back to article iPhone 5S: Fanbois, your prints are safe from the NSA, claim infosec bods

Apple’s decision to bundle a fingerprint scanner with its newly unveiled iPhone 5s has the potential to become a game-changer for personal device authentication. But the success of "Touch ID" fingerprint authentication will depend on security as well as reliability, according to market-watchers. The fruits of Apple's …

COMMENTS

This topic is closed for new posts.
  1. Ambivalous Crowboard

    This article reads a bit like

    a "here's what everyone else has to say about the iPhone fingerprint scanner"

    I particularly liked the bit from the bloke who sells SMS authentication who says that, when talking about authentication methods, if it isn't SMS authentication then it's crap.

    Why, how objective of you!

    1. Chad H.

      Re: This article reads a bit like

      Yes, I thought that was an odd voice as SMS authentication, whilst a nice hacked-up token method is nice and convenient, is about as useful as tits on a bull for the purposes the iPhone sensor will be used for.

    2. ItsNotMe

      Re: This article reads a bit like

      Only one slight problem with Apple's description of this.

      "The authentication system features a redesigned home button and a metal sensor ring around it. Apple's promotional blurb explains: "[The sensor] uses advanced capacitive touch to take, in essence, a high-resolution image of your fingerprint from the sub-epidermal layers of your skin."

      Your fingerprints are a part of the epidermal layer of your skin. Try consulting a medical dictionary next time Apple.

  2. thesykes

    "a new fingerprint reader for iPhone smartphone is likely to spur widespread use of fingerprint readers as authenticators"

    Really? I would've thought this appearing on an iPhone signals the death knell for it. Apple will no doubt have lodged a "on a mobile device" patent already (ignoring the Motorola phone with fingerprint scanning as prior art). Therefore, any use by other manufacturers will result in court cases and import bans.

    1. DougS Silver badge

      Here we go again

      You can't patent an idea, no one can patent "fingerprint reader on a phone". They could, however, patent a particular way of doing it. If the way they managed to integrate the sensor into the home button was an invention in itself, they'd be able to patent that, and someone else who wanted to put a sensor in a button would have to find a different way to do it.

      Of course, if Apple has filed some sort of patent on this the headlines will all read "Apple patents fingerprint reader on phone" and people will say "how can they get away with this, Atrix is prior art!" and not read the list of claims in the actual patent (assuming the article even bothers to link the patent)

      1. Anonymous Coward
        Anonymous Coward

        Re: Here we go again

        Apple bought the basic technology with a company - they own any patents without lifting a finger.

  3. J P

    So does this mean muggers will now have a second use for the bolt-croppers they use on bike locks - taking the finger along with the phone? (Presumably there's scope to change the print that the phone recognises, so you wouldn't have to actually sell it with the original owner's digit once you'd reset the authentication)

    IIRC there were some unpleasant incidents in Hong Kong when Mercedes brought out a fingerprint authenticated car, so while I'd hope things wouldn't go that far just for a phone, it does raise fears for how lowlifes might try to get around the tech...

    1. chr0m4t1c

      I thought most phones were stolen for the hardware, not the data on them.

      In addition to that, the police say that the majority of thefts are "snatches" - phones taken out of open handbags, pockets, off tables in public places or even just directly from someone's hand as they're using it.

      I can't see this technology changing that at all.

      BTW, your unpleasant incidents in Hong Kong appear to be one incident in Malaysia in 2005, at least that's all that's turning up on a Google search.

      1. J P
        Pint

        @ chr0m4t1c

        I'm sure you're right about the hardware/data motivation for thefts - outside of Hollywood, I can't really see thefts being based on the contents of the phone; it's going to be the resale value of an unlocked handset that motivates the average junkie. So if the means of unlocking changes, the pattern/method of thefts may change.

        The worry of course is how they go about unlocking the handset, and that's what got me thinking. It may be that the gummi-bear solution works, but if that's the case then (as other commenters have pointed out) the NSA is going to be the least of any fanbois' worries once the shell of the phone is covered in their prints. However things turn out, the 5s is bound to sell at a premium, and that will in turn enhance the incentives to get hold of a saleable example, by hook or by crook.

