New rumor points to fingerprint sensor, NFC e-wallet in Apple's next iPhone - Page 2

And a nice Ive'd OS 7...

Everyone knows you just wear a tinfoil hat and you're good to go... Jeez, don't make it complicated.

 

Sigh.  Not your fault, but this is a prime example of the negative power of the Internet.  People with agendas post misleading articles that get repeated and often grow with the telling.  Apple sites especially are full of misinformation about NFC, usually because they're anti-anything that Apple doesn't have.

NFC is just another wireless method like Bluetooth or WiFi.  What counts is what goes over it.  That is where people confuse simple NFC based data exchanges with NFC based payments.

 

NFC payments are encrypted and are safe.   NFC data exchanges are helpful things that users do between themselves.  (See my example above.)

 

The one supposed instance of "NFC hacking" was simply some publicity hound pointing out that, if you have NFC _and_ NFC data exchange turned on, then someone could hold their phone next to yours and transfer a website URL.  As if you wouldn't notice that.  Anyway, your phone would then open that website.  At that point, you are supposed to be brain dead and not wonder why a strange website is there, so you click some enticing button on it and are presented with the option to download an app.  Of course, you have to also have "Allow installation from unknown sources" turned on.  Then you have to say yes to installation amid all the access warnings.  That's not really NFC hacking.  It's just social engineering that can also be done on any phone via SMS or email.

That's what the Reynold's people want you to think¡

 

I think the worst thing to happen to iOS would be a "cleansing" on the order of Windows (Phone 7)/8. I certainly hope that Jony keeps skeuomorphism around, because that's the point.

His hardware and that software are WHY they work so well together. The hardware gets out of the way of everything. The person shouldn't even know what they're using exists. There should be no barrier between the hardware and the interaction. That allows the software to be… anything. and everything. Exactly what the user needs in whatever situation. And then by making the software relate to a physical thing, a pre-technological equivalent, anyone can pick it up and use it.

 

Such a device needs to be connected to a bank. And what bank has enough money...? Well, the First National Bank of Apple, of course, it has billions! Furthermore, Apple has those billions scattered around the world, so, in effect, it's a WORLD bank. 

 

I want to see THAT Apple Ad!!!! 

I don't see how a dismembered finger will suddenly have no ridges. If we're talking about one that has been cut and dried for an extended period, sure, we usually see these biometric dismembering in film happen very close to its usage.

But even if, say, in 20 years from now someone hid something in an Authentec biometric vault but they've been dead for years you can rehydrate tissue. Does their method measure the precise rigid height (which could take a lot of processing and time) or simply use that extra metric as a way to determine if the print is a three-dimensional object as opposed to just a scan of a print to get past the easily fooled, standard fingerprint readers?

 

Yeah, normally I would have dropped the political stuff at the end, but it's so entrenched as nonsense now that it seems okay. The thread didn't explode into politics as a result of it, at least.

 

Good question.

 

You might recall that I once explained that capacitive touchscreens work because of the blood in the capillaries and live tissue under the skin.  They're conductive and take a charge, which is sensed as a change in capacitance.

 

Likewise, AuthenTec uses very precise active capacitance sensors, which measure the ridges and valleys as dead spots and live spots, because the ridges are biologically dead skin acting like a dielectric, and the valleys are closer to live dermis acting as a conductor.  

 

The measurements must match known values for dead and live cells, and perhaps even overall capacitance of the body attached, to be valid.  Thus a dead, detached finger will not be accepted.

 

Edit: After writing this, I found that AI had done an article on the sensors back when Apple got involved.  See here.

Edited by KDarling - 3/11/13 at 6:51pm

You dont drag your finger across the authentec sensor.  The sensor would be fused into the button glass face much like the capacitive touch screens that apple is now using to allow the iPhone 5 to be so thin. There is no air gap between the capacitive layer on an iPhone 5 and the lcd and the glass.  There even using that tech on the retina macbook pros to get the screens so thin and the iMacs too.

From an  AI article about the sensor tech that apple bought:

 

 

 

A few things we learn:

 

1. The sensor is small enough and thin enough that it  can be incorporated in the button and is fully self contained no other support needed.

2. Because of using both Capacitive and Radio Frequencies it can scan through a protective cover easily unlike other sensors on the market. (No swiping needed like a thermal sensor).

3. Because the Radio Frequencies can read below the surface skin layer and identify properties of living tissue or skin it cant be "spoofed" by using a dead finger or thumb.  (This is kinda creepy but im sure enough of us have seen movies of peoples fingers being cut off and used on a scanner). 

 

I can see this happening easily, wether or not it will is another story, I guess we will have to wait to see when the 5s comes out.

 

Nope. Don't expect big changes.

I thought I was more clear in my previous post. What defines a match. It can't be exact but instead has to fall within a range. What is that range and are the levels able to be duplicated well enough to be bypassed? That's always been the issue with the biometrics. Even DNA tests can be faked (assuming a recent episode of Elementary is accurate). And what if you cut or burn your finger? Are you then locked out? What if you're finger is cold and therefore doesn't have the proper nerve endings as before? You can't go by a marketing sheet to determine that there are no downfalls to a given technology, especially when it comes to biometrics.

I wouldn't want the sensor under/built into the button. Pushing on it all the time may damage it. Maybe it could be in the bottom right or left beside the home button and be buried under the glass. It wouldn't show, just like the sensor above the speaker and camera on the front. Nice and clean and simple.

And NFC can still be used to hack into people's sensitive data. In the article below, hackers got into a Galaxy S3 (yes I understand its Samsung, and Android, however it holds valid until Apple does it, if they do). Having a constant "radiating" or "leaking" of your personal data is potential for others to get hold of it.
http://www.techworld.com.au/article/436860/galaxy_s3_hacked_via_nfc_mobile_pwn2own_competition/
Edited by Timbit - 3/11/13 at 9:23pm

 

I always wonder when people say they value their privacy if they really, truly do, or if they've just found one particular thing that annoys them.

