September 24, 2013

"A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID."

"This demonstrates – again – that fingerprint biometrics is unsuitable as access control method and should be avoided."

Via Metafilter, where somebody says:
It might be worth noting that the amount of effort required here seems to be significantly more than the effort required to pick a lock, and we're not all saying, "hey, locks are imperfect, it was stupid of the builder to even bother putting them on my house!"

Something is better than nothing, and no security is perfect.
Yeah, and if only the original owner's finger would work, it would create an incentive to steal the phone and sever and take a finger.

22 comments:

darrenoia said...

Several articles have already discussed the severed finger issue and it's not a viable means of trying to crack the sensor technology (e.g.: http://www.techspot.com/news/54036-thieves-wont-be-able-to-sever-your-finger-to-unlock-the-iphone-5s.html).

That said, if thieves are too dumb to know that, I suppose it won't matter.

Gabriel Hanna said...

if only the original owner's finger would work, it would create an incentive to steal the phone and sever and take a finger.

True, but the level of effort required would go way up, and stealing an iPhone would no longer be a crime of opportunity within everyone's reach, but one that required planning, secrecy, and tools.

It's like saying that if your bank vault can withstand a nuclear explosion, then thieves have an incentive to build nuclear weapons.

Larry J said...

Yeah, and if only the original owner's finger would work, it would create an incentive to steal the phone and sever and take a finger.

Some fingerprint readers are smart enough to know if the finger is alive or not. It's possible to detect a pulse in a finger. I have an app on my iPhone 4 that can read my pulse using the camera.

I tested a set of biometric sensors about 11 years ago. Fortunately, my company didn't adopt them because they were a pain, being if anything too secure.

If you ask a security expert, the only secure system is one that is powered down, disconnected and locked up in a safe. It's also completely useless. All systems have vulnerabilities; you have to match the cost of the security verses the costs of potential losses should a vulnerability get exploited.

Sigivald said...

What Mr. Hanna said.

Joe Snatch-and-grab isn't about cutting off body parts to unlock your phone.

He just wants a quick buck to buy his next fix with (or to get drunk, or whatever his personal monkey is).

Eventually someone will figure out how to wipe the phone without unlocking it, and the thieves will all just do that - but perhaps Activation Lock will be good enough to really prevent that.

If that happens, people will stop stealing them, because if you can't wipe and re-sell them they're worthless to a thief.

James Pawlak said...

Retinal patterns may be a better, if more expensive, test.

The maximum access systems use such AND fingerprints and "facial recognition" measurements.

All are subject to a cost-benefit analysis.

Matt Sablan said...

Fun thought: Shouldn't you be able to lift fingerprints from... the phone itself?

tim maguire said...

The articles I've read on biometric encryption do not concern themselves so much with how easy or difficult it is to hack, but that, once hacked, the user is helpless.

You can buy a new lock, you can change your password, but your iris and finger prints are what they are for life.

Tibore said...

The whole problem with information security is that there is a struggle inherent in moving people away from "what they know authentication" (i.e. passwords) as well as "what they have" (i.e. keycards, physical keys for locks, etc.) to "what they are". The notion is that you are you, regardless of whether you remember that passphrase or are holding that physical key, so anything that bases authentication on that rather than something that can be stolen is inherently superior.

Problem is, good theory often gets smacked in the face with reality. My fingerprint is what I have, not who I am. That fingerprint can be copied; after all, you leave it everywhere on doors, glass panes, bottles, etc. Plus, it can be as easily used against your will as any key in existence; who cares if severing a finger supposedly won't work (I do doubt the explanation given, BTW) when knocking a person out then swiping is sufficient action?

Biometrics is a good concept. Fingerprint authentication is a bad realization of the good concept.

Ann Althouse said...

@matthew yeah, that was the point.

Larry J said...

James Pawlak said...
Retinal patterns may be a better, if more expensive, test.


A retina scanner has to be able to look inside your eyeball to read the blood vessels. It seems an iris scanner using the phone's camera would be a lot easier.