        Thanks also for taking the time to check on the Mercs story; glad to know I was only vaguely divorced from reality in my memories; I hadn't realised it was as long as 8 years ago... I'm slightly less thankful for you reminding me just how old I am :-)

    2. jubtastic1
      Thumb Up

      iphone 5S for sale

      Comes with free gift: unlucky human finger keyfob.

  4. Ralph B

    Of course they would say that

    If Apple were being required by the NSA to pass on all finger prints collected to the NSA, then, of course, the NSA would also require that Apple must deny that they are doing so. Just like with FISA gag orders.

    iPhone 5S can enjoy the convenience of fingerprint identification for unlock and app-purchase, but they should not be surprised if the authorities unexpectedly identify them from crime scene evidence, or if the authorities can unexpectly unlock their iPhone using an official (skeleton) finger.

    If you're worried about this in connection with anything you're doing, then maybe you shouldn’t be doing it in the first place. (Different company, same mentality.)

    1. Dan 55 Silver badge
      Black Helicopters

      Re: Of course they would say that

      Could the law as it stand force Apple to push out a software update if demanded by the NSA which, as well as storing the fingerprint on the A7, also upload it to Utah (or iCloud)?

      1. Anonymous Coward
        Anonymous Coward

        Re: Of course they would say that

        Could the law as it stand force Apple to push out a software update if demanded by the NSA which, as well as storing the fingerprint on the A7, also upload it to Utah (or iCloud)?

        Honestly.. The iPhone doesn't store an image or a loop pattern for a finger, but a hash. If Apple has had any sense, that hashing sits in the hardware sector surrounding the sensor, so they couldn't change that if they wanted to, or were forced to.

        What COULD happen is that the hash is exported, but if the hash incorporates, for instance, parts of the hardware it will be useless outside the device.

        On the flip side, it is indeed possible for any mobile provider with a US HQ to be forced to silently collaborate with intercept. That is, after all, the law in the US (people hollering at the NSA is wrong - they should yell at those that task it because the orders are illegal - the NSA simply does what it was set up to do). However, that is not limited to Apple. If anything, Apple sells hardware, with some software sauce to facilitate that. Android's architect, however, IS in the data gathering business and has already repeatedly appearing in court for being a tad too enthusiastic in ignoring the laws that surround ownership of that data and privacy. Microsoft also has had a tad casual approach to other people intellectual property, but I'm not sure how deep they were into data gathering.

        Take your pick who you trust least. "Neither" is probably the correct answer (still have my trusty Nokia 6310)..

        1. Dan 55 Silver badge

          Re: Of course they would say that

          Who knows what the fingerprint reader driver will do, I very much doubt the hash will go straight from the reader to the CPU without touching anything in the middle.

          Which means everyone's favourite beardy wierdy was right.

      2. Anonymous Coward
        Anonymous Coward

        Re: Of course they would say that

        "Could the law as it stand force Apple to push out a software update if demanded by the NSA which, as well as storing the fingerprint on the A7, also upload it to Utah (or iCloud)?"

        Probably already are! It'll be another "oops sorry, it's a bug. We didn't know, honest!" scenario.

      3. DB 2

        Re: Of course they would say that

        Probably find the iphone backup software for pc stores the fingerprint and some cloud backup options will be offered. The NSA leaks show they love iphone backups.

    2. sabroni Silver badge
      FAIL

      Re: Eric Schmidt quotes?

      Did he really say "Error establishing a database connection"?

      1. Ralph B
        Black Helicopters

        Re: Eric Schmidt quotes?

        Did he really say "Error establishing a database connection"?

        He obviously called in the black helicopters to silence that site. Let's see if he will take down The Register too.

