iPhone Fingerprint Security

[silk186]

Does anyone actually care about this? I just finished reading an article with the same time as my post. It just comes down to the fact that I don't care if someone get's my fingerprint off my phone.

Their are a few reasons why I don't care. First, if someone can steal my phone, they can probably lift my fingerprint. I have seen it in Mythbusters and I have seen it in CSI. Second, many people already have it. I have used a fingerprint time clock to log a few jobs. I have seen biometric scanners on a few laptops. I have to fingerprint all 10 of my fingers to get a visa to the UK which means my fingerprints are probably in some huge EU data base.

If you stop to think about it, a number of people likely already have your fingerprints. It would be more convenient to compromise those data bases than individual cell phones. If the fingerprint is stored locally I really don't see the big deal.

 

[PorkCharSui]

I don't trust fingerprints being stored on a device directly connected to the Internet. One compromise equals total loss of the authenticating token being "secure." Poor fingers.

 

[Nicklebon]

As had already been rightly posted in several places something you are is not good security by itself. Further, you have no legal right to refuse to unlock something locked with a finger print, or any other biometric, or a key for that matter. Now with that said I don't think a pin lock on an iphone is very secure and the erase after 10 failures is off by default.

Professionally speaking, fingerprint security isn't security at all. It looks cool to impress those who don't know better. It is the door chain of electronic security. Anyone that is depending on a fingerprint to keep their physical or intellectual property safe from someone who really wants it is in for a disappointment. At minimum you want to combine biometrics with something you know such as a pass phrase.

 

[Soldier101]

it is my understanding that the iphone stores a mathematical equation that is supposed to represent your fingerprint in some sort of TCB of sorts.

It isn't an actual fingerprint of your physical external print apparently.

Granted I may be wrong but that was what I read in my limited research.

 

[Skripka]

The fingerprint thing is more a worry about 5th amendment rights than it is about someone getting your fingerprint.

 

[Grentz]

Its stored locally in the new M7 co-processor.

I really would not worry about it that much.

 

[Red Squirrel]

Yikes I never even thought of this. Thankfully I don't think too many criminals think of it either.

You touch a lot of things throughout the day that leave a finger print behind. What stops a criminal from taking your finger print off one of these things like a car window (they don't care to get a specific person, this is just random crime so they go to any random car in a parking lot) and then somehow place that finger print at a crime scene? Or heck, the government could do that if they want someone to be found guilty of something so they can lock them up for whatever reason. Ex: somebody who they think is a threat, but yet did not do anything illegal. Of course they would not have to do that, they just have to say guilty and that's end of story, but if they need to make it more authentic, they could.

Do they make tin foil gloves?

 

[Megalith]

Was the fingerprint reader ever really about security? It was designed for convenience and novelty.

 

[Red Squirrel]

Was the fingerprint reader ever really about security? It was designed for convenience and novelty.

Yeah I would question the effectiveness of consumer finger print readers. I think they look at a few key spots on the finger but not the entire print itself. I'm sure there are people who know how to trick those readers. It's more of a "cool thing to have" than "super high tech security". One should not store highly sensitive info on a portable device anyway.