This fingerprint sensor and its potential use for payments is rather disturbing to me. I am (rightly, I would argue) apprehensive about general purpose computers acting in a "trustworthy" manner. I hope that this fingerprint sensor, which undoubtedly will be incorporated into authentication for payment systems, doesn't usher in a future of reliance on a fundamentally untrustworthy device. I really, really worry that the banks will jump on this as a way of limiting their fraud liability. (I'm thinking about how chip and PIN has been cited as a way to move fraud liability to the consumer.)
To dumb it down: I'm envisioning a crappy future where you'll end up with fraudulent charges on your credit card (via your Apple account) that you can't contest because the credit card company will say "Hey-- your fingerprint was used to authenticate this charge. Therefore you did it." I don't think that line of thinking is too cynical.
No quantity of assurances from Apple about how the fingerprint reader will be "firewalled" from third-party access will convince me. If the hardware and software were opened up for third-party analysis I might be convinced, but I really don't think that's going to happen.
This fingerprint reader amounts to a complex hardware and software system with a lot of moving parts. It will have exploitable bugs and will be hacked. I think it will ultimately used to defraud, too. Thinking about the mass harvest of fingerprint data from the public by an attacker (like, say, the NSA) also gives me the willies. Will it be possible for an attacker to steal fingerprint data and use it to compromise other biometric authentication systems? Will it be possible to use stolen fingerprint data to plant your fingerprints at a crime scene? How do you recover from the theft of biometric data? Are you issued a new thumb?
To be clear: I hate the current system of "secret numbers" embossed on plastic cards and encoded on magnetic stripes as a way of authenticating payments. At least, though, the plastic cards aren't battery-powered general purpose computers with radios attached to them. Bad as little bits of plastic and "secret numbers" are, my credit cards themselves can't betray me. A phone (or other sufficiently complex computer system) acting as my payment token most certainly could (and will).
As an aside: I don't have any RFID-chipped credit cards, nor will I. When I end up having no choice in the matter I'll microwave the cards before using them.
Seriously you need to ask yourself if this paranoid borderline delusional state is really worth it.
If the government wanted to "get you" then they could do quite fine with all the existing technologies. If they wanted to frame a crime scene they could put your DNA everywhere. If they wanted to steal your bank accounts they could get your internet banking details. They have already been harbouring fingerprints for decades now.
Nothing Apple has announced will change that one iota.
My real worry is malware and fraud from private actors-- not governments. Criminals seem to be willing to go to amazing technical lengths to steal.
Looking at the personal computer software ecosystem and home computers, which are often bristling with malware, and extrapolating to phones, which will certainly have a larger install-base than personal computers, doesn't seem delusional at all. That's a ripe target for criminals.
Here's the problem I see - your phone is covered with your fingerprints. If someone steals your phone they've got your prints.
How long will it be until a super cheap fingerprint spoof kit is available? I envision something as simple as using some rubber cement to lift a print from the phone's case, sprinkle some dust (toner?) on it to emphasize the minutiae and then wrapping it around your own finger.
It will probably be more complicated than that, but all it takes is someone to discover a vulnerability in the hardware and all current phones will become insecure. The one thing you can count on is that if there is money to be had, there will be a lot of effort expended trying to find such vulnerabilities.
Outside HN context, people in general are not that literate when it comes to tech. Maybe I underestimate it but judging from minimum data around me, there's a very good reason why only a select-few companies are known by the majority of the world.
Chopping off the fingers has all kinds of barriers.
First, it takes a much larger empathy gap to physically hurt someone in such a visceral fashion versus simply threatening them with violence in order to mug them.
Second, the owner has to be involved in order to chop off their fingers. That means simply stealing it while it is unattended or even pick-pocketing it while the owner is distracted aren't options. My impression is that those are much more common cases than muggings.
Quite short sighted. It's not at all about being paranoid. This is a key, that if stolen is not able to be discarded and regenerated. It's fundamentally flawed as once it's compromised, and it will be, you're SOL.
Or, do you actually believe you'll live behind the walled garden that is Apple and have the faith in them to protect one of your biometric markers at the first trial?
> I'm thinking about how chip and PIN has been cited as a way to move fraud liability to the consumer.
Banks can't do this. Since security researchers managed to fool they bank into believing a transaction was PIN verified while not actually being the case, banks have to prove that a transaction was PIN verified, and I believe physical access to the card is required to do this.