    3. Rob Crawford

      Re: Of course they would say that

      Today the fingerprints are NOT passed onto the NSA (et al) and are stored securely

      Couple of updates later the fingerprints ARE uploaded to the NSA for secure storage.

      Wonder if every ios future update will be checked by the security types for what happens to the data

  5. Anonymous Coward
    Anonymous Coward

    Liar's paradox

    So, let's see for a second what is the possibility of:

    1. The aforementioned expert is not telling the truth and the biometrics are harvested and stored.

    2. He is subject a FISA court letter not to tell the truth.

    Plausible? Hell yes...

    Don't you just love laws that mandate that _ANY_ recipient of any capricious request issued by Комитет Государственной Безопасности lie about anything said agency prescribes them to. Constitution? Rights? Laws? Yeah... we heard about them... they are in another reality for now. Not in this one.

    As long as there is a law which effectively puts every cittizen and every corporation under higher level security clearance requirements it does not matter what Apple says. The law explicitly and in writing specifies that there is _NO_ reason for us to believe them.

    Gotta love the results this will have long term on public (both American and abroad) trust.

    1. Chad H.

      Re: Liar's paradox

      I don't think it is plausable.

      Whilst they can compel you not to speak, the national security letters can't compel someone to lie and say the opposite situation definitively exists.

      1. Dan 55 Silver badge

        Re: Liar's paradox

        Why is it not plausible? It's already happened with several big tech companies in the US.

  6. edge_e
    Big Brother

    <rant>

    integrated capacitive fingerprint sensor will build legitimacy for the technology in mainstream consumer electronics, although privacy concerns are bound to raise their heads in these newly paranoid times

    The first half of that sentence translates as

    Look into my eyes, not around my eyes, into my eyes. You're under. Giving your finger prints is a good thing, look how secure it makes your phone. Wouldn't it be wonderful if you could do everything by touching your finger against a little pad. What could possible go wrong?

    The second part is both understatement of the year, yet also subtley phrased to make you think that those concerns are ludicously paranoid.

    </rant>

  7. Mr C

    rules (and promises and claims) are meant to be broken

    "Why is a fingerprint sensor on an iPhone such a violation of privacy when laptops have featured them for years and no one even blinked? Giving our fingerprints to Wintel PCs and various border control for years but Apple = NSA? This is crazy."

    uhm idunno maybe because

    1. i dont carry my laptop in my pocket and take it with me whereever i go?

    2. i never actually used the fingerprint thingy on my laptop? nice gadget, but no thanks

    Actually, aside from this, i rules are meant to be broken. So now they might claim that fingerprints dont ever go to the cloud, but who's to say they won't go back on their word later?

    I've heard plenty of times claims being made which where then brushed aside the first opportunity there was profit in it for someone.

    1. Anonymous Coward
      Anonymous Coward

      Re: rules (and promises and claims) are meant to be broken

      Unbelievable. The first time you can genuinely give the NSA the finger and you all whinge.

      /me shakes head

  8. Anonymous Coward
    Anonymous Coward

    Spooks delight, fanbois in fright!

    What a time to release fingerprint harvesting technology like this during the current perfect storm! Genius!

    How can anyone, post Snowden, be under any illusions of digital privacy anymore? If you are reasonably intelligent, and can think of a plausible way of exploiting this, then you can guarantee that someone with a billion dollar budget has already thought of the same thing.

  9. Maharg

    So, has anyone had a look at the specs for this, is it going to check pulse and count the pores, or can I get into it with some talcum powder and a bit of sticky tape?

  10. JDX Gold badge

    Boring

    As it says, this has been on laptops for ages.

    More relevant is the point about airport security - surely anyone travelling on an internation flight in the last few years has been fingerprinted in some way. It's been a while but don't they routinely check fingerprints and retina scans?

    I remember I got taken into a small room because my prints didn't match - due to playing guitar I think.

    1. J P

      Re: Boring

      Bricklayers often have problems with fingerprint recognition too - so no point them queuing up for the new iShiny then.

