Every fingerprint is unique, so it is rare that even a small section of two separate fingerprints are alike enough to register as a match for Touch ID. The probability of this happening is 1 in 50,000 for one enrolled finger. This is much better than the 1 in 10,000 odds of guessing a typical 4-digit passcode. Although some passcodes, like "1234", may be more easily guessed, there is no such thing as an easily guessable fingerprint pattern. Instead, the 1 in 50,000 probability means it requires trying up to 50,000 different fingerprints until potentially finding a random match. But Touch ID only allows five unsuccessful fingerprint match attempts before you must enter your passcode, and you cannot proceed until doing so.
The problem here is that once a 1 to 50,000 match is found, the phone is going to be compromised for a lifetime.
In all probability the folks at NSA could "hack" the sensor in no time at all. They may not want to inform whomever that they did it, no matter how much cash, wine, or Bitcoins are offered.
There's nothing unique about NSA employees. If they can, there is someone else with similar skill sets who can. The "reward" is intended to draw this other person out into the open.
Let that be a lesson to all. Liberals like Senator Franken are never happy. You could invent a secure mechanism even God couldn't crack, and Al Franken still wouldn't be satisfied. For folks like that, it's not about security, it's about control - and a desire to hear themselves talk...
TouchID is a convenience Al, not the be-all, end-all to security. And it's optional, you don't have to use it. But, due to the convenience of it, people who aren't using any security at all, might choose to adopt at least this level of security.
You can still choose to use a passcode if you desire. I think the fingerprint sensor [TouchID] is awesome. Time will tell, but at first blush, it looks pretty robust, since it's capacitive instead of optical and it reads the sub epidermal layer, that means lifted prints from public records, or say, a coffee mug, aren't going to unlock the device (in theory).
Ideally, the best security is two-factor authentication, in the sense that you provide an item you have, like a key-card or fingerprint, and then something you know, like a password. I don't know if Apple provides that option (I haven't played with an iPhone 5s yet), but that should be easy to implement if it isn't already - combine the fingerprint scan and prompt for a passcode. There. Happy now?
The problem here is that once a 1 to 50,000 match is found, the phone is going to be compromised for a lifetime.
That's not true. With biometrics, the key is the entry method, having to live scan the fingerprint on a trusted sensor, rather than the actual fingerprint itself. The security comes from not what you are entering, but how you are entering it.
Take for example a fingerprint left at a crime scene. Anybody can get your fingerprint by lifting it from something you touch, but the key to it is that you left a fingerprint in the form of oils. It would be totally different if somebody left a computer printout of an image of your fingerprint at a murder scene.
The problem here is that once a 1 to 50,000 match is found, the phone is going to be compromised for a lifetime.
First of all, nobody is ever going to brute force a match. The chances of guessing at 1/50,000 odds in five tries is so low it's not even worth trying.
Secondly, even if it did happen, being "compromised for a lifetime" is totally irrelevant. If a thief breaks into your phone he doesn't need a lifetime; he is going to download all the data he can get immediately. What do you expect him to do? Give it back so that he can steal it again later and get whatever new data you might have put on it?
That's not true. With biometrics, the key is the entry method, having to live scan the fingerprint on a trusted sensor, rather than the actual fingerprint itself. The security comes from not what you are entering, but how you are entering it.
I was implying that a match can be found randomly assuming a hacker has a big enough pool of (stolen) iPhones and big enough number of people to check them against.
So that means a person who's iphone is hacked would be random too. Would it be considered as a successful hack?
If a thief breaks into your phone he doesn't need a lifetime; he is going to download all the data he can get immediately. What do you expect him to do? Give it back so that he can steal it again later and get whatever new data you might have put on it?
A thief does not care about your data. He wants to sell your hardware.
I was implying that a match can be found randomly assuming a hacker has a big enough pool of (stolen) iPhones and big enough number of people to check them against.
At some point in your process, are unicorns involved? Seems just as likely.
