Yes, so the thief now has either have to have three hands for all that hardware or a partner in crime. Because he’ll need a „real“ weapon to subdue the victim so he can amputate. Easier to simply shoot the victim beforehand.
Yes, but this is Cory we’re talking about. Any chance to slag Apple, even with poorly-researched and incomplete data, and he’s all over it.
Did you? The article doesn’t claim success.
Also, what weakness? When the CCC pulled that stunt earlier in 2008, it was mostly about the claim that a fingerprint was as public as showing your face.
If a biometric system can be fooled by a picture, it’s not high grade. If a biometric system can assert that what it measures is alive its perfectly reasonable to use it.
Ah, but someone who uses a knife to extort that information from me is very likely a mugger. He can have that phone for all I care. He just wants to sell it. It’s a smart idea to wipe it remotely, of course, and him accessing family pictures and having access to email leaves a bad feeling, but again: He just wants to sell the hardware.
A policeman, otoh, might want to harrass you, delete conversations, videos, etc you made during a demo or when you watched an arrest. They can get nasty, but in most Western jurisdictions you are pretty safe from torture and subjected to less stress, if you know your rights.
If you are somewhere where the police can and will torture you, you shouldn’t do anything that relies on having time to lock and wipe a device. Have nothing incriminating on the phone, don’t store passwords, stream everything you record and delete it locally right away and so on.
Fine over-analysis of this non-issue by the crew here. Good work everyone.
Meanwhile, petty opportunistic thieves lives are a little less profitable today because Apple.
I’m more concerned that my fingerprints are being stored on a device that I don’t trust to keep such data secure. Also, that device is connected to the internet. If my fingerprints are lifted from that database and used elsewhere, I can’t just change my password. I’m stuck.
And that is what I feel is a good point: the security of the phone is augmented by the fact that it is a physical thing you keep on you, so you can have other ways to secure it from abuse. The fingerprint can be considered a fast, low-security thing like the PIN to keep your friends from looking through your mail and messages whilst you are off to the loo.
I think Apple has made the right choice in making it only usable for unlocking the device and never transmitting it. I don’t think it should be used to authenticate the online accounts, but perhaps to allow the device to authenticate that it is allowed to send the stored password. The fingerprint scanner is in this case just a sudo
command shortcut, you could say.
http://www.politics.co.uk/news/2008/11/07/no2id-steal-home-secretary-s-fingerprint
There we go. That’s what I was looking for. Apologies for the multiple links.
Oh, I’m wholly uninterested in the question as a practical attack(though, if you really need a ‘third hand’ you could try kicking the subject a few times, that tends to make people much more malleable), just wanted to note that there’s a reason why amputating a chicken leg with just a knife isn’t going to work very well.
Well, to be fair, so’s a dude with a gun outside any door. Perfect example of security tradeoffs, that. It is possible to make anywhere quite secure, but it will cost tens of thousands at least per security device (dude with gun) per annum.
Of course you need a source of reliable henchmen, but that’s logistics. I’m your consultant, not your service provider…
Does this mean there’s not gonna be 3d printed cannibal snacks? I am disappoint.
Obviously a better biometric security scan would be a digital colonoscopy…however I feel the TSA would have access to too many peoples information at that point… Such a double edge sword.
Look, I love Cory, but he needs to quit spreading FUD about this.
To reiterate the more intelligent comments here, the Touch ID is about a quick, fast way to do a simple, not super secure authentication. It’s analogous to having a TV remote. You can get up and change the channel by hand. When’s the last time you did that? Putting in security of any kind is vs. none is a big jump. My company agonizes about using passwords vs. PINs on a mobile device, and if Apple releases an API to get to the Touch ID at some point, it will definitely go in the mix of authentication techniques.
You need to stop watching so much TV. If someone so much as raises a credible fist to 99.999999% of the population, that PIN will be forthcoming.
It sounds like you’re still describing a biometric door lock with a trusted path - visual face recognition. If the guard recognizes your face as one of those allowed access, they let you in.
But that doesn’t scale well. If the population that has to be allowed or denied access is large, the access rules complex (these people can get in at certain times of day; these ones only if they’re accompanied by one of these other people; these ones only if they have a work order…), and both are subject to fairly frequent changes, then the guard doesn’t stand a chance of keeping up.
If instead of a biometric door lock, there was a plain pin and tumbler lock, and the guard is just there to stop people from pulling out lockpicks, the security is much reduced, for example - if an attcker can get hold of a key for half an hour, they can run down to a key cutting place. Then when they arrive at the door, they just pull out their keyring, and the guard has no way of knowing whether they should or should not have that key.
Oh, that’s neat! I didn’t look long, maybe it already does this - but I immediately thought that the bracelet could potentially detect a heart attack. And since it already talks to your phone, it could instantly place a call to emergency services…
Several times over the past 10 years or so, BB has had threads about this. Short version: you don’t have to answer the questions truthfully or even logically.
Maiden name? &4s32fgE$
First Pet? saute wrench
First school? loohcstsrif
I seriously believe that the people promulgating this scenario are engaging in a well-known past-time called “fearmongering”.
“What is your favorite color?”
“Blue.”
“WRONG!!!”
“AAAAAAaaaaaaahhhhhhhhhhhhh!!!..”