      1. Anonymous Coward
        Anonymous Coward

        Re: Boring

        "Bricklayers often have problems with fingerprint recognition too - so no point them queuing up for the new iShiny then." ......and those who handle acidic products (fruit, such as), guitar players, etc...

        Like to see the pleb at the "genius bar" explain that the user must change career!

        1. Darryl
          Joke

          Re: Boring

          You mean like:

          "Just change careers. Not a big deal

          Sent from my iPhone"

    2. Triggerfish

      Re: Boring

      Nope I was never fingerprinted or retinal scanned when I went on holiday at the beginning of this year.

    3. Neil Porter

      Re: Boring

      It depends on what queue you go in at passport control. Not everyone has the new fangled biometric passports.

    4. Mr C

      Re: Boring

      " surely anyone travelling on an internation flight in the last few years has been fingerprinted in some way."

      Well at a airport they're not hiding what they're doing, you just *know* that info is going to go into a government database, 'for your own safety' .

      But its different on a mobile device, where, besides the manufacturers word, you can't effectively control who gets that information, when, how often, how it will be used and most importantly you might never know about it.

  11. Wang N Staines

    It stays on the A7 until the NSL arrives, ask the Lava dude.

  12. Piro

    Time Warp

    Woah, we're back in 2003? iPaqs are all the rage, and some models have fingerprint scanners.

    Flash forward to 2013, nobody wants to waste good area that could be used as screen on a bloody fingerprint scanner.

    Other than Apple, with their mighty bezels.

  13. fishman

    It's not new.

    Motorola sold an Android phone (Atrix) a few years ago with a fingerprint reader on it.

    1. Mike Bell

      Re: It's not new.

      The Atrix had a swipe sensor. Temperamental and inconvenient.

      Is that the 'new' that you're talking about?

      1. Anonymous Coward
        Anonymous Coward

        Re: It's not new.

        "The Atrix had a swipe sensor. Temperamental and inconvenient.

        Is that the 'new' that you're talking about?"

        Now now Mike, let's not split hairs, swipe sensor or full image, fingerprint scanning is fingerprint scanning. The end result being authentication from finger print. And it's been done before!

  14. Anonymous Coward
    Anonymous Coward

    and on el Reg

    Apple = Bad

    Google = Good

    Microsoft = Evil

    Can all Reg readers just conform to this? Sure makes commentarding easier.

    1. Anonymous Coward
      Anonymous Coward

      and to post anonymously

      Butt hurt anonymous apple fan, strangely blind to all the butt hurt anonymous google fans on here. The Register HATES YOU ALL!!!!! GOT IT?

  15. Wanda Lust

    Pinky

    Bruce Schneier got it about right with the point of it being a good compromise between security and convenience, typing PINs is such a pain in the ass.

    Worrying about NSA, etc, is a bit moot because everything on the iPhone (except the fingerprint, of course) is in the clouds and accessible by them plus however has your iTunes credentials.

    I suggest using a 'pinky' finger on an iPhone5S: thumb and forefinger much more likely to be impressed elsewhere! Now, there's the start of something.

    1. sabroni Silver badge
      Happy

      Re: typing PINs is such a pain in the ass.

      Drawing an unlock pattern on an android phone is surprisingly loads better (imo). Was playing with an ios7 device yesterday and it's PIN style unlock seems positively clunky in comparison.

      Oh no! I must be a massive Google fan and member of the Borg, I like a single feature on Android!!! (just getting in before the AC haters!)

      1. Anonymous Coward
        Anonymous Coward

        Re: typing PINs is such a pain in the ass.

        "Oh no! I must be a massive Google fan and member of the Borg"

        Let's not mix analogies. Being Borged is definatley being Apple brain washed. Our yoof have been borged in huge swathes.

    2. Frumious Bandersnatch Silver badge

      Re: Pinky

      Bruce Schneier got it about right ...

      Don't forget that this is the same Bruce Schneier that thought it was fine to start displaying passwords on screens. Also the same man that never complained about Phorm, despite working for BT. Sure, the guy's a legend, but he's not always right.

