Fingerprint thieves?

Since we got the news about Apple’s iPhone 5S with a fingerprint sensor, there has been so many speculations about how dangerous it might be. Dangerous? Come on, really?

The first one is that Apple will collect a bank of fingerprints. Of course they will, because it’s so handy to have many fingerprints, they are valuable too and that’s why you can see fingerprints thieves everywhere collecting fingerprints from glasses in cafés and bars, from handles, from glossy books, from other glossy surfaces and then they sell these fingerprints to, eh, wait a minute? Who are they selling them to? Who wants a fingerprint? How much do they pay? Oh? Right, people might not be that interested in fingerprints after all… hm?

Well, Apple will still collect the fingerprints, right? NO they won’t! They have no interest in doing that. In fact they have more interest in proving to their customers that they can’t get access to their fingerprints and that’s why the fingerprints you scan and save on your iPhone, are stored in a separate card that doesn’t communicate with the other units in the phone.

Then these German, ”clever” hackers came up with the big news that they have created a fake fingerprint in latex, put that on a finger, moist it a little and then it worked to lock up the iPhone 5S screen. So, how useful is that? Why would you want to be able to lock up some other persons iPhone 5S? Well, because you want access to it’s content of course. You can have different reason to why you want that access.

If you for example suspects that your partner is keeping secrets from you or if you want to play a joke with a friend, then it’s easy to see that you might get plenty of opportunities to get hold of that needed fingerprint and since you probably spend a lot of time with your partner or friend, then it’s also possible that you could get hold of their iPhone before the code lock is activated, so that you can get access with the fingerprint. Yes, you read that right: code lock. You see, even if you use the fingerprint sensor to unlock your screen, it will still activate the code lock if you leave your iPhone inactive for a while. Then you have to know the code – or you could try to guess the code, but hey, you were going to use the latex fingerprint now, when you have done this smart achievement to get it. So, then you have to get hold of the iPhone before the code lock gets activated. Good luck!

If you are a thief on a public place there won’t be much use of this fake, latex, fingerprint. You can’t just steal the iPhone, steal the owners fingerprint, run away, unpack your ”how-to-make-a-fingerprint-in-latex-kit” and then SESAM use that fake latex to unlock the screen – because by then the code lock will be activated.

A smarter thief would steal the iPhone while it’s active, keep it active and then ran somewhere where he can change the safety settings and inactivate the code lock, except, if you want to shut off the code lock, you need to know the code…

So, even if you manage to make a fake latex fingerprint and you are quick enough to snatch the iPhone from your friend, you can’t relax if you want to be able to use it. As soon as the iPhone is inactive so that the code lock gets active, then there’s no point in using the latex fingerprint…

If you are a spy in Mission Impossible you will of course be able to make that fake latex fingerprint, snatch the iPhone in the right, active moment and then very quickly use it to send a fake text, steal a photo or something like that. You can’t however download an app – if you haven’t got the Apple ID, you can’t log in to the bank, order something online and you can’t get access for logins and other protected information that the owner keeps in an app like 1Password. You will need other logins to do that. Well, you could probably find some notes and you could get access to DropBox and that might be valuable for you if you are a spy. On the other hand, if you are a spy, you probably know a lot of other ways to get access to that…

If you however are a regular guy with a regular life, you won’t have so many spies lurking around your house. The thieves might have other ways to get inside your iPhone – but then you have of course activated ”Find My iPhone” right? And then you can turn it off…

Finally, what if they cut off the owners finger and uses THAT for the fingerprint sensor! Ha! Well, there’s not much point in doing that. To start with it’s messy. It will be useful for a very short time… and it has to be moist (like the latex has). By the time it takes to handle all this, the code lock will probably get activated again…

I think the speculations about Apple’s fingerprint sensor are really making a chicken farm from a feather and people who read those speculations and don’t bother to get the information or think by themselves, will not understand how smart and simple the feature with a fingerprint sensor is.

It’s just a very cool way to unlock your iPhone, it’s so easy to use that a lot of people will use it, that means all of them will activate the code lock as well and that means all those people will protect their iPhones a lot better than they do today, because it’s not fun to use the code lock ”all the time”.

Update

I found a very interesting interview with Jony Ive and Craig Federighi. They talk about the fingerprint sensor and Craig remember their concerns during the creative process:

”…we’re going to have to build in our silicon a little island, a little enclave that’s walled off so that literally the main processor—no matter if you took ownership of the whole device and ran whatever code you wanted on the main processor—could not get that fingerprint out of there…˝

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *