Tuesday, September 17, 2013

A word to the wise on Apple's (or anyone else's) new fingerprint reading tech

Don't use it, ever.

The reason is two fold.  First, there's no way to know whether or not your biometrics being collected by Apple or some other company.  There's no way to know whether some other program or app (either on your PC or on your phone) can get access to your biometrics.  Even if the EULA (End User License Agreement, you know that thing where you clicked "Yes, I have read and agree to these conditions" even though you didn't read it and don't understand it) says that data won't be collected, there's no way to tell if the company will change the EULA in the future (and almost certainly would "grandfather" your agreement).

In short, you don't know who will get your biometrics, and you probably can't know.  Heck, I can't know, and this is sort of my business.

Second, one thing about passwords that everyone has always agreed upon (and your fingerprint is basically your password, right?) is that passwords should be changed regularly.  Good luck with changing your fingerprint.  People also agree that you shouldn't use the same password on multiple devices or computers.  Once again, good luck about picking another finger print.

When you combine these two issues, there's a non-zero risk that you will be giving person or persons unknown the data that they will need to be able to impersonate you in the future.  This is an incredibly bad idea.

It's one thing for Apple to know by iTunes playlist history.  It's something entirely different for them to be able to be me.  Do I think they would?  Probably not (probably).  Do I think that this would be considered a valuable data asset by them?  Damn straight.  Companies go out of business all the time, and this information would be of considerable interest to those attending the Chapter Seven liquidation.

So don't do it.


Alan said...

I'm not worried about it at all.

1. Everyone already has my fingerprints. The DMV, the FBI, the ATF, every waiter ever, etc. You leave your fingerprints everywhere and they're not a secret.

2. The fingerprint is stored as a one way hash on the phone, the raw biometric data isn't stored, and even if it was, see #1.

3. The system detects whether the activating digit is alive. I'm sure it can be spoofed but it's non-trivial.

4. I don't think passwords should be changed regularly. Pick one good (as in long and sufficiently random ) different password for each login you use and don't change them unless the host for that account notifies you of a security breech. Use a secure password manager so you don't have to worry about remembering them.

5. The use of a fingerprint in addition to a unlock code makes it two factor authentication. Something you are and something you know. Two is better than one.

Given that Most people don't even bother to lock their phones in the first place, even using a fingerprint alone would be an improvement over nothing at all.

Borepatch said...

Allan, having spent way too much of my career in a field where we see mistakes made in core security services every day, I'm not so confident as you.

But if I come across as all paranoid, remember I was trained to be that way by the finest minds in the Free World.


Dave H said...

Speaking of the finest minds in the free world, they seem to like the idea.

Mark Philip Alger said...

All biometrics are bitmaps. As someone who manipulates bitmaps for a living, I laugh at the pretension that such can, should, or ever will be a viable security measure.


Matt W said...

The fact that the .gov has copies of millions of American's fingerprints isn't an excuse to use it, it actually strengthens the argument that it isn't secure.

The bigger issue to me is the user experience. I find it hard to believe that the Apple of old would let something through to a production device that wasn't close to perfect from a user experience perspective, but after the Apple Maps release, I'm not so sure.

Finger print scanners, especially on a device like a phone that gets touched and exposed to all kinds of grime, are not known for being user friendly and reliable - even with today's technology.

kx59 said...

They've already got all the gun toter's fingerprints. This is how they are going to drill down and get the libtard apple fanboy's prints.
I'd be willing to bet Apple already has a security system in the R&D based on DNA samples.
"lick here to activate your device".