I used to work in a place that took security to an absurd level. When you reached the Entry Control Point, you entered a portal that was roughly twice the size of a phone booth. The door locked you in. You swiped your access card and punched in a PIN. The numbers on the numeric keypad scrambled with every swipe so no one could easily shoulder surf and see what numbers you pushed. You then had a retina scanner. Once you passed that test, the system compared your weight to that on record. This was to prevent the possibility that someone was trying to sneak through with you. Pregnant women had a lot of trouble with this system and so did some men during the winter or when they were carrying in equipment. Only if all those tests passed did the other door unlock to let you out.

Once you got inside the building, you still had to swipe your badge and enter your PIN to get inside the workplace. You had to swipe again to leave, both the workplace module and going out through the portals.

I believe they went to the state mental hospital and found the most paranoid patient there to help design their security system. Last I heard, it has been removed at long last. It was difficult and expensive to maintain and didn't work very well even when new.

Tibore said...

"True, but the level of effort required would go way up, and stealing an iPhone would no longer be a crime of opportunity within everyone's reach, but one that required planning, secrecy, and tools."

Unfortunately, that's not true. As I mentioned above, the level of effort required would require nothing more than either threat-of-force coercion (i.e. knife- or gunpoint), or knocking someone out. Severing a finger has always been a dumb hypothetical situation; criminals may not always be intelligent, but they do tend to be practical where the execution of a crime is concerned.

"If you ask a security expert, the only secure system is one that is powered down, disconnected and locked up in a safe."

That's a bit extreme. I know of no security expert who's ever said that. All the ones I've listened to and have been instructed by have noted that risk mitigation, defense in depth, proper auditing, and proper recovery planning is what makes for security, not locking things down to the point of absurdity. Making something so inaccessible as to be useless is a strawman argument, given that all such IT security personnel I've ever interacted with understand that information systems are designed to be interacted with.

Don't get me wrong, I'm not trying to attack Larry J. here. Rather, I'm simply saying that the Information Security profession is a bit more realistic and understanding of the necessities of modern business and life than anyone who'd draw such an analogy, and they'd never come out and say "the only secure system" is one that's totally inaccessible.

No offense intended, Larry J. I'm simply trying to clarify with personal experience.

"Eventually someone will figure out how to wipe the phone without unlocking it."

That's not difficult at all. Factory reset of locked phones is built into iTunes; it's called "recovery mode" and documented on Apple's site. In fact, it's even an expected recovery method, both for those who've forgotten their passcodes but also for people who legitimately get a locked iPhone (i.e. buying used, getting a hand-me-down, etc.) and need a way to make it usable without contacting the original owner.

Matt Sablan said...

Then what's with the finger chopping? Technology: It confuses me.

n.n said...

Security is a process of utility and is constructed with independent layers. It is designed to increase risk or effort to limit violations.

Shawn Levasseur said...

How secure are the mechanical keys to your house?

The fingerprint system isn't a more secure form of security, but a more convenient one. Many people don't bother with a password on their phone, as they don't want to type it in several times a day.

The fingerprint system is an easier way to gain access than a password, meaning more people will actually use it. This is the reasoning for Apple using fingerprint scanning. It's not hyper-security they're going for, but security that people can actually use with minimal hassle.

damikesc said...

Yeah, let's give Silicon Valley, a group of companies who couldn't care less about privacy if they tried, your fingerprints.

Brilliant move, Apple cultists.

Alex said...

In a kidnapping situation, you're going to unlock the phone regardless. So I fail to see what's the scandal here? It's not really about security, more about convenience for the user.

tim maguire said...

Actually, getting a usable print is usually pretty difficult. Fingerprints on the phone are unlikely to present a security problem.

Jeff Bangle said...

Passwords can be reset, and lost/stolen tokens (such as smart cards) can be invalidated, but my biometric measurements are "forever". Once someone has a copy of them, any system which depends on them is permanently at risk.

Biometric authentication may seem like an improvement, but I think it's a step backwards...

Beach Brutus said...

How does the thief know what finger you use?

jr565 said...

You know, if you chop off someone's finger then you can use that finger to bypass the iPHone security!

So how safe is it, really?

William said...

Isn't the decreasing price of smart phones a security measure? No one took elaborate measures to protect a Kodak Brownie camera.

Kelly said...

That is quite a leap going from stealing an iPhone to stealing an iphone and severing a finger to unlock the iPhone. I'm not saying it's outside the realm of possibilities, but your average theif probably isn't going to do that. Maybe I have to much faith in theives?