Wye wrote:

Where in anything I've written are you reading that I think the iPhone 5S is the first device ever in the universe to have a fingerprint sensor?  Please give me a link so I can correct the error.

Lohkee wrote:
BTW, dumpster diving and going through desks is old school. A key-logger is fast and effective

Low-tech solutions are always the killer. I can't tell you how much resources have been spent on trying to secure images and video (my previous employer had the major movie studios as clients, and they were super-paranoid about their movie trailers, posters, etc). We spent fortunes hiring companies like InstallShield, and other outfits out of places like Israel to create solutions, but I would always remind my bosses that its still a simple matter to grab a camera and take a photo of an image displayed on a computer screen, thus defeating the latest 6-figure "solution" they had just bought and bragged to clients about.

Lightcraft Studio wrote:
Besides, Apple is probably using pre-existing technologies as the basis (they didn't invent fingerprint technology) which have the same inherent risks that any other software solutions are prone to.

Nope. Apple paid $350 million last year for the company that created the technology behind Touch ID. You don't spend that kind of money for pre-existing technoogy.

Let There Be Light wrote:

Nope. Apple paid $350 million last year for the company that created the technology behind Touch ID. You don't spend that kind of money for pre-existing technoogy.

Not necessarily true at all. There is a huge difference between a truly new technology, and developing a custom sensor that utilizes existing technology in some unique package (like a button). Huge. From what I've been able to see (and I haven't really looked that hard in all honesty), they are using capacitance to image the print. Translation: Using old technology in a (sorta) new way.

So, would you be kind enough to share who this company is? I would love to read their literature, especially any test data.

Lohkee wrote:

Not necessarily true at all. There is a huge difference between a truly new technology, and developing a custom sensor that utilizes existing technology in some unique package (like a button). Huge. From what I've been able to see (and I haven't really looked that hard in all honesty), they are using capacitance to image the print. Translation: Using old technology in a (sorta) new way.

So, would you be kind enough to share who this company is? I would love to read their literature, especially any test data.

AuthenTec is the one they most recently purchased (14 months ago)

http://www.reuters.com/article/2012/07/ … KD20120727

Not sure if the AuthenTec technology is the *only* one going into the fingerprint sensor though..

Wye wrote:

AuthenTec is the one they most recently purchased (14 months ago)

http://www.reuters.com/article/2012/07/ … KD20120727

Not sure if the AuthenTec technology is the *only* one going into the fingerprint sensor though..

Yep. It appears that you are correct.

http://www.patentlyapple.com/patently-a … light.html

Michael Bots wrote:
Could iPhone 5S Thieves Chop Off Fingers To Hack Fingerprint Scanner?
http://www.huffingtonpost.co.uk/2013/09 … 1378887488

"When J Paul Getty III, the heir to the family fortune, was kidnapped in Italy in 1973 an envelope containing his ear was sent as part of a $3m ransom demand."

What I find hilarious about all the people claiming "he'll cut off your finger and do that!" is that a) a threat of chopping off a finger would be enough to make me want to give up my PIN and b) why would they even need to chop it off? They have me.. and my phone.. just grab my hand and touch my finger to my phone. Why is the chopping off required?

I swear you guys watch way too many mob movies.

Wye wrote:
What I find hilarious about all the people claiming "he'll cut off your finger and do that!" is that a) a threat of chopping off a finger would be enough to make me want to give up my PIN and b) why would they even need to chop it off? They have me.. and my phone.. just grab my hand and touch my finger to my phone. Why is the chopping off required?

I swear you guys watch way too many mob movies.

Whoa, DUDE! You just read my mind

Lohkee wrote:
To clarify. Even if Apple's scanner is easily defeated, this may not be a bad thing **depending** on how the print is used. If it is used for the sole purpose of unlocking the phone then it is probably going to prove very effective at preventing the casual thief from using the phone as it would not be worth the time to hack it. Of course, this creates another problem. What if you are incapacitated in an emergency and your phone is the only one available?

Using the print for financial transactions is where I start to get very concerned because it is a game changer with regard to the effort someone might be willing to expend bypassing the legitimate print.

Yes, it would be terrible to be in an accident where you cut your finger too badly for it to be used, however someone pointed out that it could still be used to call 911.

If the person is wealthy and has bank account information stored, well sure!  You know that Bill Gates is not likely to have one of these iphones. 

