

Apple's fingerprint scanner may be the biggest leap in payments since the C-Card - petenixey
http://peternixey.com/post/60868649096/apples-fingerprint-sensor-may-be-the-biggest-leap

======
EvanAnderson
This fingerprint sensor and its potential use for payments is rather
disturbing to me. I am (rightly, I would argue) apprehensive about general
purpose computers acting in a "trustworthy" manner. I hope that this
fingerprint sensor, which undoubtedly will be incorporated into authentication
for payment systems, doesn't usher in a future of reliance on a fundamentally
untrustworthy device. I really, really worry that the banks will jump on this
as a way of limiting their fraud liability. (I'm thinking about how chip and
PIN has been cited as a way to move fraud liability to the consumer.)

To dumb it down: I'm envisioning a crappy future where you'll end up with
fraudulent charges on your credit card (via your Apple account) that you can't
contest because the credit card company will say "Hey-- your fingerprint was
used to authenticate this charge. Therefore you did it." I don't think that
line of thinking is too cynical.

No quantity of assurances from Apple about how the fingerprint reader will be
"firewalled" from third-party access will convince me. If the hardware and
software were opened up for third-party analysis I might be convinced, but I
really don't think that's going to happen.

This fingerprint reader amounts to a complex hardware and software system with
a lot of moving parts. It _will_ have exploitable bugs and _will_ be hacked. I
think it will ultimately used to defraud, too. Thinking about the mass harvest
of fingerprint data from the public by an attacker (like, say, the NSA) also
gives me the willies. Will it be possible for an attacker to steal fingerprint
data and use it to compromise other biometric authentication systems? Will it
be possible to use stolen fingerprint data to plant your fingerprints at a
crime scene? How do you recover from the theft of biometric data? Are you
issued a new thumb?

To be clear: I _hate_ the current system of "secret numbers" embossed on
plastic cards and encoded on magnetic stripes as a way of authenticating
payments. At least, though, the plastic cards aren't battery-powered general
purpose computers with radios attached to them. Bad as little bits of plastic
and "secret numbers" are, my credit cards themselves can't betray me. A phone
(or other sufficiently complex computer system) acting as my payment token
most certainly could (and will).

As an aside: I don't have any RFID-chipped credit cards, nor will I. When I
end up having no choice in the matter I'll microwave the cards before using
them.

~~~
threeseed
Seriously you need to ask yourself if this paranoid borderline delusional
state is really worth it.

If the government wanted to "get you" then they could do quite fine with all
the existing technologies. If they wanted to frame a crime scene they could
put your DNA everywhere. If they wanted to steal your bank accounts they could
get your internet banking details. They have already been harbouring
fingerprints for decades now.

Nothing Apple has announced will change that one iota.

~~~
EvanAnderson
My real worry is malware and fraud from private actors-- not governments.
Criminals seem to be willing to go to amazing technical lengths to steal.

Looking at the personal computer software ecosystem and home computers, which
are often bristling with malware, and extrapolating to phones, which will
certainly have a larger install-base than personal computers, doesn't seem
delusional at all. That's a ripe target for criminals.

~~~
edwinnathaniel
My concern is with our physical being: determined/desperate criminals will
chop of your fingers during robbery.

~~~
Amadou
Here's the problem I see - your phone is covered with your fingerprints. If
someone steals your phone they've got your prints.

How long will it be until a super cheap fingerprint spoof kit is available? I
envision something as simple as using some rubber cement to lift a print from
the phone's case, sprinkle some dust (toner?) on it to emphasize the minutiae
and then wrapping it around your own finger.

It will probably be more complicated than that, but all it takes is someone to
discover a vulnerability in the hardware and all current phones will become
insecure. The one thing you can count on is that if there is money to be had,
there will be a lot of effort expended trying to find such vulnerabilities.

~~~
edwinnathaniel
... or just to chop off the victim fingers ...

Outside HN context, people in general are not that literate when it comes to
tech. Maybe I underestimate it but judging from minimum data around me,
there's a very good reason why only a select-few companies are known by the
majority of the world.

~~~
Amadou
Chopping off the fingers has all kinds of barriers.

First, it takes a much larger empathy gap to physically hurt someone in such a
visceral fashion versus simply threatening them with violence in order to mug
them.

Second, the owner has to be involved in order to chop off their fingers. That
means simply stealing it while it is unattended or even pick-pocketing it
while the owner is distracted aren't options. My impression is that those are
much more common cases than muggings.

------
mrt0mat0
I think security via fingerprint may be a mistake. What happens if someone
gets a copy of your fingerprint, what do you do for security at that point?
get a new fingerprint? The NFC Ring is a better idea than fingerprint
security. i think the idea will fall short of good security quickly. This is
all speculation, and I am by no means an expert on security.

~~~
iamshs
The sensor is epi-dermal, which means reads underneath the skin, so it does
not solely rely on seeing the prints. There is a steel ring, which probably
senses capacitance. Will there be exploits? Probably. Are Apple engineers
incompetent to think of obvious exploits? I would put my money on NO. In any
case, I would like to see the evolution of this tech.