 

Do you use Facebook?  How about Google?  I mean any of their services, search, gmail, anything.  Do you use filtering software (like various ad-blockers or Little Snitch) to block the all the google ads and analytics on probably 80% of sites?

 

Do you use Survellance Cards (whoops, I mean credit/debit cards) for day-to-day purchases?  Every transaction is captured, stored, analyzed and directly attached to you, personally, forever.  How about grocery "loyalty cards"? (what a bullshit name!)

 

I could go on, but I'm honestly curious if you value your privacy, or just don't want individual citizens recording video of you.  Remember, you're on camera many times whenever you go out in public, shopping, etc.

Well , while you should be concerned with being tracked.... your paranoia is misplaced. RFID is the least of your worries. Your CCard and loyalty accounts are the biggest offenders. Having Google or Apple track your movements is a drop in the ocean compared to what the banks and government have on you.

 

Every time you go to the store and buy whatever one does your purchase and CCard details are recorded. This information is easily accessible by the powers that be.

 

The government says we need cameras and strict laws to keep the terrorists and immigrants at bay and everyone agrees. In fact you are the terrorist the gov. wants to keep track of. You people gave your freedom up ages ago and you only waking up now. So keep buying shit and racking up credit because soon as you stop spending ... you become a financial terrorist!

 

If you want to make a difference vote with your wallet because that is the only voice you have.

 

As for RFID tag... the kids may as well get used to them ... I have had one ever since I joined the corporate world.

 

According to the Mythbusters, yes. :)

And the only good NFC, is disabled NFC.

 

Grrrr.   Out, damned spot!   

 

I just finished explaining in post #43 above this, that nobody has hacked NFC, and definitely nobody has hacked NFC payments.

 

The exploit in that article was aimed at a document viewer application, not NFC.  Sending the document via SMS or email would've also worked.  As they put it, "We used the NFC method for showmanship,"

 

 

Apparently Mythbusters was testing against an optical fingerprint sensor, which are very easy to fool.

Edited by KDarling - 3/12/13 at 5:36am

 

A recently severed finger could likely be used. The tissue in the finger doesn't die immediately, as is evidenced by the ability to surgically reattach severed fingers and even limbs. 

 

This is nonsense. You can use a frozen sausage link on a capacitive touchscreen, and that, nor none of the styluses available have, "blood in the capillaries and live tissue under the skin."

 

This is why your claims re your background have no credibility: you repeatedly demonstrate that you have no idea what you are talking about.

Another good point.

I'm all for the additional level of authentication that Authentec is offering but not for this unrealistic level of reverence we're giving to just another stage in biometric evolution.

 

We're talking specifically about fingers and their electrical characteristics.

 

 

Good point.  Fingerprint recognition is not totally secure by itself.  Most advise also using a PIN.

 

In this case, it's more about convenience, rather than securing top secrets.

 

One worry is that false rejections would turn users off from the sensor pretty quickly, and then they'd have to fall back on a PIN anyway.

I certainly won't rely on it for security. I'd rather just use my PIN. There are only 10,000 possibilities but after 10 tries my phone will erase itself. I bet you can try as many fingerprint scans as you wish. Also, how quickly can you input your PIN compared to how quickly it will be to place your finger on the scanner without moving it and have it read all the necessary data and determine if it's a match or not? Is this really a time saver?

For myself, I'd much rather see fingerprint verification be used for an unsecured function. For example, you pick up your Apple HDTV's remote control and it will auto-adjust the UI, the services, favorites, saved content, etc. for whomever last held the remote control. To me this takes away the deficient security of biometrics and add a real value that has eluded how we watch television conveniently for decades.

We have personalized desktops for a family "PC" but we still use the exact same, shared setup for our HEC content. Of course, it would be a pain to use a standard remote control to get into some settings area to switch users every time a different person wants to control the TV so this customization has been blocked by a lack of convenience. This is what my biometric solution paired wth a BT (nor IR) remote control would achieve.

 

There are certainly known ways to make fingerprint recognition more secure, such as adding a heat sensor, watching for a heartbeat, and even scanning underneath for veins, but nothing is perfect.

A common thief isn't going to spend time creating a wonderfully fake finger with all those characteristics, and a more sophisticated intruder (such as a government) would just bypass the whole thing and grab data straight from frozen RAM or something.

 

So it's probably good enough for common use, but I, like you, prefer a dependable PIN.

 

Are you not posting on the wrong type of forum. Its not even like these are anti-Apple rumors.

Such as: "This will be obsolete in 2015 when they release 'Mr. Fusion' technology that runs on trash and beer."

 

God I love that movie.

 

We are, but you weren't in that instance, you were simply BSing about the requirements for a capacitive touchscreen to work:

 

 

 

I understand you wanting to weasel your way out of being dead wrong, but you were talking complete nonsense, making stuff up as you go along, as you usually do.

 

Well, on the other hand (no pun intended), if someone has your phone and your finger, whether they can break into it with said finger is probably the least of your worries.

Here is the leaked Galaxy s4 leaked video with audio of Sir Jonathan Ive audio of iPhone5. http://gadgets.ndtv.com/mobiles/news/samsung-galaxy-s-iv-featured-in-hands-on-video-341530?pfrom=home-editorpick have fun guys :)

That's the thing, I don't want to use any biometrics that can be harvested from my body.


PS: That scene in Minority Report where Tom Cruise puts his removed eye up to the scanner to let himself into his old office bothers me because the first thing you do is cut all access.