are actually good candidates for that because they are relatively stable when compared to some other biometrics. However, this research is still ongoing and I doubt many commercial vendors spend time to research and implement any of these methods. They will reduce the performance of the method by adding another thing that can go wrong when comparing fingerprints and it's not their data on the line.. In addition, these hashing methods would also need to be tied to the device as well so that another device (or service) using similar hashing method would not be vulnerable to captured hashes from some other device.

Re:He is not an expert... (1)

Bing Tsher E (943915) | about a year ago | (#44855817)

he is the guy legally overseeing German Privacy Laws in the State of Hamburg.

That makes him an authoritative Hamburger, correct?

Usable Fingerprint data? (4, Interesting)

Rosyna (80334) | about a year ago | (#44855529)

Aside from the fact the government and many institutions (like Banking in the US) already have your fingerprint...

Is there any evidence at all that the fingerprint data store in the A7 is even usable outside of iOS? There's no reason at all to store a raw image of the fingerprint. How would you recreate the fingerprint to make it usable to someone?

Re:Usable Fingerprint data? (1)

EvanED (569694) | about a year ago | (#44855603)

Aside from the fact the government and many institutions (like Banking in the US) already have your fingerprint...

Errr... what? I've never had to give my fingerprint to my bank or the government, aside from the fact that I've handed them papers that I've touched.

Re:Usable Fingerprint data? (1)

Plumpaquatsch (2701653) | about a year ago | (#44855639)

Aside from the fact the government and many institutions (like Banking in the US) already have your fingerprint...

Errr... what? I've never had to give my fingerprint to my bank or the government, aside from the fact that I've handed them papers that I've touched.

So they have your fingerprints.

Re:Usable Fingerprint data? (4, Interesting)

lxs (131946) | about a year ago | (#44855731)

There is no evidence either way. Better err on the side of caution. There wasn't any evidence of iPhones logging GPS data either, until somebody found it. [idownloadblog.com]

This is Slashdot (-1)

Anonymous Coward | about a year ago | (#44855535)

This is Slashdot, where everyone will suck the dick of some German guy who suddenly is a privacy/cryptography expert.

The real issue. (1)

Karmashock (2415832) | about a year ago | (#44855537)

No one is going to trust these companies until they make it clear that they're standing up to the NSA and various governments around the world that want our data.

Till then... no trust. And this stuff really just puts a spike in the eye for the whole cloud notion.

If the centralized systems are not to be trusted then we'll just use centralized systems. Which means the walled garden is unacceptable.

Re:The real issue. (1)

Bing Tsher E (943915) | about a year ago | (#44855889)

The Cloud has been spiked for months. The thing is, organizations like Google don't make The Cloud for storage optional. They produce attractive devices with no removable storage. Then a bunch of people chime on on forums 'why would you need that?' when the lack of removable storage is mentioned as a major negative feature. Google-worship and the cult of the Nexus takes over.

I kind of enjoy this post-Snowden era (0)

Anonymous Coward | about a year ago | (#44855541)

Now it's us, the "tinfoil" neurotics who laugh saying: "We told you so." to all the "cool and normal" people (in reality, uninformed, naive, and ignorant). Thanks Mr Snowden, for helping us to set the record straight.

Hmmm (0)

Anonymous Coward | about a year ago | (#44855545)

Don't you 'hand over' your fingerprints with everything you touch? Don't get me wrong - it's obviously complete crap from a security perspective because it's using data that others can already get, but for that very reason you shouldn't be worried about people getting access to your fingerprint data. How were you planning to stop them; wear gloves 100% of the time?

just FUD IMHO (5, Interesting)

kencurry (471519) | about a year ago | (#44855551)

Some recent uses of my fingerprints in which I had no real say:

1. Passport check at CDG airport
2. Applying for a Speedpass for CA toll roads
3. Getting some papers notarized

So, there are many current uses of fingerprinting in routine life that one has to comply with, and who can say how secure any of it is? But, trust Apple? This is a worthy debate and I trust my fellows slashdotters will post good comments on both sides. Me? I want better security on my phone, as I use it for purchases and banking. I think biometrics is a move in the right direction, what do you think?

Re:just FUD IMHO (1)

CaymanIslandCarpedie (868408) | about a year ago | (#44855631)

Certainly not FUD. A valid concern even if you personally don't think it is an issue. I personally am not worried about it != FUD.

