Finger Prints Are Not Passwords
-
@thecreativeone91 said:
@scottalanmiller said:
Even your desktop keyboard does that (there are systems that use your typing patterns as biometric passcodes!!)What system are you using that does that? Mobile OSes do in Android and iOS but it can be turned off.
Any software that wants to can watch your keystrokes for the biometric. I don't use any that tell me that they are doing it, but any that want to, can, including websites.
-
@JaredBusch said:
Who cares about what can be turned off. The entire point of this was an exploit/shim. You can be fairly certain that a shim/exploit will not respect that setting.
That's a key factor here. The OP was about malware that could bypass the system's security. So the existence of the ability to collect biometrics (the presence of sensors) becomes the risk in that case.
-
@scottalanmiller said:
That's a key factor here. The OP was about malware that could bypass the system's security. So the existence of the ability to collect biometrics (the presence of sensors) becomes the risk in that case.
Well if you are going that far you might as well say any device that has a mic is recording you 24/7. Computer, Phone, Dumb/Feature Phones (they have java too on most). Heck if you want to put your Tin Foil hat on power companies can use their Smart Meters to gather information about you. You can gather sounds, signatures of devices etc plugged into your house. CFLs would be very easy to hide mics that send singals to the meter as well.
-
@thecreativeone91 said:
@scottalanmiller said:
That's a key factor here. The OP was about malware that could bypass the system's security. So the existence of the ability to collect biometrics (the presence of sensors) becomes the risk in that case.
Well if you are going that far you might as well say any device that has a mic is recording you 24/7. Computer, Phone, Dumb/Feature Phones (they have java too on most). Heck if you want to put your Tin Foil hat on power companies can use their Smart Meters to gather information about you. You can gather sounds, signatures of devices etc plugged into your house. CFLs would be very easy to hide mics that send singals to the meter as well.
That's my point - once you are assuming that the vendor is stealing your data, not just the data that you share with them, but the data on the device, and selling it, then you are into an area where the tin foil hat is on and things like the microphone are obviously concerns - much bigger concerns than the fingerprint scanner. Far more money in recording people. And no additional "lines" need to be crossed.
-
Well security isn't androids strong point from the get go. But Google's involvement could potentially make it worse (no one knows as there part is closed source)
-
Don't confuse me pointing out that all of these things are possible and equal risk with thinking that we should be avoiding them. I think that avoiding fingerprints because of any of the reasons given in the thread is unrealistic. There are levels of security that are worthwhile and those that are not. Making your life difficult because of extremely unlikely, very fringe security concerns isn't good. We might as well stop using technology and go live on a mountain somewhere and only use cash. If that's the life you'd prefer, knock yourself out. There are security concerns out there, but we have to find a reasonable medium ground or else we start getting crazy.
-
The only reason I need to avoid finger prints is because I can be compelled by the gov't to give them up use them (or they just use one of mine they have one file) to unlock things I don't want them to have access to.
-
@Dashrender said:
The only reason I need to avoid finger prints is because I can be compelled by the gov't to give them up use them (or they just use one of mine they have one file) to unlock things I don't want them to have access to.
In Virginia I know any law enforcement legally is entitled to anything on your persons without a search warrant this includes your cell phone and any information they can access or accounts they can get from it. I believe it it's locked with a password they then need a warrant but, not for any biometerics.
-
@Dashrender said:
The only reason I need to avoid finger prints is because I can be compelled by the gov't to give them up use them (or they just use one of mine they have one file) to unlock things I don't want them to have access to.
That's fine and makes sense. Just be aware that with iPhones, that's not a concern.
-
@scottalanmiller said:
@Dashrender said:
The only reason I need to avoid finger prints is because I can be compelled by the gov't to give them up use them (or they just use one of mine they have one file) to unlock things I don't want them to have access to.
That's fine and makes sense. Just be aware that with iPhones, that's not a concern.
How is this not a concern? I get stopped by the police. They see I have an iPhone, they pull me out of my car which allows them to search anything visible, my phone, because of the previously mentioned court case they compel me to unlock the phone with my finger and now they have full access.
Now, if I really want to have a secure phone I could have separate additional passwords for those apps that allow it beyond just using the finger print reader for unlock, but if I'm doing that, what's the point of using the fingerprint reader in the first place?
-
@Dashrender said:
How is this not a concern? I get stopped by the police. They see I have an iPhone, they pull me out of my car which allows them to search anything visible, my phone, because of the previously mentioned court case they compel me to unlock the phone with my finger and now they have full access.
There are niche cases where it would be a concern, but few where you would not have other rights protecting you. If you are being pulled over, simply turn off your phone. Anytime you are concern, just turn it off. Problem solved.
-
Also, you can always just use another finger and say it doesn't have that feature enabled. Other than holding you down and testing each finger, not sure how the compelling works since they have no way to know if biometrics are enabled or not.
-
@scottalanmiller said:
Also, you can always just use another finger and say it doesn't have that feature enabled. Other than holding you down and testing each finger, not sure how the compelling works since they have no way to know if biometrics are enabled or not.
In the case of a traffic stop, you're probably right. In other cases involving the authorities they could easily know.
-
@Dashrender said:
In the case of a traffic stop, you're probably right. In other cases involving the authorities they could easily know.
Know that you powered it off? What difference does it make if they know?
-
You power if off immediately, not after they have asked for it, of course. But even still.
-
Can't it still be unlocked with your finger if they power it on?
-
@thecreativeone91 said:
Can't it still be unlocked with your finger if they power it on?
No. It completely locks if it power cycles, gets turned off or the battery dies.
-
This is the iPhone I'm talking about, no idea if Android has similar protections.
-
@scottalanmiller said:
@Dashrender said:
In the case of a traffic stop, you're probably right. In other cases involving the authorities they could easily know.
Know that you powered it off? What difference does it make if they know?
LOL - no, if you're under surveillance, they would know if it was fingerprint or not enabled. and could surprise grab you before you could turn the phone off to force the use of a password instead of your print - but OK I'll take my tin foil hat off now because I'm not doing anything bad enough to warrant that.
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
In the case of a traffic stop, you're probably right. In other cases involving the authorities they could easily know.
Know that you powered it off? What difference does it make if they know?
LOL - no, if you're under surveillance, they would know if it was fingerprint or not enabled. and could surprise grab you before you could turn the phone off to force the use of a password instead of your print - but OK I'll take my tin foil hat off now because I'm not doing anything bad enough to warrant that.
Even then, if it was the Phone that they were after AND could not get a warrant for it (the only reason they'd need the fingerprint loophole) it would be a huge risk that it would not be locked already or have the battery die while they were trying to get it. Not like they go a month without a reboot. Mine locks at least once daily. So while it's fingerprint only most of the time, there is a good 5-15% of any given day that grabbing it would do no good.