    3. Anonymous Coward
      Anonymous Coward

      Re: Pinky

      "Bruce Schneier got it about right with the point of it being a good compromise between security and convenience, typing PINs is such a pain in the ass."

      Sorry, but that is just so Girl. WTF???

      I can unlock my phone in 1 second. W O W. That's such a PITA!

    4. Scott Wheeler

      Re: Pinky

      > everything on the iPhone (except the fingerprint, of course) is in the clouds

      Speak for yourself. I don't use cloud storage, and I don't use Siri (because it would upload my contacts). You may be happy living in the panopticon, but you don't speak for everyone.

  16. Alexander Hanff 1

    Believe Apple? Erm no.

    All this crap about the fingerprint data being secure is exactly that, crap. There is absolutely no way Apple can assure people that the data is not shared with anyone given the revelations about the NSA and their buddies at GCHQ etc.

    We simply cannot trust that the NSA don't already have access to the fingerprints and that Apple are under a Gag Order - in fact you have to assume that Apple have already provided access to the phone through a backdoor because of CALEA which requires manufacturers to backdoor -all- telecommunications hardware - last I checked a cell phone was a piece of telecommunications hardware (as are android and windows phones). So before you even begin to think about National Security Letters, PATRIOT, FISA & FISC you have CALEA.

    Furthermore, if you have an iPhone 5S and you travel to the US, can we now assume that if your device is taken at the border accessing the contents is now a trivial matter since all people entering the US have to give their fingerprints - which presumably can be used to unlock the device.

    Your fingerprints are not safe on this device - there is nothing Apple can do to guarantee their security and that security is probably already compromised as a matter of law. Don't drink the cool-aid.

    1. Mike Bell

      Re: Believe Apple? Erm no.

      Personally, I recommend always wearing gloves whilst outdoors in order to protect one's precious fingerprints.

    2. Grant Mitchell

      Re: Believe Apple? Erm no.

      Your fingerprints are as safe on the device as any other thing your carrying.. You're missing the obvious point about fingerprints now, aren't you? I don't have a fingerprint scanner on my laptop, or my phone... but my laptop and phone have my fingerprints. It's not even a new problem, the O'Relly book (old analogue tech in front of me on my desk even has my fingerprints!). Your fingerprints are not safe, BECAUSE YOU LEAVE THEM EVERYWHERE DUMMY!! If the you have been stopped at a border crossing, handing over your passport is giving them your fingerprints! Yes, you hand it to them! SHOCK!

      Now sit back, breathe and think about what your fingerprints are used for. Consider for a moment does this technology give anyone the cool pictures that appear on CSI when you watch this? Does it read that oily print you left at the crimescene... from several fingers? THINK (PLEASE!) if I wanted to get your fingerprints off your phone... take 2 seconds to consider how I could do that even if you don't have a scaner on your phone.

      1. Alexander Hanff 1

        Re: Believe Apple? Erm no.

        Ok first of all your response made absolutely no sense in the context of what you were replying to, but I will humour you all the same.

        Your first paragraph is completely irrelevant - the difference between leaving my fingerprints everywhere (along with lots of others people's) is they have to be manually collected at considerable cost. As for your border crossing point - what exactly were you addressing with this with regards to my original comment? Let me answer it for you - absolutely nothing.

        Second paragraph - again completely irrelevant to my original comment.

        Read the following very slowly so you can take it in and maybe comprehend.

        My comment was not about how often we leave our fingerprints behind in spaces we interact with.

        My comment was not about the fingerprints we leave on our passports or the cases to our phones and laptops.

        My comment WAS about the fact that nothing Apple say regarding the security of the fingerprints automatically stored on the iPhone 5S can be trusted - let me explain again why - again with the hopes you might actually bother to read instead of just responding with random crap.

        CALEA is a law in the US which requires all companies in the US manufacturing telecommunications hardware to provide a backdoor into that hardware for surveillance purposes. That means the iPhone 5S (and all previous iPhones, Android Phones made by US companies, Windows Phones made by US companies) almost definitely already have a backdoor into the device BY LAW.

