HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
Thanks to the iPhone 5S's finger print reader, Apple may have inadvertently made it impossible for you to "take the fifth" when it comes to information stored on your phone.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Apples Fingerprint ID May Mean You Cant Take the Fifth
- Thread starter HardOCP News
- Start date
sfsuphysics
[H]F Junkie
- Joined
- Jan 14, 2007
- Messages
- 15,994
I was thinking about something similar to this the other day when there was that insurance commercial (the one with the talking pig) and he has a digital version of his proof of insurance, handing it to the cop. Now I know cops like to think that your phone isn't part of "you" as far as search and seizure, but I think handing over your phone willingly kind of gives permission to the cop to take it and search it.
I read that a couple of days ago. lulz
One related problem outside "revealing the mind" which protects people under the 5th against self-incrimination is that if you write something down, like a safe combination or password, you can be compelled to produce it.
One related problem outside "revealing the mind" which protects people under the 5th against self-incrimination is that if you write something down, like a safe combination or password, you can be compelled to produce it.
LeninGHOLA
Vladimir Hayt
- Joined
- Aug 26, 2009
- Messages
- 18,416
I just learn'd Apple invented Biometrics.
tikiman2012
[H]ard|Gawd
- Joined
- Dec 16, 2009
- Messages
- 1,228
So, can this reader be beaten by a simple photocopied fingerprint like so many other devices can?
SixFootDuo
Supreme [H]ardness
- Joined
- Oct 5, 2004
- Messages
- 5,825
"I just learn'd Apple invented Biometrics."
LMAO
LMAO
Yakk
Supreme [H]ardness
- Joined
- Nov 5, 2010
- Messages
- 5,810
Hey, good thing I ditched my 3 year old Motorola Atrix with fingerprint reader a while back.
I guess... XD
I guess... XD
dr.stevil
[H]F Junkie
- Joined
- Sep 26, 2008
- Messages
- 9,266
From the sounds of it, I don't think so, but who knows.... someone will surely try once they ship so we'll find out soon enough.
I LOL'd
Apple purchased Authentec a couple of years ago and uses its scanners. I have one on my Thinkpad. I don't think it can be fooled with a photocopy, but maybe it can be with a Jello cast.
I'm not an apple fan so to speak. I do like the idea of the fingerprint scanner, loved it on my Atrix years back. Now the topic of discussion... I don't think it will ever hold up. If a crime was committed and someone tried to use it as evidence, I believe there would be too circumstantial as someone can possibly do this while person was sleeping. I know this won't be the case in every situation, but perhaps it is a husband/wife scenario. Pleading to the 5th, is a constitutional right to not self incriminate. I highly doubt this will ever happen. If the evidence itself is compelling enough, I don't believe this would be a factor. I'm no criminal lawyer. I could be wrong, this is just how I feel.
LeninGHOLA
Vladimir Hayt
- Joined
- Aug 26, 2009
- Messages
- 18,416
No, it cannot.
GaryJohnson
[H]ard|Gawd
- Joined
- Feb 1, 2010
- Messages
- 1,053
The fifth amendment apparently doesn't apply to memory-based passwords either so the whole argument the article is making seems to me to be a moot (moo ) point.
http://hardforum.com/showthread.php?t=1765227
) point.http://hardforum.com/showthread.php?t=1765227
I just considered an interesting scenario. In a world where police love to look at phones if unlocked and "deemed necessary to inspect", it would be a lot easier for them to "compel" your finger to rest on the home button and unlock it rather than force you to divulge a passcode. I think its a great idea but this type of thing slightly irks me.
Commander FAT
2[H]4U
- Joined
- Nov 23, 2000
- Messages
- 3,565
I thought of this the instant I saw this commercial. Plus the pig is kinda cute.
You could SHOW the cop your proof of insurance but you could always not let him/her actually take the phone.
Cop: I need the phone to check on your insurance
Driver: All the info you need is right there, grab a pen and copy it down.
I think I'll stick to regular paper info.
Commander FAT
2[H]4U
- Joined
- Nov 23, 2000
- Messages
- 3,565
Or one could just stand up for their rights and not cave in to thugs with badges.
Commander FAT
2[H]4U
- Joined
- Nov 23, 2000
- Messages
- 3,565
Now that I think about this some more I think if you really did have your proof of insurance on a cell phone and got stopped for a traffic violation you might have to give up your phone. The officer could justify taking it by saying it was evidence in a crime or something similar.
Yeah, fuck that. Paper insurance info it is.
I've seen that video. It ends with a tazering.
Depends on if a camera is running. Thugs have learned to look around before showing who's the boss.
