Definitely, and, on the other hand, if that's true there will only be a client side verification, which will be defeated by a jailbreak sooner or later. When it happens anyone who steals your phone will have an easy way to your money as well I guess.
There is zero chance that client side verification is the only thing that will be used to authenticate purchases. Presumably the fingerprint is used to unlock your saved iTunes/iCloud password, which is then sent to Apple's servers and verified as usual. If your phone is stolen, change your password and they'll be locked out, fingerprint or no.
I agree, my point anyway was that the problem remains even if everything works as you described, up until you notice that the phone is missing and find a way to get online and change the password of your own itunes account
Unless there is a "bug" in software that accidentally uploads all the data to secure servers under certain conditions, that for "some reason" was left over from debugging stage of the product. Unless we see source code and actual A7 + Motion chimp design blueprints that they use at the factory, I will always be skeptical. All that said I will be getting 5S anyways, because device looks rock solid.
Yes this. Most of us have fingerprints in databases.
Perhaps there is hypothetical risk of a digitized fingerprint leaking out and being planted to frame a crime,
but I don't see how this fingerprint feature is really a true concern.
Alternatively you could use this to help prove you were at a location
I've never had to submit my fingerprints except to apply for concealed carry licenses, which is an interaction with the police-judicial complex, just one to show you're not of interest to them. I suppose enlightened California's driver's licenses is somewhat in that direction, but in other states I wonder if it's so routine.
Perhaps not most, Looking online FBI says it has 70 million known criminal prints and 34 million civil prints.
There's also this which is funny,
"How do you know if you're in the FBI database? According to Department of Justice rules, you have the right to submit your own fingerprints for a background check on yourself. (This allows you to contest anything that might be on your rap sheet.) Just write out a formal request and send it to the FBI, along with a full set of fingerprints and a money order for $18."
Normal fingerprint cards are pretty hard to procure without the person supplying them noticing, whereas allowing generally known metadata would make privacy violations much easier as well as allow a variety of errors.
Apparently the fingerprint data can only be accessed by the touch sensor through it's own hardware subsystem. The data is not stored on the main flash memory, and there's no way to access it from software running on the main processor. They explained it briefly in the keynote presentation.
I think some elaboration is in order. Given that it's a feature and you can still use those good old 4-digit codes, I don't see why it could backfire and turn into a marketing nightmare.
They could just remotely access your phone, through specially engineered apps or potential back-doors, or download it during a routine security search. Depending on how accurate the sensor is, how much of the finger is captures, and how the software stores and compares the data, they could potentially get every person who has used your phone's home button. It would be similar to remotely turning on laptop webcams. (I think i'm starting to make myself paranoid.)
Generally you would be a fool to anyway. Chances are that anybody can make their own fake finger with gummy bears and a print found on the glossy case. Same has always been true though, through bootrom exploits and simple shoulder surfing.
Did you know your passcode can be more than 4 digits? Most people don't.
I wonder if it would be possible for the phone to just store a hashed representation of a fingerprint (ie. enough information to recognize the print, but not enough to reproduce it) rather than the whole fingerprint.
From what they've said, sounds like they're storing the fingerprint on the phone, which means that someone determined enough could retrieve it, whatever Apple's intentions are.
I'm pretty sure that the information for a fingerprint scanner is already effectively a hash. It's a list of points that can be used to uniquely (more or less) identify the fingerprint. I doubt it's storing a photo.
But even then, what's the difference? If the hash is enough to identify you that's the important thing.
No, but they can identify you. The danger in the mass collection of biometric data is tracking. People who want to place prints or physically break into your phone are probably also present enough in your life to do it other ways.
> Interesting quote: "It's never available to other software. It's never uploaded to Apple's servers or backed up to iCloud."
I don't know if I'd believe this - there's always the option of a remote firmware upgrade. This sensor gives me a bad feeling. (Similarly to letting my DNA analyze by 23andme & co.)