        FISA, PATRIOT and National Security Letters all give access to the device and the fingerprints stored upon it BY LAW and kept quiet via accompanying gag orders.

        So again, THE POINT - Apple CANNOT guarantee that the security of the fingerprints stored on the device will not or has not already been compromised as a matter of law neither could they tell us if it had.

        Apple are in an almost unique position with regards to CALEA since Apple are classed as the manufacturer (yes they outsource the fabrication but the design and manufacturing are completely under Apple's control - a US company under the jurisdiction of CALEA, FISA, PATRIOT).

        Google may be in a similar situation with regards to Motorola and their original Nexus devices but most other Android devices are manufactured and sold by non US based companies.

        Microsoft now they have bought Nokia are also vulnerable to CALEA and were already vulnerable to FISA/PATRIOT.

        Now whether or not you give a flying fsck about your fingerprints being stored in a massive database for whatever purpose the government chooses to use them for is entirely your choice - but the vast majority of the civilised world do not want the same.

        Next time you respond to a post, actually read it instead of typing completely irrelevant nonsense in reply.

        1. Sean Timarco Baggaley

          Re: Believe Apple? Erm no.

          Okay, answer this:

          If the NSA already have a backdoor into my phone, why the hell would they even *need* the fingerprint hash data? A fingerprint scanner is a means to an end. As far as the NSA are concerned, they already have the master keys to every US-made / designed phone, so they don't need *our* keys at all!

          Either way, there's no reason for Apple to lie about that fingerprint scanner and how it works. The fingerprint hash is of no interest to the NSA: They're _already_ in. Their interest is primarily in your communications, not your biometrics. If they genuinely think you're a threat to national security, they'll send the boys round to get them, whether you want them to or not.

          The NSA's activities are an entirely predictable symptom of declaring war on an *emotion*. "Terrorist"-type attacks in most countries tend to be carried out by citizens of said country – the Oklahoma bombing; the 11-SEP-2001 attacks, the London bombings in 2005, etc. were all carried out by people already within the target nation's borders. Given this, it's hardly a big shock that the NSA (and their peers in other countries) were spying on their own citizens as part of their assigned duties.

  17. Wanda Lust

    Chill

    The fingerprint thing is just to stop the parents looking over the kids shoulders & reading their PIN codes in order to find out what naughty activity the little 'uns are gettng up to on their iThings.

    I'll have to drug the little blighters now so they sleep more soundly and I can grab their fingers and touch the sensor or else hope there's an alternate/backdoor PIN.

  18. Jess

    Even if it is stored locally, by default,

    it is hardly likely to be stored in a module that is inaccessible to the main system, and it is similarly hardly likely that the reader is inaccessible to the main system.

    So when Apple receive a secret order to provide access to an iPhone, does anyone really think that the finger prints won't be provided along with all the other data they are obliged to provide?

    Almost as obvious as the XBox 180's camera

  19. Anonymous Coward
    Anonymous Coward

    Iphone 5s software update 2

    A few problems:

    The fingerprints can be stored as advertised at present - securely and locally. However what would it take for the NSA to demand that all the prints are uploaded to a Central NSA database ... Apple would be legally bound to deny its happening ... and a closed OS would make it difficult to verify that NSA data leakage wasn't occurring ... especially if the data was send encrypted and via standard apple servers... chances are you'd never know.

    The only option is to trust the NSA ...

  20. Seven_Spades

    Can't the authorities eavesdrop on mobile phones without the phones indicating they are active?

  21. Anonymous Coward
    Anonymous Coward

    Why is this even an issue.

    I have an ipaq back from oh 2003/4 that has a fingerprint scanner. Cant access the device without it.. As an anti appler what's the big deal about it all. Apple seem to be lauding it as some wonderful new tech. Seems to me they are 10 years behind compaq,hp,Toshiba etc

    ...