If you want better security on your phone your best bet is stop using a 4 digit numerical passcode or incredibly simply swipe gestures and choose a properly strong/long password. My knowledge of biometrics is limited to enterprise system we had years ago which was horribly unreliable (often wouldn't allow the proper person access and would allow unauthorized people access on what seemed a random basis). I'm sure things have improved a lot since then, but still most studies you read on such systems don't leave you with much confidence.

Their best use seems to be in a 2 factor authentication scheme, but certainly not a replacement for a proper strong password.

Re:just FUD IMHO (0)

Anonymous Coward | about a year ago | (#44855669)

och so CA is now an example of how things are normal or should be?

Re:just FUD IMHO (1)

alostpacket (1972110) | about a year ago | (#44855699)

Speedpass? Wow that seems invasive. Not sure how I feel about iPhone fingerprinting, but for a Speedpass that seems excessive.

Fingerprints for a Speedpass? Seriously? (1)

sjbe (173966) | about a year ago | (#44855713)

Some recent uses of my fingerprints in which I had no real say:

1. Passport check at CDG airport
2. Applying for a Speedpass for CA toll roads
3. Getting some papers notarized

You have quite a lot of say over all those things.
1) There is nothing forcing you to travel to Paris or if there is something actually that important forcing you to travel there, it is probably more important than your fingerprints. (like something relating to your family's well being etc)
2) You don't have to have a Speedpass and I certainly wouldn't give anyone my fingerprints to save a few bucks on toll roads.
3) I happen to be a Notary Public and there is no requirement whatsoever that you give a fingerprint to have a document notarized in most jurisdictions. (It is required for certain property transactions in some places like California) There certainly is no requirement in the state I live in so if you don't want to give up the fingerprint you do have the option of moving.

Re:just FUD IMHO (1)

Anonymous Coward | about a year ago | (#44855737)

A thought experiment: Replace 'Apple' with 'Chinese phone manufacturer' and 'NSA spying scandal' with 'Chinese spy scandal'. Would you still trust them?

That is how foreign governments see the US and US companies.

Re:just FUD IMHO (2)

Andreas Mayer (1486091) | about a year ago | (#44855767)

A thought experiment: Replace 'Apple' with 'Chinese phone manufacturer' and 'NSA spying scandal' with 'Chinese spy scandal'. Would you still trust them?

Actually, that would worry me less, since I can't think of anything the Chinese would want to do with that information. The US on the other hand has already proven, that they think they are the world police.

Re:just FUD IMHO (1)

nightcats (1114677) | about a year ago | (#44855775)

agreed insofar as this is a horse that's already out of the barn. It's very often required to be printed to be employed -- I remember having to be printed when starting a gig for American Express in NYC; to get into the building we had to put a finger over a scanner. This was post-9/11 at the WFC (a block west of the WTC site); but I hear it's become fairly widespread over a decade.

Re:just FUD IMHO (1)

TrekkieGod (627867) | about a year ago | (#44855909)

Some recent uses of my fingerprints in which I had no real say: 1. Passport check at CDG airport 2. Applying for a Speedpass for CA toll roads 3. Getting some papers notarized

What the hell? I have a passport, and didn't submit any fingerprints to get it. I didn't submit my fingerprints to get an identification document such a driver's license and california would expect me to submit them to get through toll roads?? Why the hell did you need fingerprints to get a document notorized? Usually you show up at a bank, hand them an ID, and sign the paper in front of the notary.

So, there are many current uses of fingerprinting in routine life that one has to comply with,

No, there are not! The only people I've ever personally met in the US who were fingerprinted were either arrested at some point or were applying for a security clearance. Routine life here doesn't and shouldn't require such a thing. I haven't heard of this non-sense in california until you mentioned it in your post.

Me? I want better security on my phone, as I use it for purchases and banking. I think biometrics is a move in the right direction, what do you think?

The 4-digit pin is way more secure than your fingerprint. As pointed out elsewhere in this thread, your fingerprints are all over your phone.

Paranoia (4, Insightful)

countach (534280) | about a year ago | (#44855569)

While there are good reasons for paranoia when it comes to the NSA, I think this paranoia is over the top. Firstly, if Apple is lying, and the fingerprint information is not stuck inside the chip like they say, hackers WILL discover it. Then Apple will have bad publicity from here to eternity. So I don't think Apple would lie. Secondly the government has lots of better and easier ways to harvest fingerprints if they really want to. Thirdly, I don't think fingerprints will really do the government much good, except in crime investigations. If you're worried about that, then you've probably got bigger problems.

Re:Paranoia (1)

Anonymous Coward | about a year ago | (#44855663)

So I don't think Apple would lie.