I think all this is a bit overblown... I'm not looking for military grade security in my phone. I just want to make sure the casual passer-by in my office isn't perusing my phone at will.
If I was looking for higher security then i would turn to multi-factor authentication. The old adage is to be secure you have to have something (ie, a badge, fingerprint, etc) and you have to know something (like a password).
I think the fingerprint scanner is great for the simple security cases that most of us have and a good start at higher security that companies or the government may demand.
I think there's a lot of misunderstanding about how this technology works, it seems many think it functions like a password where the password is secret and it's security depends on it remaining a secret. I think the password analogy is wrong when it comes to biometric security, instead the security comes not from a secret but from the difficulty of duplication of biometric information.
A better analogy would be this. It's like the iPhone is your house and its processor is you. When somebody touches the finger scanner it's like someone visiting your house and ringing the door bell and you going to look to see who it is. If you don't recognize the person you won't let them in, but if you see your friend out there you'll let them in. So complaining that anyone can grab your fingerprint somehow and then gain access to your phone is like complaining that anyone can duplicate your friends' faces, voices and mannerisms (because they're always out there in public for anyone to access) and then use them to impersonate your friends to "hack into" your house. Now, I haven't ever heard of anyone complaining that because their friends are out there in public someone could impersonate them and doors to all houses should also require a password for people to enter to prove to the owner that those people really are their friends.
Quote:
Originally Posted by AppleInsider
"There are reasons to think that an individual's fingerprint is not 'one of the best passwords in the world,'" Senator Al Franken (D-Minn.) wrote in a letter to Apple CEO Tim Cook. "Passwords are secret and dynamic; fingerprints are public and permanent. If you don't tell anyone your password, no one will know what it is. If someone hacks your password, you can change it ? as many times as you want. You can't change your fingerprints."
Your friends are also public and permanent, and generally you can't change your friends.
Quote:
Originally Posted by jason98
Ok let's rephrase it. The finger is going to be compromised for a lifetime, not the phone
If someone manages to create an uncanny likeness to one of your friends, then your friend will also be "compromised for a lifetime". Anyone could then fool you time and time again into thinking that they're your friend when in fact they're not.
Of course this analogy applying to the iPhone's sensor depends on how hard it is to duplicate the finger biometric information that the sensor scans. It's probably not going to be as hard to duplicate as an entire person, but it will still be pretty hard to duplicate. For one thing some one would have to trick you into scanning your fingers with a rogue iPhone sensor and then somehow recreate a finger that simulates and generates the same scan as the real finger. That's a lot of trouble to go through to get into someone's phone. It would be far easier to snoop at someone entering their passcode. And by the way, the fact that passcodes can be easily changed is irrelevant if you're not aware that someone has stolen the passcode. On top of that most people don't change their passcodes regularly because then it will be much easier to forget them.
It's not far from 4 digit pin guessing - just 5x more complicated. Still 4 digit pin password is considered weak?
A 4 digit password is weak if there is no limit to the number of attempts. It doesn't take that long to brute force it, or guess common strings. If you have an uncommon string and enable, say, only 10 entries before the device is wiped, then yes, it's pretty secure.
TouchID only allows 5 attempts before switching to password entry. Nearly impossible to brute force 1:50,0000 odds when you only have 5 attempts. You'd have to be very, very, lucky. Which means the method wouldn't be likely enough to merit consideration.
TouchID won't be the weak link. The weak link will, as it usually is, the password. If you utilize TouchID in conjunction with a strong complex password (not 4 digits) and limit the allowable attempts, I'd say it's 99% secure for most uses.
Are you a spy? You seem paranoid, or under the impression your fingerprint is valuable.
A thief does not care about your data. He wants to sell your hardware.
We are talking about data security , so we are starting with the assumption that we are dealing with someone who wants to get your data. As for the hardware being more valuable than the data or the thief being to lazy to attempt to break the encryption, that's probably true, but it's totally irrelevant to this conversation.
I was implying that a match can be found randomly assuming a hacker has a big enough pool of (stolen) iPhones and big enough number of people to check them against.
