LOL So much for Apple's touch ID "security"

[jpeyton]

That 15 digit code wont do anything to stop all of the free information you are feeding Google and your service provider (and in effect the govt).

Anything you send over the wire is fair game to the government, regardless of whether you're using a Mac, PC, iPhone, Galaxy S4, etc. If you transmit it, expect it to be logged and/or archived at some NSA server farm.

And for those of you asking: no, I don't use a 15-digit alphanumeric password on my phone. I've disabled any kind of security on my lockscreen, because I'm honest about the fact that I don't need security on my mobile device. And with Android device manager, I can do a remote lock/wipe if the need arises. The nice thing is that my phone is ready the instant I need it; no fumbling around with patterns, PIN codes or fingerprints.

I use a 15-digit password for my desktop, laptop and work related logins. If you're going to use security, at least be serious about it.

 

[thedosbox]

So having my fingerprint will allow you to impersonate me? Cool... Exactly how would you use this fingerprint to impersonate me again?

No, you're absolutely right. Nobody can pretend to be you and access all of your accounts because of apple's "highly secure" innovation. I apologize for not thinking this through. After all, it's not like identity theft involving apple will ever happen.

There are 10,000 combinations for a 4 digit pin. Quite frankly that's easier than trying to acquire 9 million+ finger prints and that doesn't even count multiple fingers.

/facepalm

Kind of convenient of you to ignore the low-tech scenarios listed.

The butthurt over touch ID is comical. I suspect jealousy is in the air.

I see the RDF is strong in this one. Having an inherently bad "security" mechanism on your phone is nothing to be jealous about

 

[Fardringle]

I use a 4 digit PIN just to keep my kids from messing with the phone. Other than that, anybody wanting actual security needs multiple step security, probably with a separate RSA key or other similar method, and certainly wouldn't ever include a fingerprint as more than just a very minor addition to the real security being used.

 

[alkemyst]

In other stories, just get a pair of pruning shears and lop off said phone owners finger tip.

 

[alkemyst]

First, we are talking about replacing a 4 digit numeric code with something of convenience. A 4 digit pin isn't exactly secure in and of itself either.

Second, in almost any situation physical possession of a device will give you the power to get in to it. From servers to network gear to laptops and PC's.

I am waiting for Android to offer this, just to hear all the drama end.

If you want security, do not use a simple pin, do not use finger-print reading, use a strong password policy protected to wipe the device on the third failure. Also install device tracking software to remotely wipe.

 

[Eug]

I am waiting for Android to offer this, just to hear all the drama end.

Heah, hear, brother! And yes, I betcha it will appear on Android within 2 years, Motorola's Atrix notwithstanding.

P.S. Motorola Bashes Apple's iPhone Fingerprint Reader, Forgets It Sold One First

A tweet posted Tuesday from the account of Motorola Mobility, now owned by Google, seemed to take a potshot at Apple‘s newly-released iPhone 5s, which includes a fingerprint-reading feature that it calls “Touch ID” built into the phone’s home button.

“Remember that one time you were stoked to give your fingerprints? Us either,” the tweet reads.

That comment, perhaps alluding to privacy fears that Apple might be assembling a database of users’ fingerprints, may strike readers as a little odd. And not just because Apple has carefully emphasized in its marketing that all fingerprint data from Touch ID will be stored locally on the phone and never uploaded to a remote server; Also because Motorola’s own flagship phone of 2011, the Atrix, offered a fingerprint reader long before Apple. The Atrix, which is still being sold by Motorola today, integrates its fingerprint reader into the wake button on the back of the handset.

 

[golem]

"Yeah I just bought this new iPhone, cost me $700 and won't be able to replace it for a month. You know I just thought maybe I'd smash it up for fun". - A smashed phone is more evidence than a non-existent video. .

Whether it "more" evidence or not is irrelevant. In either case, it's not enough evidence. You accuse someone of doing something and all you have is a smashed phone... well good luck with that. I'm sure there are lots of smashed phones out there, and not all of them are evidence of anything, except maybe an accident.