Why are you worried? Did you commit a crime recently or have an intention of doing so?
Digitized fingerprints are being stored in the chips of electronic passports of many EU countries. Every person applying for a visa to the US (to the best of my knowledge) is required to have their fingers scanned. If this means that the borders, for example, are better protected — sure, they can have my fingerprints.
Even if Apple will collect and submit all fingerprints of all iPhone users to the relevant authorities, this can only be good, not evil.
This is the 'nothing to hide' argument, and it's flawed. What if you're falsely accused of a crime? There are many ways for such a system to be abused.
What about a right to privacy? Taking fingerprints for a driver license or passport is one thing, connecting a fingerprint scanner to a device that tracks location and internet activity is entirely another.
"Relevant Authorities". Since when is Apple, or the NSA relevant authorities for rummaging through your private data? Also, I like to follow the principle of least privilege. It is best policy not to allow your private data to be hanging out for any one to (ab)use. I am not a criminal, so why should they have my information?
I used to think that fingerprint sensors were pretty cool, and even purchased the option on a laptop some years ago. That was until I found out the relative ease of duplicating fingerprints [1]. Now, I am wary of leaving my password on everything I touch.
I enter a 4 digit password into my phone a hundred times a day. Standing behind me at Starbucks is probably easier than dusting for prints and recreating my thumb.
This is what first came to my mind as well. But I also reacted to Ars Technica reporting[1] that the sensor has the capability to scan "sub-epidermal skin layers". That might be a way to protect the system from the fingerprint "copy-paste" method described in your link, since the sensor used there only scans the surface.
Doing that is way harder then guessing 4 digit pass code. Besides depending on technology used in Apple's device you might need to get way more sophisticated. With processing power of mobile devices nowadays, how much would you need to invest to make a fake that is not easily statistically distinguishable from real thing? What is stopping that scanner from taking 20-100 pictures and then analyzing them in background? I really do not think run of the mill fingerprint faking will be sufficient to overcome modern fingerprinting with sufficient security emphasis put into them.
I'd guess false negatives. You _really_ don't want persistent false negatives. I wonder what's the solution to the `I cut my index finger' problem. Does it require multiple fingers to be enrolled?
The Chaos Computer Club in Germany got tired of a certian minister proclaiming that biometrics were perfectly secure and fool-proof. So they published his fingerprint in a little piece of plastic, with instructions on how to leave his fingerprints everywhere. http://www.wired.com/threatlevel/2008/03/hackers-publish/
In the announcement, they said the feature was aimed at people who don't have a lock screen enabled at all. It was basically "fingerprints: better than nothing!"
My GF just said, "I can't wait for you to get the phone so I can install instagram while you're asleep."
I really hope apple figures out a way to solve this problem. I just want to point out that although this sounds sarcastic, there's some real concern here.
If someone is going to remove your finger to access the phone, you probably would just give them the four digit pin.
This is a way to get normal people to use better security than nothing and to give them the convenience of not having to enter an App Store password every time they install an app.
It's not meant to protect special forces operatives in the field or CIA analysts' contact lists.
I don't know about you, but I'd gladly give my password to someone today if they were threatening to cut off my finger. Unless you're seriously harder than me, what is the difference?
A dead finger is the same as a live one as far as capacitance goes unless it has been dead so long that all the moisture is gone, in which case you could just dip it in water prior to the scan.
Having said that, the idea of losing a finger to access the device doesn't really make much sense. You've got to incapacitate someone pretty well to take their finger off, so you might as well just force them to touch the phone while they are so incapacitated, unless you really like chopping off fingers.
Humans are pretty powerful conductors, are you sure that a sensitive capacitance sensor couldn't tell the difference between a finger and a finger attached to a body? I don't know it for a fact, but I'd be surprised if not.
A garden variety capacitive sensor can't tell the difference between a human finger and a hot dog.
How do you propose it would beyond attempting to measure the amount of capacitance and mapping it to an accepted band? Attempting that is way too fragile a solution due to variability in humans and local weather conditions.