> To dumb it down: I'm envisioning a crappy future where you'll end up with fraudulent charges on your credit card (via your Apple account) that you can't contest because the credit card company will say "Hey-- your fingerprint was used to authenticate this charge. Therefore you did it." I don't think that line of thinking is too cynical.
This is not going to happen unless there is an unimpeachable way to prove that the transaction was signed with a fingerprint. Since Apple have said that fingerprint data will not leave the device and is stored separately in a HSM-esque manner, I'm interested to know how this could be done.
It's not always that bad. For example, Google Wallet doesn't run on Android; it actually runs on a separate secure chip. I don't know what Apple is doing but I wouldn't be surprised if it's similar.
This is the argument people made against Chip and PIN credit cards yet they are widely used all over the world with no problems. You don't use them, that's cool. But a lot of people do and it works great, and more importantly it's more secure than the pure magnetic stripe cards.
I think security via fingerprint may be a mistake. What happens if someone gets a copy of your fingerprint, what do you do for security at that point? get a new fingerprint? The NFC Ring is a better idea than fingerprint security. i think the idea will fall short of good security quickly. This is all speculation, and I am by no means an expert on security.
The sensor is epi-dermal, which means reads underneath the skin, so it does not solely rely on seeing the prints. There is a steel ring, which probably senses capacitance. Will there be exploits? Probably. Are Apple engineers incompetent to think of obvious exploits? I would put my money on NO.
In any case, I would like to see the evolution of this tech.
> Are Apple engineers incompetent to think of obvious exploits? I would put my money on NO.
They may have thought of them, but they didn't solve them for the very simple reason that it's impossible to solve them.
A fingerprint is only secure for causal use (someone picking up your phone), but it's worthless for any more security than that. It's like the face recognition on an android phone - good for causal use, but easily defeated.
A few years ago, some students from my local university went around to all of the fingerprint solution companies that were exhibiting at the CeBIT fair. All of the products that the respective companies agreed to be challenged were in fact fooled by something that originated as a fingerprint on a drinking glass.
Iphone will be out soon, pretty sure hacking/fooling fingerprint sensor is top priority for lot of people. So we will see if this common methods works on not.
AFAIK capacitance of your skin can change very frequently and rapidly. Drink too little for two days -> skin dry -> resistance goes up steeply. Even using a touchpad for an hour might dry your skin up (sidenote: I sometimes even have to moisten my fingers so my MBP touchpad registers my touches well).
Many people have proposed using biometrics to authenticate people to servers, but that's not what Apple is doing. Your fingerprint only authenticates you to your phone. So someone would have to copy your fingerprint and steal your phone to commit fraud. And if your phone is stolen, the fingerprint just needs to secure your phone long enough until you can remotely wipe it.
I'd really like to see how such an exploit would work before losing sleep over it. Fingerprint tech has moved a long way forward in the past few years. If it doesn't work, we don't need to use it.
So over the years of use I have to remember which ones have been compromised? Unlocking the iPhone with the ring finger of my off hand defeats the whole point of the convenience this is supposed to bring.
That's a pretty smart argument, must say I agree and it's along the lines of a train of thought I had afterwards. It's all about friction, and how they can minimise it, take the iTunes Store for example and how people used it. We know they sell a lot of music through it, most likely to people who pirated because who wants to buy a CD and rip it, and make sure it has the right tags and art when it's there for a reasonable price. They decreased the friction and it paid off. They did it again with the App Store, and created an ecosystem that allowed a cottage industry for indie developers that only vaguely existed 8 years ago.
Apple excels at reducing friction for users to achieve what they want to achieve, I wouldn't be surprised if they had this in mind even more so than improving security.
Fingerprints aren't changeable and they're not really secrets. Security fail. They are good for things like tracking convicts or parolees or DRM shackled users which are usage scenario were you don't want people to be able to change their identifier but that's about it. Also there's no distinction between the identity and a password. It's the same mistake made with SSNs.
Because NFC is being implemented in payment terminals today, and seems to be the upcoming default payment system. With encrypted card details on the SIM card. This will also allow you to pay without battery power on the phone.
I think Apple's strategy won't be to just go all-in on payments out of the gate. I imagine they will seek out a handful of partners where speed and ease of payment will tangibly affect the bottom line across millions of transactions, and negotiate aggressively to get long-term and deep commitments to the Apple payments system. Think: Starbucks, gas stations, large (large) restaurant/fast food chains, etc. I have a hard time seeing a path where they take in small to mid size businesses as customers.