    1. Anonymous Coward
      Anonymous Coward

      Re: Why is this even an issue.

      differences are, ubiquity, connectivity and ease of abuse. Plus the tin foil hats are being proved right ...

  22. jb99

    The real reason...

    The police and courts already extensively use people's phones to try to prove people's locations when they are accused of a crime. But there is always the defense that it wasn't you that had the phone. That it had been stolen for example.

    But now they get to "prove" it must have been you carrying the phone because you unlocked it with your fingerprint.

    Basically it's just an upgrade to the government tracking devices that most people _pay_ to carry around with them.

    The scary thing is that this would have seemed like paranoid ranting a year ago. Now it just seems obvious.

    1. Anonymous Coward
      Anonymous Coward

      Re: The real reason...

      Nice point - now they can track your phone, and prove that you were with the phone every time its unlocked.

  23. Eradicate all BB entrants

    With everyone mentioning ....

    ..... the Motorola and iPaq fingerprint reader everyone seems to have missed the face unlock on the Galaxy S3. Isn't that a biometric device? As for prior art ....... nature has had it for millions of years through sight, sound, smell and the rest. Just because the reader is not an electronic device doesn't mean the function is new.

    Wouldn't a cut on the finger that would require stitches make it unusable, as such treatment is only generally used for cuts that go way past the sub-dermal layer? Also the huge fecking bandage they put on after would be an issue as well.

    I do like the continuing statements 'Only the fingerprint reader has access to the secure storage area' ..... but anything is allowed to access the fingerprint reader such as iTunes, because if it doesn't how can it be used for purchase verification?

    On a side point, regarding the NSA revelations, I bet conspiracy theorists have really enjoyed running around these past few months saying 'I told you so'.

  24. takuhii

    I'll just leave this here...

    http://www.youtube.com/watch?v=3Hji3kp_i9k

    1. Mike Bell

      Re: I'll just leave this here...

      Yawn.

      I guess we should just stop using keys in locks as well...

      http://www.youtube.com/watch?v=JZJe23UD8wU

  25. Anonymous Coward
    Anonymous Coward

    ""Fingerprint stays only on the A7, never goes to iCloud, and is encrypted," noted Rik Ferguson, veep of security research at Trend Micro"

    How would he know? The phone isn't out and he is making claims on something he has no knowledge about. How does he know how it is stored? He is basing everything on what Apple says and nothing more. What credibility will he have when it turns out that it is stored in more than one place than just the A7? Encrypted doesn't mean anything when the device itself isn't too secure. You could jailbreak the iPhone with root and alpine and that works for the Apple TV as well.

    Also, how many fingers can it store? If it is just one, better not get burned or cut. Hopefully Apple has a way that you are not required to use your fingerprint. Then someone can still get access to the device then.

  26. ecofeco Silver badge
    Trollface

    Safe?

    HAhahahahahahahahahahahahhaha

    *wheeze*

    hahahahahahahahahahahahahhahaa

    derp derp derp

  27. Anonymous Coward
    Anonymous Coward

    "Why is a fingerprint sensor on an iPhone such a violation of privacy when laptops have featured them for years and no one even blinked?" Actually, as an end-point security architect for a major government agency, I've been disabling these devices for years and resisting all user requests to enable them. You can't change your fingerprint once it's leaked and decrypted.

  28. Henry Wertz 1 Gold badge

    "He said: "Why is a fingerprint sensor on an iPhone such a violation of privacy when laptops have featured them for years and no one even blinked? Giving our fingerprints to Wintel PCs and various border control for years but Apple = NSA? This is crazy.""

    On the notebook computers, it was clear what was being done with the fingerprint data, it was fed into the password prompt and that's it. On the IPhone? Well until I read this article it was not clear at all what the scope of it was. I could have seen "just swipe here to log into I(insert only Apple service)" which could be exploitable. I've never given my fingerprints to border control or anybody else, even though I've left an re-entered the US, and I plan to keep it that way.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019