You poor, ignorant, naive little bunny.

You're either 11 years old, or an older fool.

Re:Paranoia (0)

Anonymous Coward | about a year ago | (#44855665)

http://www.threefeloniesaday.com/Youtoo/tabid/86/Default.aspx

Never transmitted... until the next update (5, Interesting)

Chemisor (97276) | about a year ago | (#44855585)

Android used to store your wi-fi password locally and never transmit it anywhere. Then came Gingerbread, and all your local data got helpfully "backed up" to google servers. Setting turned on by default, probably before you had a chance to learn it's there. They say they delete your stuff when you turn off the setting, but, naturally, there is no way to really know. Suddenly, google has all your wi-fi passwords, whether you like it or not. It would be naive to assume Apple would behave differently.

Re:Never transmitted... until the next update (1)

ColdWetDog (752185) | about a year ago | (#44855729)

If you're that paranoid, don't use a cell phone. Madre de Dios folks, cell phones ARE NOT SECURE. They never will be.

Re:Never transmitted... until the next update (1)

KiloByte (825081) | about a year ago | (#44855961)

Correction: don't use a cell phone with a proprietary OS. This means iOS and Google's and carriers' builds of Android, but don't necessarily the rest.

Your Fingerprint isn't ever stored in flash (5, Interesting)

rabtech (223758) | about a year ago | (#44855591)

If you check the design, the fingerprint image itself is never stored anywhere. The fingerprint profile is only stored on silicon in the A7 chip. There is no API to access that data, only flags to tell you that it exists (so the OS can discover there are four stored prints and their names, but nothing about the actual fingerprints themselves).

Apple touts the fact that the fingerprint is never sent over the network as a feature but in reality it can't send it over the network even if it wants to, nor can any application access it.

If you think Apple is lying... well... There must be some level of trust somewhere or we may as well give up. I tend to draw the line at the CPU because if that is compromised or includes back doors, we are all screwed anyway.

Re:Your Fingerprint isn't ever stored in flash (5, Insightful)

CaymanIslandCarpedie (868408) | about a year ago | (#44855705)

Apple touts the fact that the fingerprint is never sent over the network as a feature but in reality it can't send it over the network even if it wants to

So the data exists on the phone. The phone is connected to a network. But it is physically impossible for that data to be sent over the network? Not sure how that would work.

Re:Your Fingerprint isn't ever stored in flash (1)

CaymanIslandCarpedie (868408) | about a year ago | (#44855725)

To be clear, I don't think Apple sharing my fingerprint is the biggest problem here. I'd never use it simply because my finger print is already known or easily knowable by so many people/entities. My properly strong passwords are not.

Re:Your Fingerprint isn't ever stored in flash (4, Interesting)

Wraithlyn (133796) | about a year ago | (#44855907)

In theory, yes.

From what I understand, The secure region of the A7 chip that the fingerprint profile is stored on has a WRITE function, and an AUTHENTICATE function. There is no READ function.

So yeah... because it is protected like this at the hardware level, you're not getting that information out again, period (short of physically breaking into the NVRAM with some sort of forensics tech).

Re:Your Fingerprint isn't ever stored in flash (1)

Necronomicode (859935) | about a year ago | (#44855735)

I don't know the design of the fingerprint device so my comment here may not apply to this device specifically but it's still a thing worth thinking about.

The security of the device is not that of the final destination of the data (the fingerprint data and the A7 in this case) but of the data path from the reception of the data to its final destination (and in this case I don't know what that is). You get a weakest link level of security. If any processing of the finger print data goes through a snoopable interface or storage area then your security is shot.

You would hope that the design is such that the fingerprint device itself is attached to the A7 directlly with a completely separate bus, but I wouldn't put money on it. I'd need some hardware schematics and data sheets to know for sure.

And comments from some users like "Is there any evidence at all that the fingerprint data store in the A7 is even usable outside of iOS?". That's backwards security thinking, you want evidence and assurances that it isn't usable/accessible before you start. Otherwise, you might want to pay top dollar for my new crypto routines that I've just knocked up as there's no evidence that they're a steaming pile of junk (yet).

Re:Your Fingerprint isn't ever stored in flash (2)

jsepeta (412566) | about a year ago | (#44856009)

Technically, Apple never stores your fingerprint. When you train the device, it recognizes signature parts of your fingerprint, such as the location of whorls etc, and then saves that not as a photograph of your finger, but as an abstract number that corresponds to where that whorl exists on your finger. So your fingerprint is never stored, just a series of numbers that represent aspects of your fingerprint. Big difference.

