Linked by Thom Holwerda on Wed 11th Sep 2013 22:16 UTC
Apple

Apple's new iPhone 5S, which comes with a fingerprint scanner, won't store actual images of users' fingerprints on the device, a company spokesman confirmed Wednesday, a decision that could ease concerns from privacy hawks.

Rather, Apple's new Touch ID system only stores "fingerprint data", which remains encrypted within the iPhone's processor, a company representative said Wednesday. The phone then uses the digital signature to unlock itself or make purchases in Apple's iTunes, iBooks or App stores.

In practice, this means that even if someone cracked an iPhone's encrypted chip, they likely wouldn't be able to reverse engineer someone's fingerprint.

This seems relatively safe - but then again, only if you trust that government agencies don't have some sort of backdoor access anyway. This used to be tinfoil hat stuff, but those days are long gone.

I dislike the characterisation of privacy "hawks", though. It reminds me of how warmongering politicians in Washington are referred to as 'hawks", and at least in my view, it has a very negative connotation.

Thread beginning with comment 571909
To read all comments associated with this story, please click here.
You don't have to cut the finger
by orsg on Thu 12th Sep 2013 07:40 UTC
orsg
Member since:
2011-02-09

The easiest way is to spot a glass you have been drinking from, take a strip of adhesive foil and you're done "reverse engineering" the fingerprint. Once you have it, it's trivial to create a "model" of this fingerprint, that you can just stick to your finger to spoof a fingerprint reader. The German CCC actually demonstrated this with the then current minister Schäuble.

And the problem is: Once you know a fingerprint has been compromised, you only have 9 fingers left. You cannot change them unlimited times like a password.

Edited 2013-09-12 07:41 UTC

Reply Score: 4

tylerdurden Member since:
2009-03-17

The process is far more straight forward: capture fingerprint from a surface with an adhesive device. Use the adhesive now imprinted with fingerprint directly on the bio-metric sensor. That seems to work remarkably with some systems. Although I presume that only works only with sensors that are very simple and only have a 2D model.

Reply Parent Score: 2

ichi Member since:
2007-03-06

Although I presume that only works only with sensors that are very simple and only have a 2D model.


With 3D printers becoming affordable, if fingerprints as ID method becomes mainstream enough I'd bet you'd soon see specialized software to create 3D finger models out of a fingerprint scan, ready to be 3D-printed and used anywhere.

Reply Parent Score: 3