~~~
ris
"Are Apple engineers incompetent to think of obvious exploits? I would put my
money on NO."

They certainly didn't seem to test whether a phone would get acceptable
reception if held in a rather common way.

~~~
stock_toaster
this likely came out of their purchase of AuthenTec last year.

------
nicholassmith
That's a pretty smart argument, must say I agree and it's along the lines of a
train of thought I had afterwards. It's all about friction, and how they can
minimise it, take the iTunes Store for example and how people used it. We know
they sell a lot of music through it, most likely to people who pirated because
who wants to buy a CD and rip it, and make sure it has the right tags and art
when it's there for a reasonable price. They decreased the friction and it
paid off. They did it again with the App Store, and created an ecosystem that
allowed a cottage industry for indie developers that only vaguely existed 8
years ago.

Apple excels at reducing friction for users to achieve what they want to
achieve, I wouldn't be surprised if they had this in mind even more so than
improving security.

------
narrator
Fingerprints aren't changeable and they're not really secrets. Security fail.
They are good for things like tracking convicts or parolees or DRM shackled
users which are usage scenario were you don't want people to be able to change
their identifier but that's about it. Also there's no distinction between the
identity and a password. It's the same mistake made with SSNs.

------
sjtgraham
I don't know why people think Apple will i) add NFC support to iPhone or ii)
enter the payments space.

\- iBeacons are much more versatile than NFC and Apple owns and drives the
specification.

\- CC processing is a ultra-low margin business and there are other more
lucrative markets they should address before considering payments.

~~~
swamp40
I've been watching this space like a hawk for years now.

How did I miss the iBeacon?

~~~
kolinko
wwdc 2013, they're in iOS7 which was not yet released - hence to real
applications and just a few examples of hardware

~~~
swamp40
So, after studying this for the last four hours, I've come to the conclusion
that Apple is NEVER going to implement NFC, and in fact is trying to
intentionally nosedive the technology into the ground, as a way of hurting the
competition by all the time and effort they threw into a dead end technology.

------
usaphp
I doubt that will happen because PIN/card number is more secure, if somebody
stole your PIN or card you can just get a new one, but once somebody stole
your fingerprint data - you pretty much are a target for fraud to the rest of
your life.

------
transfire
I can't believe it took this long and it was left to Apple to "innovate" on
this. Adding a fingerprint scanner to every keyboard and mouse has been a no-
brainer for at least a decade. The scanners cost $10! And adding them to
smartphone and tablets should have happened from the get go. We're talking
orders of magnitude in simplification of security. And its dead obvious. So
what the hell took so long? And why does it take Apple to finally do it?

~~~
mariusz79
Two words: Atrix 4G. Google it and then let's talk how innovating the new
IPhone is.

~~~
JaggedJax
The Atrix 4G was a device a bit ahead of it's time. That coupled with
impressive but expensive peripherals (laptop dock) kept it from becoming a
breakout device. Also, the fingerprint reader was one of the sliding ones and
I got fed up with it very quickly.

You're right though. With all this discussion about the fingerprint reader, I
just keep hearing "Atrix 4g" being shouted and echoing around inside my head.

------
adamb_
Keep in mind this fingerprint scanner is only shipping on ONE of the two
devices announced today. For this to be the payments/security game-changer the
OP is suggesting, it has to be widely available to the public, which Apple
opted out of by not including it on the "value" iPhone 5c.

Until every mobile device Apple ships has this built in, I think this falls a
bit more in the category of a novelty... at least for the foreseeable future.

~~~
swamp40
That's a good point.

From the article:

 _I’m also guessing that despite its more homebound nature we’ll see that
fingerprint sensor very quickly on the iPad too. The iPad is a perfect
shopping tool and one-scan shopping would make that even more true._

I'm also betting it will show up on the new iPads.

So, if it shows up on everything but the 5C, maybe they'll just add it next
year.

I'll bet there was some heated discussion at Apple arguing both ways, and it
lost out in order to differentiate the high-end model.

------
tomphoolery
Not just that, I can't wait to see what else Apple has in mind for this thing.
I've been waiting for the day where my phone/mobile device is the thing that
logs me into Facebook, Google, et. al., and not a stupid password that's auto-
generated anyway. It's really hard to crack your password when you don't have
one! And who's going to "hack" my fingerprint??

------
dredwerker
I can type my password quicker than I can get a fingerprint reader to work. I
dont get it really. I dont want one password for every site on the internet -
which is what a fingerprint would be.

I had a fingerprint reader on my last leptop and it was a novelty. Apple
inventing stuff that has already been invented since the mp3 player - but
unfortunately getting massive amounts oof uptake.

------
mbloom1915
will Android platforms move to similar technology or find an easier way
through NFC to make mobile payment security relevant

------
conductor
I wonder, are there some kind of hashes for fingerprints or one should store
the whole fingerprint in order to reliably match it with another one?

~~~
bennyg
I'm imagining they are using a data set of fingerprint points (statistical
anomalies), and then using machine learning to get a good statistical model of
it when you first set it, and every time after that. I doubt they're image
matching directly every time. Add some matrix math for 360˚ transforms and
you're in business.

------
mmanfrin
No.