This time, Germans are... (0)

Anonymous Coward | about a year ago | (#44855605)

...crying wolf.

Elementary error (1)

Beryllium Sphere(tm) (193358) | about a year ago | (#44855635)

Biometric data does not have to be secret.

Your photograph on your driver's license is a biometric in effect. It works even if you don't keep your face a secret. It works because if someone holds a copy of your face up to a traffic officer, the traffic officer won't be fooled.

Password security is all about secrecy because anyone can use a password. The only way for it to be secure is if nobody else knows it. Biometric security is about having an adequately intelligent verification system which reacts like the traffic cop would if someone brings in a duplicate, a hostage, or a severed body part. Doing that right is Not Cheap, which is the real objection to biometrics when security counts.

Re:Elementary error (0)

Anonymous Coward | about a year ago | (#44855717)

Just FYI, it's possible to generate working (i.e. they can fool scanners) fake fingerprints from the stored data in fingerprint scanners. Which is bad enough; but putting fingerprint scanners right into general purpose computers connected to the internet 24/7 is plain dumb.

Biometric data does require privacy (1)

sjbe (173966) | about a year ago | (#44855757)

Biometric data does not have to be secret.

For some uses it does need to be secret or at least reasonably private. For others it does not. Part of what makes my fingerprint a reasonably secure means of identifying me is that very few people have access to it. It is NOT hard to copy fingerprint data and use it for purposes which the owner of that fingerprint does not approve.

It works because if someone holds a copy of your face up to a traffic officer, the traffic officer won't be fooled.

Unless the name used to match with that photo is not your name. People make fake IDs all the time. Furthermore it is quite possible for someone to use biometric data of yours for identity theft. You could even be framed for some crime using such data. My Social Security Number technically is publicly available but only a fool would believe that distributing it more widely than absolutely necessary would be a good idea. While you are correct that the secrecy requirements for biometric data are not the same as those for passwords it does not follow that there is no need for privacy for biometric data.

Who will be first (3, Interesting)

lars_boegild_thomsen (632303) | about a year ago | (#44855645)

Back in 2005 some car thieves in Malaysia tried to steal a Merc S Class with some kind of biometric immobilizer. When they realized they couldn't get the darn thing running without a finger print, they merely chopped the owner's finger off with a machete (I swear it's true: BBC Article [bbc.co.uk] ).

I wonder who will be the first to lose an iPhone along with a finger.

Re:Who will be first (2, Insightful)

Anonymous Coward | about a year ago | (#44855827)

Appropriate : http://xkcd.com/538/

However : there is a vital difference : a Merc S class costs 100k and there is no reset button. An iPhone 700 bucks.
Chopping of a finger for 700 bucks isn't worth it. Just restore it with iTunes. Much easier. :-)

In other words : no. It won't happen. It's just FUD. Fear mongering.

fingerprint useless as a secret. (1)

gl4ss (559668) | about a year ago | (#44855659)

My own government/EU has it on file.
and the USA government has it on file already too, since when I visited they took it.

so uh, what the fuck, it's not very useful. it's not that useful even for tracking me. opening a phone with it is just for ease of use. in fact, I would argue that something like opening the phone with it is the only fucking thing it's good for as an authentication as it gets around the problem of inputting a pin in public 100 times a day...

but you wouldn't want your banking for example just behind it. that would be stupid, especially if you might pass out somewhere..

Implied innovation (1)

Plumpaquatsch (2701653) | about a year ago | (#44855675)

Apple has found a way that an iPhone can tell whether somebody will intercept communications and will not send anything incriminating like a fingerprint

And since the NSA will intercept any communications, the fingerprint will never be sent. Crisis averted.

Bollocks (1)

kanweg (771128) | about a year ago | (#44855689)

The US government has my fingerprints because in my country we're obliged to give such biometric data when we get a passport.
As the first poster said: You leave your fingerprints everywhere.
On the iPhone, the fingerprint is analysed (in case of Apple in quite sophisticated way), the resulting algorithm resulting in some string. This string is only meaningful to the phone. In a next scan, is the string the substantially the same or not. The string itself does not convey information as it is useless without the algorithm.
IF there is an algorithm that can work the opposite way to generate the fingerprint, then what? BTW, I doubt that this is possible because apple uses interrupts in lines (where pores are) and while a particular interrupt in a line of my fingerprint is a datapoint, it doesn't say anything about the direction in which the line runs.

