Linked by Thom Holwerda on Wed 13th Sep 2017 21:56 UTC
Privacy, Security, Encryption

If you value the security of your data - your email, social media accounts, family photos, the history of every place you've ever been with your phone - then I recommend against using biometric identification.

Instead, use a passcode to unlock your phone.

Can't argue with that - especially in place where law enforcement often takes a... Liberal approach to detainees.

Thread beginning with comment 648837
To read all comments associated with this story, please click here.
article flawed
by kristoph on Thu 14th Sep 2017 05:05 UTC
kristoph
Member since:
2006-01-01

The article lacks a distinction between active biometric security and passive biometric security.

A passive solution - including Touch ID - is reasonably easy to defeat. You can simply be held down and your finger used to unlock a device.

An active solution - such as Face ID - is more difficult to defeat because you need to actually have your eyes open and be looking at the device. You could be tricked into doing so, certainly, but it would be challenging ( and comical ).

Of course, anyone could use violence against you to force you to do this but that would work just as well in obtaining a password.

( Note that, like the author of the article, I have not used Face ID, so who knows if it's capable of detecting your face and attention effectively. )

Reply Score: 1

RE: article flawed
by fmaxwell on Thu 14th Sep 2017 06:15 in reply to "article flawed"
fmaxwell Member since:
2005-11-13

Agreed. The article is flawed in that the author is apparently blind to the fact (pun intended) that the iPhone will not unlock if your gaze is averted.

He is also under the mistaken impression that simply unlocking an iPhone would somehow give someone the access to "all the data, social media accounts, and bank accounts that comes with it." If you unlock my iPhone, you then have to unlock 1Password separately to get access to any of that sensitive data.

Reply Parent Score: 0

RE: article flawed
by nrlz on Thu 14th Sep 2017 06:53 in reply to "article flawed"
nrlz Member since:
2006-01-27

because you need to actually have your eyes open and be looking at the device. You could be tricked into doing so, certainly, but it would be challenging ( and comical )


Take advantage of human being's natural fight-or-flight response.

1. Don't let the user know you are preparing to unlock their phone.
2. Stand behind him/her holding the phone up to their face.
3. Make a REALLY LOUD noise like glass breaking behind them.
4. Humans will naturally turn around to the source of the danger with eyes wide open.

Come to think of it, here's another way.

1. Print out a photoshopped picture of the target in an incriminating pose on high quality paper.
2. Carefully stick it on their phone so it looks like it is loaded on the phone screen.
3. Pretend that you have unlocked their phone.
4. Ask them why their phone has a picture of them doing whatever.
5. Show it to them.
6. Target looks straight at the phone in surprise and are confused by the photo.
7. Phone is unlocked.

Reply Parent Score: 4

RE[2]: article flawed
by avgalen on Thu 14th Sep 2017 09:26 in reply to "RE: article flawed"
avgalen Member since:
2010-09-23

Summary: <in loud voice>Hey, is this your phone?

Reply Parent Score: 4

RE: article flawed
by Thom_Holwerda on Thu 14th Sep 2017 09:40 in reply to "article flawed"
Thom_Holwerda Member since:
2005-06-29

An active solution - such as Face ID - is more difficult to defeat because you need to actually have your eyes open and be looking at the device. You could be tricked into doing so, certainly, but it would be challenging ( and comical ).


Not really. Hold down detainee, hold up phone in front of his face. If detainee closes eyes, hold up phone unexpectedly during interrogation.

Biometrics like this are convenience, not security.

Reply Parent Score: 4