And even if you did put in the effort for that, an attacker could still fairly easily match the dead finger capacitance to the correct band pretty easily.
I wonder whether this will generate a market for finger gloves etched with custom fingerprints. You'd want one for your spouse, so they can use your phone without needing you to finger it, for example. Probably it would come in a kit that you could use to custom-etch your finger glove.
But if you lose it (the glove), I guess you are in trouble. Someone will find it, upload the pattern to Facebook, and your fingerprint is now in the public domain for the rest of time. Unlike a password, it's irrevocable.
Unless you could "edit" your fingerprint with some customized secret pattern, etch that pattern to a finger glove, and then only that glove will unlock the device, not even your plain fingerprint.
Or would some kind of capacitance sensor on the phone prevent the use of gloves or other spoofs?
I've read that in some cases fingerprints between left and right hands can differ. I wonder if you can have more than one fingerprint stored on your device?
> I've read that in some cases fingerprints between left and right hands can differ. I wonder if you can have more than one fingerprint stored on your device?
A fine question, but I've never heard of anyone having the same fingerprints on their left and right hands. Is this actually something that happens with any reasonable frequency?
As an anecdote, my pinky fingers are similar enough to have digital fingerprint readers reject them as "a duplicate finger", so I'm thinking the idea is that they are supposed to be unique. I've gotten a few "I've never seen it do this..." lines from the attendant and generally wind up leaving with ink-covered fingers. I'm curious if this reader winds up having the same issue.
> I've read that in some cases fingerprints between left and right hands can differ.
Aren't they different in all cases where you actually have a fingerprint? They might, in some cases, be approximate mirror images, but that's still different.
I hope this works, but I'm skeptical for 3 reasons:
Reliability: I've seen so many broken home buttons, they need to solve this problem otherwise many people won't be able to use it, and many will be put off from using it. Also, what's the false-positive ratio, what's the false-negative ratio?
Security: traditionally fingerprint sensors have been pretty terrible at security given a photocopier and a few bits and pieces. You wouldn't need 10 attempts to get into the phone, you could theoretically get it in 1 if you have the expertise. A passcode on the other hand, you have a much lower chance of guessing that within 10 tries before a wipe. Also false matches are clearly an issue here too.
Practicality: This is a combination of reliability and security, but also a few other things. Siri takes ~1 minute to respond to my queries, I don't believe this makes network requests, but if it has a big performance problem or something similar, people won't use it. If my phone takes more than 3 seconds to unlock with a passcode it annoys me.
> Have you seen any on iPhone5? That was mainly iPhone 4's problem, iirc.
Fewer, but still yes.
> And peeking 4 digits passcode is even easier. Also, this scanner may be a bit more sophisticated.
Very true, I'm looking at this less from a position of preventing a friend from fraping you, and more from a business security standpoint where you would hopefully shield a passcode, and probably use a longer alphanumeric one anyway. Not sure that a fingerprint beats that.
> It's all in hardware. And that's iPhone 5S' hardware, 64bit and all.
Of course, I don't think performance will be the issue, but I'm just hoping that there isn't an issue with practicality. So many of Apple's things are good in theory, and not usable in practice, at least for me. (iCloud CoreData sync, Photo Stream, Siri, AirPlay, FaceTime...).
I had the Atrix with the fingerprint sensor. The thing that I liked was being able to unlock the phone with one hand. But, the sensor was on the top back center, right where your index finger naturally landed. It was really nice when your hands were full.
Security issues aside, I feel this is also Apple's way of one-upping Amazon's 1-click purchasing as more and more people are transitioning to commerce on touch devices.
I was momentarily worried the NSA fingerprint database was going to get a whole lot bigger, but I guess not.
Edit: Obviously this could totally backfire and Apple could screw us all, just reporting what was said.
Edit 2: Video is up detailing all of this a bit more: http://www.apple.com/iphone-5s/videos/#video-touch