Sources: USA Today, FIDO About
quote: Apple didn't even create lies and deceit. It simply repacked them, and made them look prettier.
quote: If Apple didn't exist, nobody would think that they can make a $800 phone and people would buy it.
quote: I have a confession to make. For the past year I’ve been using a 27-inch iMac as my primary workstation. I always said that if I had a less mobile lifestyle the iMac is probably the machine I’d end up with (that was prior to the announcement of the new Mac Pro of course).
quote: The fact that you need to come on and repetitively trump up how great your phone is
quote: pick and choose benchmarks
quote: I'm sorry, the angry blanket comments here are always so funny.
quote: I'm fully confident that without Apple, we would still be right where we are today.
quote: Can we also stop perpetuating the stigma that fingerprint scanners are some enormous security hole?
quote: Does this mean TouchID is flawed and that it should be avoided? The answer to that isn’t as simple as you might think. Yes, TouchID has flaws, and yes, it’s possible to exploit those flaws and unlock an iPhone. But, the reality is these flaws are not something that the average consumer should worry about. Why? Because exploiting them was anything but trivial.Hacking TouchID relies upon a combination of skills, existing academic research and the patience of a Crime Scene Technician.First you have to obtain a suitable print. A suitable print needs to be unsmudged and be a complete print of the correct finger that unlocks a phone. If you use your thumb to unlock it, the way Apple designed it, then you are looking for the finger which is least likely to leave a decent print on the iPhone. Try it yourself. Hold an iPhone in your hand and try the various positions that you would use the phone in. You will notice that the thumb doesn’t often come into full contact with the phone and when it does it’s usually in motion. This means they tend to be smudged. So in order to “hack” your phone a thief would have to work out which finger is correct AND lift a good clean print of the correct finger.Next you have to “lift” the print. This is the realm of CSI. You need to develop the print using one of several techniques involving the fumes from cyanoacrylate (“super glue”) and a suitable fingerprint powder before carefully (and patiently) lifting the print using fingerprint tape. It is not easy. Even with a well-defined print, it is easy to smudge the result, and you only get one shot at this: lifting the print destroys the original.So now what? If you got this far, the chances are you have a slightly smudged print stuck to a white card. Can you use this to unlock the phone? This used to work on some of the older readers, but not for many years now, and certainly not with this device. To crack this control you will need to create an actual fake fingerprint.Creating the fake fingerprint is arguably the hardest part and by no means “easy.” It is a lengthy process that takes several hours and uses over a thousand dollars worth of equipment including a high resolution camera and laser printer. First of all, you have to photograph the print, remembering to preserve scale, maintain adequate resolution and ensure you don’t skew or distort the print. Next, you have to edit the print and clean up as much of the smudging as possible. Once complete, you have two options:The CCC method. Invert the print in software, and print it out onto transparency film using a laser printer set to maximum toner density. Then smear glue and glycerol on the ink side of the print and leave it to cure. Once dried you have a thin layer of rubbery dried glue that serves as your fake print.I used a technique demonstrated by Tsutomu Matsumoto in his 2002 paper “The Impact of Artificial “Gummy” Fingers on Fingerprint Systems”. In this technique, you take the cleaned print image and without inverting it, print it to transparency film. Next, you take the transparency film and use it to expose some thick copper clad photosensitive PCB board that’s commonly used in amateur electrical projects. After developing the image on the PCB using special chemicals, you put the PCB through a process called “etching” which washes away all of the exposed copper leaving behind a fingerprint mold. Smear glue over this and when it dries, you have a fake fingerprint.Using fake fingerprints is a little tricky; I got the best results by sticking it to a slightly damp finger. My supposition is that this tactic improves contact by evening out any difference in electrical conductivity between this and the original finger.So what do we learn from all this?Practically, an attack is still a little bit in the realm of a John le Carré novel. It is certainly not something your average street thief would be able to do, and even then, they would have to get lucky. Don’t forget you only get five attempts before TouchID rejects all fingerprints requiring a PIN code to unlock it. However, let’s be clear, TouchID is unlikely to withstand a targeted attack. A dedicated attacker with time and resources to observe his victim and collect data, is probably not going to see TouchID as much of a challenge. Luckily this isn’t a threat that many of us face.TouchID is not a “strong” security control. It is a “convenient” security control. Today just over 50 percent of users have a PIN on their smartphones, and the number one reason people give for not using the PIN is that it’s inconvenient. TouchID is strong enough to protect users from casual or opportunistic attackers (with one concern I will cover later on) and it is substantially better than nothing.
quote: So basically, it is as easy to crack as the Android phones that had it years ago and the laptops that had it a decade ago.
quote: Let's wait and see how quickly Apple's competitors can rush out a 'me-too' Touch ID clone that works as well as the original.
quote: Don't expect a response from Tony.
quote: In the Authentec/Apple patent a fingertip is imaged via a different technique: Radiofrequency scanning. Skin and flesh, thanks to the cocktail of chemicals they contain, have their own electrical signature--meaning a human body can in fact block a radio signal of the right frequency, while other frequencies sail right through us more or less unaffected. The sensor in the new patent makes use of this fact by sending out very precise radio signals over a very short range and detecting the signals that have been affected by the bumps and gaps in a human fingertip. Basically the tiny ridges of flesh in a fingerprint affect the electrical signals coming from the sensor array in a measurable way, allowing the device to calculate the position and alignment of all the whorls and loops.The advantage of this system is that you couldn't fool it with an image of a fingerprint or a latex cast of a fingerprint because the RF signals from the sensor have to interact with a material that has a flesh-like radio response in order to register the print. It's suggested that the sensor can also detect live tissue beyond the simple skin of a fingerprint, which removes the one scary scenario whereby a determined thief would "steal" the finger in question.Offering total security via reliable fingerprint technology built right in is a big deal for corporate and government IT. I expect this will make the iPhone 5S the default phone for corporate customers.
quote: No, I'm pretty sure he would jump off the first iBridge he finds.
quote: then you sure don't know much about the fingerprint technology involved.
quote: because entering PIN number dozens of times a day is utterly tedious
quote: Two years before the iPhone, Android handsets had a thumbprint scanner
quote: Two years before the iPhone, Android handsets had a thumbprint scannerhttp://en.wikipedia.org/wiki/Motorola_Atrix_4G
quote: Can we stop perpetuating the stigma that Apple is some amazing innovator that everyone just copies? Apple is a technology repackager. They just repackage and release gadgets based on technologies that other tech firms have developed, and usually had already brought to market beforehand.
quote: I thought facial recognition (at least as deployed by Android so far) could be defeated by a photograph?
quote: anti-Apple wahh-post
quote: It sounds like Apple's doing this right. You can NOT store the finger print, and NOT allow it even in to normal local storage. It's utterly insane to throw your fingerprint across a network. That's a horrific idea....Geez...sending biometric data over the internet. Astonishingly stupid.
quote: Regarding the "nearly 50% thing" I don't believe it for a second. I have never seen ANYONE use a password on ANY ultra mobile device. It's not remotely practical. Even a terrible password completely changes the usage model for these devices, and a strong one?