So, after studying this for the last four hours, I've come to the conclusion that Apple is NEVER going to implement NFC, and in fact is trying to intentionally nosedive the technology into the ground, as a way of hurting the competition by all the time and effort they threw into a dead end technology.
I doubt that will happen because PIN/card number is more secure, if somebody stole your PIN or card you can just get a new one, but once somebody stole your fingerprint data - you pretty much are a target for fraud to the rest of your life.
I can't believe it took this long and it was left to Apple to "innovate" on this. Adding a fingerprint scanner to every keyboard and mouse has been a no-brainer for at least a decade. The scanners cost $10! And adding them to smartphone and tablets should have happened from the get go. We're talking orders of magnitude in simplification of security. And its dead obvious. So what the hell took so long? And why does it take Apple to finally do it?
The Atrix 4G was a device a bit ahead of it's time. That coupled with impressive but expensive peripherals (laptop dock) kept it from becoming a breakout device. Also, the fingerprint reader was one of the sliding ones and I got fed up with it very quickly.
You're right though. With all this discussion about the fingerprint reader, I just keep hearing "Atrix 4g" being shouted and echoing around inside my head.
Maybe Apple finally figured out how to make it not suck [1] and could implement it in a manner that instantly has millions of devices/accounts so building it into your app (if an API is offered) could be a feasible auth method?
Are fingerprint scanners a commodity? Apple purchasing $300M of IP, and retooling their production process seems to indicate that it's not as simply as gluing a $10 part onto your product.
Keep in mind this fingerprint scanner is only shipping on ONE of the two devices announced today. For this to be the payments/security game-changer the OP is suggesting, it has to be widely available to the public, which Apple opted out of by not including it on the "value" iPhone 5c.
Until every mobile device Apple ships has this built in, I think this falls a bit more in the category of a novelty... at least for the foreseeable future.
I’m also guessing that despite its more homebound nature we’ll see that fingerprint sensor very quickly on the iPad too. The iPad is a perfect shopping tool and one-scan shopping would make that even more true.
I'm also betting it will show up on the new iPads.
So, if it shows up on everything but the 5C, maybe they'll just add it next year.
I'll bet there was some heated discussion at Apple arguing both ways, and it lost out in order to differentiate the high-end model.
Not just that, I can't wait to see what else Apple has in mind for this thing. I've been waiting for the day where my phone/mobile device is the thing that logs me into Facebook, Google, et. al., and not a stupid password that's auto-generated anyway. It's really hard to crack your password when you don't have one! And who's going to "hack" my fingerprint??
I can type my password quicker than I can get a fingerprint reader to work. I dont get it really. I dont want one password for every site on the internet - which is what a fingerprint would be.
I had a fingerprint reader on my last leptop and it was a novelty. Apple inventing stuff that has already been invented since the mp3 player - but unfortunately getting massive amounts oof uptake.
I'm imagining they are using a data set of fingerprint points (statistical anomalies), and then using machine learning to get a good statistical model of it when you first set it, and every time after that. I doubt they're image matching directly every time. Add some matrix math for 360˚ transforms and you're in business.
To dumb it down: I'm envisioning a crappy future where you'll end up with fraudulent charges on your credit card (via your Apple account) that you can't contest because the credit card company will say "Hey-- your fingerprint was used to authenticate this charge. Therefore you did it." I don't think that line of thinking is too cynical.
No quantity of assurances from Apple about how the fingerprint reader will be "firewalled" from third-party access will convince me. If the hardware and software were opened up for third-party analysis I might be convinced, but I really don't think that's going to happen.
This fingerprint reader amounts to a complex hardware and software system with a lot of moving parts. It will have exploitable bugs and will be hacked. I think it will ultimately used to defraud, too. Thinking about the mass harvest of fingerprint data from the public by an attacker (like, say, the NSA) also gives me the willies. Will it be possible for an attacker to steal fingerprint data and use it to compromise other biometric authentication systems? Will it be possible to use stolen fingerprint data to plant your fingerprints at a crime scene? How do you recover from the theft of biometric data? Are you issued a new thumb?
To be clear: I hate the current system of "secret numbers" embossed on plastic cards and encoded on magnetic stripes as a way of authenticating payments. At least, though, the plastic cards aren't battery-powered general purpose computers with radios attached to them. Bad as little bits of plastic and "secret numbers" are, my credit cards themselves can't betray me. A phone (or other sufficiently complex computer system) acting as my payment token most certainly could (and will).
As an aside: I don't have any RFID-chipped credit cards, nor will I. When I end up having no choice in the matter I'll microwave the cards before using them.