So that means a person who's iphone is hacked would be random too. Would it be considered as a successful hack?
I have some free time this afternoon, so I broke out the old statistics book. The probability of brute forcing any single iPhone assuming there are 50k different combinations in 5 tries is 0.0001 (0.01%). If our thief had a pool of iPhones to draw from, each individual attempt would be an independent experiment thus the number of devices required for success Is X~geom(0.0001). Now according to my calculations, in order for a thief to have even a 50% chance of success, he would need nearly 7000 iPhones.
Think about it. You are a thief with 7000 iPhones. Are you going to spend the time and energy trying to crack all these phones? And even if you did and you were lucky enough to win that coin toss, are you going to bother tracking down that one person whose fingerprint you now have on the off chance that he might have acquired a new device and placed new data on it? The answer to both questions is obviously no. No, the fact a fingerprint would be compromised for life is nothing to lose sleep over.
And probably the reason you "never see this happen to MS, Google etc." is because none of them are authenticating users via biometrics yet. When they are, then you will.
Google is using biometrics in Android and it was hacked in minutes.
Most of your post is from the tin foil hats club given we are all leaving our fingerprints all over the place all of the time. If someone wants your fingerprint, it is very easy to get.
Comments
Of course it happens with MS and Google. You just haven't been paying attention. Google actually held their own contest.
http://www.forbes.com/sites/andygreenberg/2013/01/28/google-offers-3-14159-million-in-total-rewards-for-chrome-os-hacking-contest/
According to http://support.apple.com/kb/HT5949
The problem here is that once a 1 to 50,000 match is found, the phone is going to be compromised for a lifetime.
I went in vacations in United States. Had to give my fingerprints... Not really afraid to "give" my fingerprints to an iPhone!
?
There's nothing unique about NSA employees. If they can, there is someone else with similar skill sets who can. The "reward" is intended to draw this other person out into the open.
Let that be a lesson to all. Liberals like Senator Franken are never happy. You could invent a secure mechanism even God couldn't crack, and Al Franken still wouldn't be satisfied. For folks like that, it's not about security, it's about control - and a desire to hear themselves talk...
TouchID is a convenience Al, not the be-all, end-all to security. And it's optional, you don't have to use it. But, due to the convenience of it, people who aren't using any security at all, might choose to adopt at least this level of security.
You can still choose to use a passcode if you desire. I think the fingerprint sensor [TouchID] is awesome. Time will tell, but at first blush, it looks pretty robust, since it's capacitive instead of optical and it reads the sub epidermal layer, that means lifted prints from public records, or say, a coffee mug, aren't going to unlock the device (in theory).
Ideally, the best security is two-factor authentication, in the sense that you provide an item you have, like a key-card or fingerprint, and then something you know, like a password. I don't know if Apple provides that option (I haven't played with an iPhone 5s yet), but that should be easy to implement if it isn't already - combine the fingerprint scan and prompt for a passcode. There. Happy now?
According to http://support.apple.com/kb/HT5949
The problem here is that once a 1 to 50,000 match is found, the phone is going to be compromised for a lifetime.
That's not true. With biometrics, the key is the entry method, having to live scan the fingerprint on a trusted sensor, rather than the actual fingerprint itself. The security comes from not what you are entering, but how you are entering it.
Take for example a fingerprint left at a crime scene. Anybody can get your fingerprint by lifting it from something you touch, but the key to it is that you left a fingerprint in the form of oils. It would be totally different if somebody left a computer printout of an image of your fingerprint at a murder scene.
First of all, nobody is ever going to brute force a match. The chances of guessing at 1/50,000 odds in five tries is so low it's not even worth trying.
Secondly, even if it did happen, being "compromised for a lifetime" is totally irrelevant. If a thief breaks into your phone he doesn't need a lifetime; he is going to download all the data he can get immediately. What do you expect him to do? Give it back so that he can steal it again later and get whatever new data you might have put on it?
I was implying that a match can be found randomly assuming a hacker has a big enough pool of (stolen) iPhones and big enough number of people to check them against.
