Full interview in english: http://blog.lix.cc/2013/09/27/zeit-online-interview-with-starbug/ or http://www.zeit.de/digital/datenschutz/2013-09/iphone-hack-fingerprint-scanner
His points about the dangers of making everyone check in with biometrics are quite valid, but at least two points are misleading.
âThe best example for this is Hamburg, where at one school all
students had to submit their fingerprints to get their lunch.â
That was an employeeâs mistake - they made all kids register, even those whose parents didnât opt in. There is and was a secondary method of paying with a key card in place. (Though I disagree withe both systems. Money works fine and frankly, it should be covered with a flat rate anyway.)
This has already begun with the fingerprints in the German identification card and the passport.
The fingerprint in the ID card is opt in.
Just on the point about kids paying for school lunches with money - My first hand experience of being a boy would suggest that at least some (and I suspect many) would choose to spend their lunch money in a way that is not entirely consistent with having a wholesome and healthy lunch. Such is the problem of a universal currency ;).
Yeah, thatâs a valid point. Thatâs why Iâd go for a flat rate, with exceptions for poorer families. Anyone can get his lunch, if someone wants to opt out completely, thatâs doable, too, and I refuse to believe that the richtest countries on Earth get broke when a kid has a third helping.
After reading the hack, I keep wondering if itâs possible to lift the fingerprints with Silly Putty, then enhance them with some kind of dusting powder for a much quicker, lower tech way to break the security.
From my experience as a child, lunch money was occasionally also stolen. I wouldnât have minded the fingerprints if it meant I could actually eat my lunch.
Itâs unbelievable to heard that the fingerprints of the animal also can break the security.JOKINGâŚ
I believe Hangâs point was that if you give kids cash to spend on lunch, they may not spend it on lunch at all. And even a flat rate wouldnât ensure that kids eat healthy, even if they do chose to spend their money on lunch.
My immediate thought is that I would rather not have my valuables (phone, car, home, etc.) secured in such a way that my presence is required during a robbery. If someone wants my car Iâm not going to try to stop them from taking it, but if the car requires a thumbprint then any theft is far more likely to involve me directly and is more likely to involve violence, including the possibility of death or thumb amputation. No thanks. You want the car? Take it. Thereâs no alarm. You want to break into my house? Wait until there are no cars in the driveway, kick the door in and help yourself - thereâs no security system, so no need to hold a gun to my head and demand I disable the alarm and then do god knows what with me or my family after youâre done cleaning out the place.
I meant a flat rate that would be paid in advance or at the end of the month. In that scenario, the kid would not have any money to buy junk food or snacks - beyond its pocket money, of course, If it chooses to burn the money, well, lesson learned the next day, when thereâs nothing but the school lunch and no money for small amusements.
Starbug isnât exactly new to this. If he needed a 2400 dpi scanner, a 1200 dpi printer and more, silly putty will not help that much.
If you watch the âmaking ofâ video, youâll notice that they started with an exceptionally well formed fingerprint on the iPhone. Iâve scanned mine at 1200 dpi - there wasnât anything that even resembled a fingerprint.
Letâs keep this in perspective: The fingerprint reader was intended as a âmore convenient way to unlock your phoneâ than a passcode.
For me, personally, this means that I can switch to using a serious passcode, and using my finger 99% of the time.
Unfortunately, the fingerprint reader was not quite as secure as Appleâs claim â IF you have a really good fingerprint of the correct finger, itâs POSSIBLE but not EASY to trick the reader. (And of course, people will argue about how EASY it is, but Iâll argue that mere possession of the phone is not enough â thereâs almost certainly not âgood enoughâ fingerprints to steal on the phone itself.)
To me, personally, this does not change its value as a âconvenience factorâ. After all, if the fingerprint is not used for some time, it âexpiresâ and then the thief has to crack the passcode.
However, Apple also wants people to use a fingerprint to authorize iTunes purchases. I wonât be doing that, partially because IF someone can fake my finger, they MIGHT be able to steal hundreds of dollars from me. But more importantly, I donât buy that much STUFF from iTunes, so Iâm happy to stick with a passcode.
The next question is, âIs the fingerprint data accessible?â and the answer is, âProbably itâs harder to get the data out of the âsecure enclaveâ than it is to get a good fingerprint via other means.â
As far as I know, Apple isnât that reluctant to void charges when foul play was involved.
In any case, my workflow would limit my possible losses, as I buy 20% discounted iTunes cards every few months to bring my account around $200, with no other valid payment method registered.
Oh well (returns gallons of silly putty purchased for illicit purchases)
This topic was automatically closed after 5 days. New replies are no longer allowed.
