Am I using my Fingerprints yet?
I came across an article today that demonstrates a compromise of the new Apple 5S fingerprint reader:
http://www.theguardian.com/technology/2013/sep/22/apple-iphone-fingerprint-scanner-hacked#!
http://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid
In other words, a copy of your fingerprint is your fingerprint. And as Johannes discussed in the first article on this (https://isc.sans.edu/forums/diary/In+Defense+of+Biometrics/16553/), the screen on your phone is one of the better fingerprint collectors out there !
For me, this brings up both sides of "the fingerprint discussion"
- You can't change your fingerprints - once a real copy of them are compromised, they are compromised forever
- A representation of your fingerprint is stored on the device. So if the device is lost or stolen, this representation could be used to compromise other things, if they use the same representation of your fingerprint (ie - any other device that uses the same manufacturer's hardware). Again, once stolen, they are stolen forever.
- After a couple of years, you'll likely trade your phone in for a new one, and today there isn't a way to know that a wipe of the phone wipes the saved representation of your fingerprint
- Your fingerprint may be backed up with your phone backup. Historically, your phone's backups have been easier to pillage than your phone.
- If your phone is damaged, you may not have a way of wiping it
On the other hand:
- On any given day, using your fingerprint is likely MUCH more secure for you than the 4 digit code you are likely using
- Since your phone code likely matches either your phone number or your bank code, either it's very easy to guess, or compromising it might have other unpleasent consequences for you.
There's lots of discussion on this online, I think we're still waiting on Apple to respond definitively on any of them.
Anyway, none of these arguments are new, we've been round and round on them anytime these last 10 years, since they started putting readers on laptops for login. What's changed is that there are way more phones than there are laptops, and in most cases the 4 digit unlock code on your phone is all that protects your chequing account, your facebook, paypal, twitter and email accounts.
So, am I using my fingerprints yet? Not on any of my laptops, but once I upgrade my 4S to the new model, it'll be awfully tempting to take the plunge - I guess I'm still thinking about it. If Apple would implement a "fingerprint + PIN" two factor authentication solution, it'd be an easier decision.
We welcome your comments in our discussion forum (comment button below).
===============
Rob VandenBrink
Metafore
Comments
Since your fingerprints are all over the phone, soon there will be developed techniques to lift the fingerprints off the phone and try each one till a match is found. All it takes is one that matches the datapoints stored in the phone to defeat its own security.
Anonymous
Sep 23rd 2013
1 decade ago
Anyone who has ever gained a Federal security clearance, worked or volunteered in education (at least in California), worked in kids church (at any church that doesn't want to be sued for lack of background checking workers), obtained a firearms permit (fingerprint/background check required everywhere I've applied), etc. has their fingerprint "credentials" already stored at the State and/or Federal level.
IMHO, Fingerprints are very much not "something you are" when it comes to authentication. It is very much "something you know" (stored data), "something you have" (lifted prints or a synthetic copy), and for one person "something you are." Of course, tokens are very much the same way - if the seed and algorythm are known/obtainable, then it is reduced to "something you know" and not "something you have."
At untrusted locations (e.g. anywhere other than a law enforcement office rolling your fingers), fingerprints should only be used as an additional piece of information and never a sole verification.
Anonymous
Sep 23rd 2013
1 decade ago
Anonymous
Sep 23rd 2013
1 decade ago
I'll stick with my (redacted) digit number-which-is-not-from-anything-like-phone-bank-or-id-numbers-I-use-thanks. And the setting which, while annoyingly wasting several hours of my time restoring the darn thing when some kid sat there playing with my tablet, zaps it after 6 failures.
Anonymous
Sep 23rd 2013
1 decade ago
So the protection is against the thieves stealing the phone to get access to random data or trying to wipe the phone before a resale. iOS 7 stopped the wipe (needs the iTunes password). So now we are up against the criminals, that don't see any purpose of spending the resource to break into the phone. For me, the fingerprint is fine. And there is the added security of you being able to wipe the phone. So if the thief tries to use the phone to access online content, et gets reset, and keeps password protection for activation. Fingerprint is fine.
Anonymous
Sep 24th 2013
1 decade ago
The iPhone 5s does implement use of the pin code in certain circumstances. For instance, after reboot you are required to enter your passcode. Also, I have enable passcode plus fingerprint and I am using a stronger password because of the new fingerprint technology.
I agree with all the issues you brought up. We need to consider these in depth.
Thanks,
TJT
Anonymous
Sep 24th 2013
1 decade ago
Anonymous
Sep 24th 2013
1 decade ago
"XYZ company fingerprint database hacked and 10,000,000 fingerprint ID's have been compromised. XYZ company is advising users to register a different finger ASAP to reduce the risk of ID theft, information theft, and financial theft".
The problem is, we only have 10 fingers (at least most of us do) to select from vs. a virtually unlimited supply of cards. Imagine if your credit card company provided you with 10 cards, and no more than 10, for life. You would probably be on your 10th card by age 40 (given that most heavily used credit cards are compromised in under 2 years). And if using fingerprints, good luck calling Apple/company asking them to "reset your fingerprint" because it was compromised when you lost your phone. Even worse, some banks are considering moving from card+PIN for ATM's to fingerprint+PIN. Let's think about this:
...Today (with card+PIN), if your ATM card is compromised, they cancel your old card and send you a nice new fresh card. You can change your PIN as well for added security. Problem solved.
...Tomorrow (with fingerprint+PIN), if your fingerprint is compromised, what do they do? Ask you to register a new finger? Send you a new fingerprint in the form of some kind of latex "finger glove"? Instead, what will probably happen, is that your fingerprint will end up on a national blacklist of known compromised fingerprints (think credit bureau style), and the bank will force you to use a 20 digit PIN to make up for it (since you can no longer use your compromised fingerprint). And they'll require you to change your 20 digit PIN every 30 days because your fingerprint has been blacklisted and now your PIN is the only means of authentication. Or, they'll force you to migrate back to a card+PIN and your innocent fingerprint will forever be on the "compromised" list.
If banks do move to fingerprint+PIN, then it's also just a matter of time before ATM card skimmers are replaced with fingerprint skimmers and latex fingerprint printers. And how exactly would they respond to compromised fingerprints... ask you to get a new set of fingerprints? I can't think of a worse idea for authentication than fingerprints (convenient... yes, but secure... definitely not). Ok, maybe using "password" as your password is worse than a fingerprint but that's about it. Biometrics is not the way to go for mass market identification/authentication. Something you know + something you have is still the better solution. I'm hoping, for security's sake, that this biometric movement is just a short-lived phase/fad.
I would even prefer an implanted chip (VeriChip/PositiveID/etc.) to biometric fingerprints. Ideally, a microchip solution would include a chip that can be disabled (if needed) and most importantly, reprogrammed (if compromised). This is slightly more invasive but a good compromise to vulnerable and unchangeable human biometrics.
I'm sure the masses will flock (they already have thanks to IOS 7) to biometric fingerprints because they are so easy and so convenient. How long, though, before we see people wiping their glasses down at restaurants, wiping their carts down at grocery stores, or questioning every item that someone asks them to hold... wondering if it has a secret capability to scan fingerprints. How long before you have to wipe down your rental car or hotel room hoping that you didn't leave any prints behind?
Unfortunately, a world full of people wearing latex gloves to protect their ID's isn't too far away.
Anonymous
Sep 24th 2013
1 decade ago
Anonymous
Sep 26th 2013
1 decade ago
Anonymous
Sep 26th 2013
1 decade ago