So that means a person who's iphone is hacked would be random too. Would it be considered as a successful hack?
Ok let's rephrase it. The finger is going to be compromised for a lifetime, not the phone
If a thief breaks into your phone he doesn't need a lifetime; he is going to download all the data he can get immediately. What do you expect him to do? Give it back so that he can steal it again later and get whatever new data you might have put on it?
A thief does not care about your data. He wants to sell your hardware.
It's not far from 4 digit pin guessing - just 5x more complicated. Still 4 digit pin password is considered weak?
If I was looking for higher security then i would turn to multi-factor authentication. The old adage is to be secure you have to have something (ie, a badge, fingerprint, etc) and you have to know something (like a password).
I think the fingerprint scanner is great for the simple security cases that most of us have and a good start at higher security that companies or the government may demand.
"There are reasons to think that an individual's fingerprint is not 'one of the best passwords in the world,'" Senator Al Franken (D-Minn.) wrote in a letter to Apple CEO Tim Cook. "Passwords are secret and dynamic; fingerprints are public and permanent. If you don't tell anyone your password, no one will know what it is. If someone hacks your password, you can change it ? as many times as you want. You can't change your fingerprints."
Your friends are also public and permanent, and generally you can't change your friends.
Ok let's rephrase it. The finger is going to be compromised for a lifetime, not the phone
If someone manages to create an uncanny likeness to one of your friends, then your friend will also be "compromised for a lifetime". Anyone could then fool you time and time again into thinking that they're your friend when in fact they're not.
Of course this analogy applying to the iPhone's sensor depends on how hard it is to duplicate the finger biometric information that the sensor scans. It's probably not going to be as hard to duplicate as an entire person, but it will still be pretty hard to duplicate. For one thing some one would have to trick you into scanning your fingers with a rogue iPhone sensor and then somehow recreate a finger that simulates and generates the same scan as the real finger. That's a lot of trouble to go through to get into someone's phone. It would be far easier to snoop at someone entering their passcode. And by the way, the fact that passcodes can be easily changed is irrelevant if you're not aware that someone has stolen the passcode. On top of that most people don't change their passcodes regularly because then it will be much easier to forget them.
Ok let's rephrase it. The finger is going to be compromised for a lifetime, not the phone
How is your fingerprint compromised? It's not an image, it's data.
It's not far from 4 digit pin guessing - just 5x more complicated. Still 4 digit pin password is considered weak?
A 4 digit password is weak if there is no limit to the number of attempts. It doesn't take that long to brute force it, or guess common strings. If you have an uncommon string and enable, say, only 10 entries before the device is wiped, then yes, it's pretty secure.
We are talking about data security , so we are starting with the assumption that we are dealing with someone who wants to get your data. As for the hardware being more valuable than the data or the thief being to lazy to attempt to break the encryption, that's probably true, but it's totally irrelevant to this conversation.
I have some free time this afternoon, so I broke out the old statistics book. The probability of brute forcing any single iPhone assuming there are 50k different combinations in 5 tries is 0.0001 (0.01%). If our thief had a pool of iPhones to draw from, each individual attempt would be an independent experiment thus the number of devices required for success Is X~geom(0.0001). Now according to my calculations, in order for a thief to have even a 50% chance of success, he would need nearly 7000 iPhones.
Think about it. You are a thief with 7000 iPhones. Are you going to spend the time and energy trying to crack all these phones? And even if you did and you were lucky enough to win that coin toss, are you going to bother tracking down that one person whose fingerprint you now have on the off chance that he might have acquired a new device and placed new data on it? The answer to both questions is obviously no. No, the fact a fingerprint would be compromised for life is nothing to lose sleep over.
Shut this site down. There’s no way it’s legal. Put these morons in jail or something.
Google is using biometrics in Android and it was hacked in minutes.
Most of your post is from the tin foil hats club given we are all leaving our fingerprints all over the place all of the time. If someone wants your fingerprint, it is very easy to get.