Wye wrote:
I swear you guys watch way too many mob movies.

Except it's already been done --

Malaysia car thieves steal finger
http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm

Michael Bots wrote:

Except it's already been done --

Malaysia car thieves steal finger
http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm

A car is not a phone.

Lohkee wrote:
Of course, this creates another problem. What if you are incapacitated in an emergency and your phone is the only one available?

This is actually a plus for the fingerprint authentication.

If I'm incapacitated, you can still use my finger.
If I'm incapacitated, you cannot ask me what my passcode is to unlock my phone.

I'm assuming incapacitated as unconscious but in the same physical place as the phone.

Good Egg Productions wrote:

This is actually a plus for the fingerprint authentication.

If I'm incapacitated, you can still use my finger.
If I'm incapacitated, you cannot ask me what my passcode is to unlock my phone.

I'm assuming incapacitated as unconscious but in the same physical place as the phone.

That's really quite an assumption. It also doesn't address the issue of people who don't have prints, or those who, because of their work, routinely distort their prints via injury. What do you suggest then?

Lohkee wrote:

That's really quite an assumption. It also doesn't address the issue of people who don't have prints, or those who, because of their work, routinely distort their prints via injury. What do you suggest then?

They just enter the passcode like always.

Wye wrote:

They just enter the passcode like always.

My question was in the context of an incapacitated person.

Lohkee wrote:

My question was in the context of an incapacitated person.

Then they have to wait until they are no longer incapacitated.

The F-Stop wrote:
It's just so funny they would be soooo worried about "user" security instead of making em inoperable n useless if reproted stolen. A dead useless phone is not worth stealing!

hahahaha Just leave it to some 12 year old to figure out in a week.... fingerprints will be a thing of the past along with every other measure they came up with so far.

KISS

Not being an Iphone user I'm not positive, but I do believe the owner can wipe/deactivate the phone remotely.  Perhaps an Iphone person can chime in on this.

The F-Stop wrote:
It's just so funny they would be soooo worried about "user" security instead of making em inoperable n useless if reproted stolen. A dead useless phone is not worth stealing!

they've done that. It's called activation lock. If you set your phone to lost and wipe it then (apparently... I haven't tried it) the phone can't be re-activated without your Apple ID password.

The F-Stop wrote:
hahahaha Apple ID...

here in NYC, the biggest of Apples, there are so many of those "Mr Clean" reported stolen phones, we sell em in vending machines now..

sorry we only take cash or gold.


hahahahhahha

What?

Lohkee wrote:
[
BTW, dumpster diving and going through desks is old school. A key-logger is fast and effective

BTW, key-loggers are old school. Now you just hack the unsecured accelerometer on your iphone thats been sitting on your desk next to your keyboard all day recording the vibrations of your key strokes.

The F-Stop wrote:
hahahaha Apple ID...

here in NYC, the biggest of Apples, there are so many of those "Mr Clean" reported stolen phones, we sell em in vending machines now..

sorry we only take cash or gold.


hahahahhahha

Psst.. the activation lock is a new feature.. nobody had it before wednesday.  It should seriously deter theft once thieves know it's a pain in the ass to try and actually use a stolen iPhone.

Wye wrote:

Psst.. the activation lock is a new feature.. nobody had it before wednesday.  It should seriously deter theft once thieves know it's a pain in the ass to try and actually use a stolen iPhone.

I like it for this reason.  Plus, it's kinda cool in a Tron/Futuristic way.
P.S. Wye, your posts amuse me (in a good way).

Jules NYC wrote:
Technology is great.

When I upgrade from the 4S, the fingerprint security feature will be cool but meh.
I don't have top secret information on my phone. I wouldn't be with anyone who would disrespect my privacy anyway.

Unless you're working for the government, who is going to really care about your business unless information can take you to court/jail/prison?

If that's the case, not to swift leaving all of that on your phone.

This new feature probably works best for the regular guy with something to hide (or to show off to them).

Strange as it may seem, a simple email address can be worth a lot to the right people as it is a very useful attack vector.

Lohkee wrote:

Strange as it may seem, a simple email address can be worth a lot to the right people as it is a very useful attack vector.

Sure.

People can hack through your webcam.
I know enough dick MIS/IT guys that showed me everything I could be paranoid about.  Still a little paranoid at times, but meh.

I'll let the universe take care of the bad people, ha ha.