If you have my string, and you manage to put it on your iPhone, then you've managed to make your iPhone suitable for use by me. Now that is a great hack! Thanks!

Bert

Finger prints everywhere (1)

Annorax (242484) | about a year ago | (#44855695)

This guy makes one huge mistake in his reasoning. He assumes that we aren't constantly littering the world with our finger prints for anyone to retrieve. Dude. Finger prints are as easily obtained as taking out the garbage.

Finger prints are not something that we need to protect from being proliferated, because we proliferate them ALL THE TIME.

Idiocy.

Legal Ramifications (1)

webdog314 (960286) | about a year ago | (#44855711)

More important to me are my legal protections from the authorities if they wish to use my fingerprint to unlock my phone. I don't have to give them my pin code to unlock my device (at least in most states in the U.S.) but my fingerprints are on almost anything I touch. Would it be legal for the police to hand me a glass of water, take prints from the glass, and then use those prints to unlock my phone without my consent?

Simply Wrong (1)

Bill Dimm (463823) | about a year ago | (#44855747)

The recent disclosure of spying programs like Prism makes it riskier than ever before to share important personal data with electronic devices.

This may seem like nitpicking, but it is not the disclosure of spying programs that makes it risky, it is the existence of spying programs that makes it risky. Disclosure just highlights the risk that was already there. If anything, disclosure makes it less risky because people are less likely to pull such shit when users are more aware of the possibility (i.e. more likely to notice).

"cannot be changed" (1)

spiderwebby (1698936) | about a year ago | (#44855759)

Tell that to the biometric clocking machines I used to have to use. They work brilliantly until you get dirt on your finger, or water (having just scrubbed said dirt off) or cuts. Then there was that belt sander incident...

True with caveats (1)

pev (2186) | about a year ago | (#44855765)

So apple say that they wont transmit the biometric id. That they can control. However, id bet that within months if not weeks someone will find a way to abuse and hijack this on jailbroken devices. The same protection doesn't apply to them...

Also eventually im sure the normal iphone will be abused too. Look at the debacle over the ease of extracting the users location history from iphones...

Re:True with caveats (2)

mysidia (191772) | about a year ago | (#44855857)

So apple say that they wont transmit the biometric id. That they can control.

It doesn't matter so much if they do transmit the biometricc ID; it could be useful, to "authorize someone else to use your iphone" in advance --- or authorize someone to use a feature; such as the fingerprint-based ability to unlock your front door's biometric lock, by just picking an option on their ID in your contact list.

A biometric ID doesn't capture your fingerprint; the bio ID is specific to a kind of fingerprint reader, and it's more like a hash than a password.

For example: there is a chance that 300 or 400 people in the world may have the exact same or very similar biometric ID key, but totally different fingerprints.

That's because all the bits of data the fingerprint reader manufacturer has selected to authenticate a fingerprint has to be boiled down into a very short string of numeric values forming an ID key.

It's not like the reader will be storing a high-resolution capture of your fingerprint, that could be used to manufacture fake fingerprints -- or be capable of being used with other readers.

Identity Theft (1)

Badooleoo (3045733) | about a year ago | (#44855783)

So the point is biometric scanning like finger prints and iris scans can be copied and be out in the wild. If you used that identity in other places too then others can also potentially use them and steal your identity.

What do you do when your account has been accessed unauthorised? You would change your password, you can't change your finger prints or eyeballs.

As a german myself. (0)

Anonymous Coward | about a year ago | (#44855799)

I can only apologise for the drivel he and his ilk are spewing out.
They are a constant annoyance.

There is a german word for it called : Bedenkenträger. People who's passion and job is to constantly fear the worst, know nothing, want to live in the past, regard themselves as important (despite being not so), make others people miserable and are generally opposed to progress. In a nutshell : scum. Their favourite word is "but"

FP readers dont capture your fingerprints (4, Informative)

mysidia (191772) | about a year ago | (#44855803)

They capture metrics based on your fingerprints

These are not cameras, that take an optical image; or collect data that can be used to reproduce your fingerprints.

The readers provide only enough data to authenticate the ridge pattern, by taking some simplified metrics that represent your pattern with a relatively high fraction of uniqueness.

See the citeworld article [citeworld.com] for more information about the iPhone's reader; apparently, this reader will be harder to trick than most laptop readers from Authentec have been in the past.

If they were worthwhile; then this seems worthwhile.

It's certainly a better idea to have fingerprint + 4-digit passphrase than a 4-digit passphrase.

Long passphrases are inconvenient; more convenient security means the bar is raised: people's risk will go down.