SeegsElite
[H]ard|Gawd
- Joined
- Oct 6, 2007
- Messages
- 1,105
wonderfield
Supreme [H]ardness
- Joined
- Dec 11, 2011
- Messages
- 7,396
It's perfectly reasonable for unlocking a phone. It's less reasonable for anything that demands significant greater security, but still useful for multi-factor systems.
"Right tool for the job", in other words.
For a phone unlock but anywhere you'd used more than the last 4-5 digits of your phone number as a password, it would be foolish. People dislike using passwords and this is hoping to be taken as an alternative to all of them, not just a phone unlock. Phone unlock may be all it does but is that how's its explicity marketed?
"will allow for faster and more secure logins, Apple said today at its event in Cupertino"
-the Verge
And it will allow purchases on iTunes which is more or less saying Apple sees it fit for online purchases.
wonderfield
Supreme [H]ardness
- Joined
- Dec 11, 2011
- Messages
- 7,396
It's marketed as being used in unlocking and in iTunes. There's no API for it, so third parties can't use fingerprint data for anything.
People surely understand, I hope, that the "fingerprint" will be reduced to a digital file (of course)--which can then be intercepted/stolen/abused and/or substituted by anyone with the means to intercept the file. If you have the file containing the print, you don't need the person or any of his fingers, fingertips, etc., because you will have the print.
Yawn...OK, next!
I suppose the one bright spot will be that Apple will then have even the fingerprints of its customers on file--which makes me happy and tingly all over because I'm *not* an Apple customer (this happens to me 2-3 times a day--my doc diagnosed it as being "Apple-polar"--eg, every time I run across a reason to be glad I don't own Apple products I get manic, while thinking of owning an Apple product is massively depressing. He claims to have the same condition along with his entire family.)
Yawn...OK, next!
I suppose the one bright spot will be that Apple will then have even the fingerprints of its customers on file--which makes me happy and tingly all over because I'm *not* an Apple customer (this happens to me 2-3 times a day--my doc diagnosed it as being "Apple-polar"--eg, every time I run across a reason to be glad I don't own Apple products I get manic, while thinking of owning an Apple product is massively depressing. He claims to have the same condition along with his entire family.)
The Atrix couldn't, the one on my HP laptop couldn't. I don't think this one can be fooled 'easily' anyways.
delsydsoftware
Weaksauce
- Joined
- Sep 11, 2008
- Messages
- 97
Yeah, biometrics don't actually work that way. Even the best systems don't get your entire print. They get a certain amount of sample points and save those. The biometric reader might only take 25-50 data points (or much less in embedded systems with low resources), which is not close to enough data points to recreate a complicated fingerprint. The data is also encrypted by most systems, so having the data points doesn't really do you any good at all. I work with biometric systems all the time, and a majority of people believe the same thing. I'm always getting questions about securing their fingerprint images.
What -should- be a concern is that 6-10% of people cannot reliably use biometric readers. Age and the condition of your fingers makes a big difference. You are much less likely to be able to use a biometric reader if you're in your 50s or 60s, or if you do a lot of manual labor. Also, with capacitive readers, static electricity can zap the hell out of biometric sensors. I wouldn't be surprised to see some of these sensors failing in cold and dry environments. I have seen one instance where 40% of the biometric readers used by our customers were killed because they neglected to properly ground their systems.
What -should- be a concern is that 6-10% of people cannot reliably use biometric readers. Age and the condition of your fingers makes a big difference. You are much less likely to be able to use a biometric reader if you're in your 50s or 60s, or if you do a lot of manual labor. Also, with capacitive readers, static electricity can zap the hell out of biometric sensors. I wouldn't be surprised to see some of these sensors failing in cold and dry environments. I have seen one instance where 40% of the biometric readers used by our customers were killed because they neglected to properly ground their systems.
People surely understand, I hope, that the "fingerprint" will be reduced to a digital file (of course)--which can then be intercepted/stolen/abused and/or substituted by anyone with the means to intercept the file. If you have the file containing the print, you don't need the person or any of his fingers, fingertips, etc., because you will have the print.
Yawn...OK, next!
I suppose the one bright spot will be that Apple will then have even the fingerprints of its customers on file--which makes me happy and tingly all over because I'm *not* an Apple customer (this happens to me 2-3 times a day--my doc diagnosed it as being "Apple-polar"--eg, every time I run across a reason to be glad I don't own Apple products I get manic, while thinking of owning an Apple product is massively depressing. He claims to have the same condition along with his entire family.)
It can be more secure even if the fingerprint reader isn't all that secure. For example your iTunes password maybe simple because its more difficult/less convenient to type a long and complex password into a phone. Now with a fingerprint reader you can use a complex password for itunes that is less likely to be guessed/cracked because its much more convenient. Physical access to the phone is much more difficult than guessing a password online.