 

[golem]

No, you're absolutely right. Nobody can pretend to be you and access all of your accounts because of apple's "highly secure" innovation. I apologize for not thinking this through. After all, it's not like identity theft involving apple will ever happen.

What does this have to do with my question of how you would impersonate me with my finger print? In fact I don't remember ever saying what you wrote, I said TouchID is more secure than using no lock and as secure if not more so than using pin/pattern unlock depending on the circumstances. If you're going to quote me, please actual respond to my question or comment and not go off on some random rant.

 

[NoStateofMind]

Whether it "more" evidence or not is irrelevant. In either case, it's not enough evidence. You accuse someone of doing something and all you have is a smashed phone... well good luck with that.

I'm starting to wonder if you are even reading my posts at all in blind fury for apple's defense.


I stated earlier it would not help you against thugs. Never claimed it would. Yet skeptical people will at the very least have something tangible to attribute to the story.

 

[MrX8503]

/facepalm

Kind of convenient of you to ignore the low-tech scenarios listed.

Kind of convenient of you to ignore posts that I'm referring to.

/facepalm

Anything you send over the wire is fair game to the government, regardless of whether you're using a Mac, PC, iPhone, Galaxy S4, etc. If you transmit it, expect it to be logged and/or archived at some NSA server farm.

And for those of you asking: no, I don't use a 15-digit alphanumeric password on my phone. I've disabled any kind of security on my lockscreen, because I'm honest about the fact that I don't need security on my mobile device. And with Android device manager, I can do a remote lock/wipe if the need arises. The nice thing is that my phone is ready the instant I need it; no fumbling around with patterns, PIN codes or fingerprints.

I use a 15-digit password for my desktop, laptop and work related logins. If you're going to use security, at least be serious about it.

I have a secret to tell you. The iPhone 5S doesn't require you to use touch ID nor a pass code.

Heah, hear, brother! And yes, I betcha it will appear on Android within 2 years, Motorola's Atrix notwithstanding.

P.S. Motorola Bashes Apple's iPhone Fingerprint Reader, Forgets It Sold One First

Lol what idiots. No wonder they can't get anything right. The scanner on the Atrix never caught on because it was garbage.

 

[WelshBloke]

... I am waiting for Android to offer this, just to hear all the drama end...

I can guarantee you that that would not stop the drama.

First there'd be the argument that Android copied iOS.
Then someone would bring up the atrix and say that iOS copied android.
Then somebody would say that apples version is undefinably different but superior.
Then someone would make the RDF jibe.
Then someone would bring up lag.
Walled garden.
Malware.


See where this is going?

 

[golem]

Kind of convenient of you to ignore the low-tech scenarios listed.

Because it's only fingerprint locks that have low tech scenarios in which they are easy to crack?

 

[zaydq]

What a crap show...

The only benefit I see from the finger print reader is the convenience of not having to key in a PIN number when I want go use the device. I never bother to keep anything of utter secrecy in my device that I should have to rely on basic security software. At the end of the day, phones merely get stolen by someone looking to sell it, not by people looking for some sacred bank account filled with cash. The problem I'm consistently reading only pertains to a small minority in phone/iPhone owners.

The only practical downside of the finger print reader is the fact that, say if I were driving, and I ask my wife to call someone or look up the address with my phone, I would need to unlock it with my finger for her, as opposed to telling her what PIN # to key in. Its simply a convenience tool and bordering a gimmick, nothing more.

 

[golem]

I'm starting to wonder if you are even reading my posts at all in blind fury for apple's defense.


I stated earlier it would not help you against thugs. Never claimed it would. Yet skeptical people will at the very least have something tangible to attribute to the story.

I'm not the one that's being blind. TouchID is just meant as a option vs not using a lock or a replacement for pin/pattern unlock.

Instead of treating it as such, and in an effort to discredit TouchID for it's intended use, you came up with a some scenario with filming cops doing something illegal and being forced to delete this video? Okay, I concede, if you ever are in a situation where you are filming cops, then you should definitely use Pin/Pattern unlock and not TouchID.