Also, since the reader requires live skin, it cannot be faked easily ---- it may reduce thefts of these devices by pickpockets and the like.

An actual fingerprint is not stored (0)

Anonymous Coward | about a year ago | (#44855805)

If anyone in this article actually was an expert of any sort, they'd understand that a raw fingerprint image is never actually stored as a part of this process. Rather, a set of features, called minutiae, are extracted from an image of your fingerprint. These are things like ridge flows, bifurcations, gaps/short ridges, etc. Then a descriptive template is generated for those features that can be used and extended with new features as more of your fingerprint is scanned. At no point in the actual matching process (since Apple is likely using a derivative of the Authentec matcher, due to their buying Authentec to kill off the fingerprint sensor market for other vendors) is the raw image actually used, but rather a set of these descriptive features is generated, then matched against the template stored in memory.

There is no way to reconstruct an actual fingerprint from this, the best you could hope for is to feed the matcher a stolen template to match against a stored template, but even then this is a pretty far-fetched attack.

Two touchscreen phones (1)

Cyfun (667564) | about a year ago | (#44855823)

This could be easily foiled if you had two touchscreen phones. Just hold the iPhone 5s's fingerprint scanner up to the other's touchscreen, which will no doubt be covered in smudgy fingerprints, and be warm enough to simulate body temperature if need be.

Forgery with gelatin remains as problem (1)

Antique Geekmeister (740220) | about a year ago | (#44855835)

Fingerprint forgery is now a well established technology, with numerous articles such as http://www.stdot.com/pub/ffs_article_asten_akaseva.pdf [stdot.com] explaining the basic technology. That publication is 10 years old, and I've seen no evidence of any real improvement in the scanners themselves since then.

Commonplace scanning with the inevitable consumer applications storing it locally, and badly, will unfortunately contribute to the forgery problem by making the replicable fingerprints even more available to thieves and fraudsters. That sidesteps the "digital hash" storage problems, but takes more work to get complete fingerprint scans, such as those stored by the police or military databases for reference matching.

Re:Forgery with gelatin remains as problem (1)

bensyverson (732781) | about a year ago | (#44855935)

Gelatin won't work—the technology in the Touch ID sensor requires a live finger. [citeworld.com]

Keep to yourself (1)

markdavis (642305) | about a year ago | (#44855893)

>"Handing over a non-changeable biometric feature like a fingerprint for no better reason than that it provides 'some convenience' in everyday use, is ill advised and foolish. One must always be extremely cautious where and for what reasons one hands over biometric features.'"

This is much more important for biometric features that are "left behind" or can be remotely monitored. Those include:

* Fingerprints
* DNA
* Facial recognition
* Voice recognition

Other biometrics are far safer for the owner because they [theoretically] can't be collected or used to track the owner without knowledge and consent each time:

* Retinal scan
* Vein pattern

For example, without my permission, my fingerprints can be collected. Without my permission my latent prints can be analyzed and used for searches. And because they (and DNA) are left all over the place, it is far easier for someone to make copies, too- then use those for tracking, breaking into things, or framing the owner for a crime.

How about a DNA sensor by spitting at the phone? (4, Funny)

JoeyRox (2711699) | about a year ago | (#44855971)

I predict a day in the not-to-distant future where lazy consumers will tire of having to touch their devices to unlock them and will demand a DNA sensor that lets you unlock phones by spitting at them. I wouldn't want to be sitting in the front row of that Apple media event.

stop driving cars (1)

jsepeta (412566) | about a year ago | (#44855989)

one should stop driving cars because most people are unable to independently explain how the internal combustion engine works.

me, i pour gas into the gas tank, and the thing just fucking works. it's a goddamned miracle i tell you!

Biometric Features are Constant (1)

ZeldorBlat (107799) | about a year ago | (#44856023)

Biometric features of your body, like your fingerprints, cannot be erased or deleted. They stay with you until the end of your life and stay constant — they cannot be changed.

Perhaps, but the passwords of your average user stay with them until the end of their life and are constant -- so what's the difference?

I got finger printed in 2nd grade (1)

millertym (1946872) | about a year ago | (#44856039)

Is there anyone in the USA that doesn't have their fingerprints already stored in some FBI controlled database? It's nearly universal as far as I can tell to have children's finger prints taken officially at school "to protect against kidnapping" type mentality. It has been happening at least since the early 80s when I was that age and was prodded into sticking my small child fingers into the ink and rolled onto an official paper - with a spot for each finger.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?