Thread: iPhone 5S, 5C Announced
View Single Post
Old 09-16-2013, 09:39 PM   #91
holymadness
Guru
holymadness ought to be getting tired of karma fortunes by now.holymadness ought to be getting tired of karma fortunes by now.holymadness ought to be getting tired of karma fortunes by now.holymadness ought to be getting tired of karma fortunes by now.holymadness ought to be getting tired of karma fortunes by now.holymadness ought to be getting tired of karma fortunes by now.holymadness ought to be getting tired of karma fortunes by now.holymadness ought to be getting tired of karma fortunes by now.holymadness ought to be getting tired of karma fortunes by now.holymadness ought to be getting tired of karma fortunes by now.holymadness ought to be getting tired of karma fortunes by now.
 
holymadness's Avatar
 
Posts: 722
Karma: 2084955
Join Date: Dec 2010
Device: iPhone
iPhone 5S, 5C Announced
Quote:
Originally Posted by Sil_liS View Post
I don't see why anybody would assume that the article talking about the data from the sensor being "turned into color and luminance values" would refer to the sensor of the fingerprint scanner.

The discussion went like this:
[snip]
I replied by quoting an article that mentioned RAW data, that while it can be converted into an image, is not an actual image.
Yes, it is quite puzzling that someone would assume an equivalence between the way photo data and fingerprint data are stored, transmitted, and interpreted when he has no knowledge of the technical specifications of the system in question. No one knows what is stored on the iPhone or in what format except Apple itself, which means that your theory is based on conjecture.

And I still can't figure out why you're belabouring the point in any case. Let us say that the phone simply took a photo of your fingerprint and used that for your ID. Let's even say hackers could easily get access to it. What then? Your fingerprints have been freely available to anyone who wants them your entire life.

The amusing thing is that the article you quote is bullish about the technology, which it considers to be more secure than a passcode: "it eliminates the chances of a thief guessing your code by the greasy blotches or watching you input it before taking the device."

Quote:
My initial intervention on this point has to do with the notion that the fingerprint data from the phone is less than the data from a normal fingerprint scan, when in fact it is more accurate and complete. And while we leave thousands of fingerprints around every day they aren't as reliable as some TV shows make it seem. You can look at the screen of your iPhone for that: how many smudges are complete clear fingerprints?
You're simply wrong. In 2008, when fingerprint-gate was nary a glimmer in the eye of tech pundits and before forum posters suddenly and miraculously become security experts, a German "hacker" group protested against the introduction of biometric passports by obtaining and releasing the fingerprints of the country's interior minister.

By reverse engineering a handheld device with a capacitance touch fingerprint scanner, right?

"The CCC got its hands on Schauble's prints thanks to a sympathiser, who scarpered with a glass used by the minister during a panel discussion and handed it over to the hackers. Along with Minister Schauble's fingerprint, the group also published... a guide on how to capture someone's fingerprints from a glass successfully."

Oh.

Obtaining fingerprints is trivial. Always has been. So why are you only now suddenly so up in arms?
Quote:
You are assuming here that the reticence regarding the use of a passcode has to do with the inconvenience of having to enter it every time and not the inconvenience of having to remember another code. But let's take your example. If it's cold and you want to use gloves, or you use hand cream, or if your finger is wet for whatever reason, you can't use the fingerprint scanner and you have to enter a passcode.
If you can't use your fingerprint scanner because you're wearing gloves, you can't use the touchscreen in any case, so why would you be attempting to access your phone? Perhaps you are imagining some sort of person who has filthy, greasy, dirty fingers 24/7, all year round. Well, I guess they won't be using the scanner, but their phone will be no less secure than it was before. The real question is why do you assume that no one is going to take advantage of this technology? I think tons of people will. It will prove massively popular for its 'wow-factor' alone, not to mention the convenience.

You're searching for excuses to find fault with something about which you know very little and which you have never seen implemented. Again, why? What, specifically, is the nature of your concern?

Quote:
It's an additional layer of security that is mandatory to a new feature that is a layer of security.
And? Is this supposed to be significant? This is like reproaching a bank for having cameras and a security guard.

It is telling that, once again, you immediately jump to the worst possible conclusion without any evidence that it's the correct one. Aside from an additional layer of security, it seems prudent to build a secondary fail-safe system into a security protocol that has fairly rigorous requirements (that the user be physically present to access the phone, and that the user's fingerprints be readable). I can think of lots of situations where those conditions would be unfulfilled, but where the user would still want access to his or her phone using a passcode. If someone leaves their phone at home by accident and wants a family member to unlock it and look something up for them. If someone suffers an accident where their fingers or hands are mangled or lost entirely. If someone's fingerprints change due to aging or other genetic factors, rendering them unrecognizable to the scanner. If the stored fingerprint data becomes corrupted. If someone's fingerprints are too dirty to be read but cannot be immediately cleaned (covered in paint, for example). Ad infinitum.
Last edited by holymadness; 09-17-2013 at 02:04 AM.
holymadness is offline   Reply With Quote