 

[thedosbox]

Because it's only fingerprint locks that have low tech scenarios in which they are easy to crack

PIN/passwords should only be known to the owner of a device. That knowledge can't be prised out without the owners knowledge. If you don't understand the difference between that and a fingerprint, I can't help you.

To be clear, it was a terrible idea when Motorola did it, hence I'm amused that apple appears to have copied them

 

[golem]

I can guarantee you that that would not stop the drama.

First there'd be the argument that Android copied iOS.
Then someone would bring up the atrix and say that iOS copied android.
Then somebody would say that apples version is undefinably different but superior.
Then someone would make the RDF jibe.
Then someone would bring up lag.
Walled garden.
Malware.


See where this is going?

I'm sorting hoping more manufacturers copy this. I'd like to use it on my next phone as opposed to not using any lock.

 

[MrX8503]

PIN/passwords should only be known to the owner of a device. That knowledge can't be prised out without the owners knowledge. If you don't understand the difference between that and a fingerprint, I can't help you.

To be clear, it was a terrible idea when Motorola did it, hence I'm amused that apple appears to have copied them

Motorola seem to have forgotten that they did this themselves. I wouldn't blame them for wanting to forget a shitty implementation.

 

[lopri]

There is no way I am advocating finger print identification without knowing for certain the data stays local. On any platform.

 

[golem]

There is no way I am advocating finger print identification without knowing for certain the data stays local. On any platform.

It's supposed to be local only. We'll find out soon enough if it is, I'm sure that are teams of hackers out there trying to get at the encrypted fingerprint data remotely.

But I really am curious. What exactly can you use a fingerprint for? I don't exactly want it floating out there, but if it was, what could it be used for by itself? You don't apply for credit cards or loans with it alone. As far as I can tell, besides for fingerprint scanners, it's not used for anything by itself.

Not to mention, that there seems to be much easier ways to get someones fingerprints besides hacking into an iphone, which you would appear to need a fingerprint in the first place to get into.

 

[lopri]

Umm.. identification? Which is used to obtain data that can be abused under a false impersonation, or that can be used against me against my wishes? Of course fingerprint in and of itself might not be too much of a value (I don't know where science is at) but it can be like opening your front door wide open in the digital world. In that sense it's no different than password or door lock. I would go further and argue that anonymity itself is becoming increasingly scarce but important value.

 

[golem]

Umm.. identification? Which is used to obtain data that can be abused under a false impersonation, or that can be used against me against my wishes? Of course fingerprint in and of itself might not be too much of a value (I don't know where science is at) but it can be like opening your front door wide open in the digital world. In that sense it's no different than password or door lock. I would go further and argue that anonymity itself is becoming increasingly scarce but important value.

But it can only be used to identify you if it's matched against something, which would mean your fingerprint is already out there to be matched against.

 

[lopri]

Yes, of course.

Edit: For instance, at Apple's (or one of the carriers') servers. Since anything that transmits over the air is presumably not secure.

 

[Crono]

Much ado about nothing. It would be far easier to set up a hidden HD camera to capture someone's PIN or password on any other device than to fake fingerprints.

Security is about layers. The more you have, the more work needed to get in. There is no such thing as perfect security in this world, though.

 

[WelshBloke]

Motorola seem to have forgotten that they did this themselves. I wouldn't blame them for wanting to forget a shitty implementation.

I've never used Motorolas version. How did it differ?

 

[RandomFool]

What a crap show...
The only practical downside of the finger print reader is the fact that, say if I were driving, and I ask my wife to call someone or look up the address with my phone, I would need to unlock it with my finger for her, as opposed to telling her what PIN # to key in. Its simply a convenience tool and bordering a gimmick, nothing more.

My thoughts exactly except substitute the wife for anyone I know. I can't count the number of times I've had someone else use my phone. I have a pass code on it just to keep strangers from accessing it if it's stolen/lost.