Lohkee wrote:
Strange as it may seem, a simple email address can be worth a lot to the right people as it is a very useful attack vector.

I think that the need for physical access to make such an attack is where these sorts of things fall down.

Sure there are a number of people who will be targeted for access to their physical device.. but john and jane q public should worry more about network-based threats/viruses.

Personally I keep alot of work sensitive information on my devices.  Which is why my drives are encrypted, my machine always has a password lock, and sensitive information is stored on encrypted disk images on the encrypted drive.   3 (different) passwords required to get to my data -- 2 once the machine has booted.

Same goes for my phone: 7 character passcode, passcode to access the app I keep things in, passcode to access the directory in the app where the good stuff is stored.

Most people don't need to go through all that though.  And I'm only really paranoid about what happens if the device is lost or randomly stolen.  Nobody's gonna search me out to get what I've got.

Michael Bots wrote:
In the NY Post

iPhone recognizes cat’s pawprints
http://nypost.com/2013/09/19/rabid-appl … w-iphones/

That techcrunch article (http://techcrunch.com/2013/09/19/watch- … int-sensor) is a fabrication.

It's not an 5S -- you can tell because there's no metal ring around the button.

EDIT: actually.. it just may be a 5S...  The cat paw thing would only be a problem if he didn't train the phone with a print of the cat's paw.  But he did.  And apparently no other cat's paws would work except the one that he input into the phone.

So.. strangely enough.. all is working as it should. haha.

Wye wrote:

That techcrunch article (http://techcrunch.com/2013/09/19/watch- … int-sensor) is a fabrication.

It's not an 5S -- you can tell because there's no metal ring around the button.

LOL

After commandeering a cat

*Nice sound effect too

Michael Bots wrote:
iOS 7 Lock Screen Vulnerability Discovered Which Gives Access To Photos And Social Sharing, Apple Is Working On Fix
http://techcrunch.com/2013/09/19/ios-7- … l-sharing/


iOS 7 Bug Lets Anyone Bypass iPhone's Lockscreen To Hijack Photos, Email, Or Twitter
http://www.forbes.com/sites/andygreenbe … r-twitter/

-----------------------------------------------------------------------------------

Apple iOS 7 iPhone 5S Commercial    (spoof)
https://www.youtube.com/watch?v=oSJqBJ1TF-E

The lock screen bug seems very difficult to replicate but does seem genuine. Can be stopped by turning off access to the control center in the lock screen.

Wye wrote:

I think that the need for physical access to make such an attack is where these sorts of things fall down.

Sure there are a number of people who will be targeted for access to their physical device.. but john and jane q public should worry more about network-based threats/viruses.

Personally I keep alot of work sensitive information on my devices.  Which is why my drives are encrypted, my machine always has a password lock, and sensitive information is stored on encrypted disk images on the encrypted drive.   3 (different) passwords required to get to my data -- 2 once the machine has booted.

Same goes for my phone: 7 character passcode, passcode to access the app I keep things in, passcode to access the directory in the app where the good stuff is stored.

Most people don't need to go through all that though.  And I'm only really paranoid about what happens if the device is lost or randomly stolen.  Nobody's gonna search me out to get what I've got.

And I think you make a good point. The problem with security in general is that most people don't think in terms of how the "innocent" stuff on their devices can be used against them or its value to the right someone. The whole "who would care about my stuff" attitude has long been a tough nut to crack for security folks. Like you, I am not particularly worried about being actively targeted, but I still take measures to protect my data (full disk encryption + encrypted backups) for other reasons (such as some dirt-bag robbing my house when Hue and I are out of town). For example, I have shot many fine art nudes for people who would be devastated if they were to become public so I take these steps to ensure their privacy in case of a mishap more than anything else.   

Bottom line: Many people don't realize (or don't care) what their stuff might be worth or how it could be used against them. For the most part, the majority will probably go through life without suffering any serious consequences in the event of an unauthorized disclosure. Therein lays the catch. For some, the consequences can be life-altering and utterly devastating. I do believe that if someone has anything, anything at all, on any of their devices that thy would not be willing to publish on the front page of their local newspaper, that they would be well advised to takes whatever steps are necessary to protect it. Call me paranoid, but I have seen people do some pretty bizarre stuff for even more bizarre reasons over the course of my (former) career as an investigator.

Security is only a hassle when it's not a habit