Touch ID is not "pretty good security" it's not even "good security" it's simply very bad security.
Touch ID is better than nothing and that people use Touch ID instead of nothing is better than the current state but not by much and this definitely isn't a huge achievement. Which is really the biggest issue with Touch ID, it's advertised as such and people believe it.
I'd be willing to bet that over the next couple of years millions of people will try to log into somebodys iPhone that they shouldn't have access to, but in the process are prevented from doing so by the fingerprint based security.
I also bet, in 99.9999% or more of those cases, the attacker doesn't even attempt to bypass the security by faking the users fingerprint.
I'd also be willing to bet that these figures are substantially better than the current situation where people don't bother to lock their phone at all. People will use it because it's a gimmick, not because of it's security properties, but it will still work.
But you have to consider potential damage from the successful attack.
It doesn't matter if 99% of low damage attacks are unsuccessful but 1% high damage attacks will go through.
The solution is fine by itself but millions of people will use it and not understand the real level of protection.
The potential damage is zero. You (and everyone else in this thread) are forgetting that you can't steal an iPhone for more than 30 seconds anymore without Activation Lock locking you and everyone else out, forever, period, paragraph.
Activation Lock + Touch ID = all the security that almost anyone needs on a phone and much higher security than any of us have been used to up to now.
I think this is key here. Before, you could try and lock or wipe your phone when it was stolen. But in order for it to work the thief must have let it powered on. If he was smart and shut it off, took it home and booted into DFU mode to restore a the thing back to factory settings, you were out of luck.
But with the new Activation Lock, it supposedly doesn't matter if it is shut down, the minute someone tries to flash the phone. Be it normally via iTunes or via DFU mode and iTunes there should appear a message that the phone has been wiped and must be unlocked with the iCloud password of the account that did the wiping. So no chance to flash the phone back to factory settings.
Well right now I'd guess that the percent of high damage attacks that go through are significantly higher than 1%, so lowering that to "1%" isn't an improvement?
> Touch ID is better than nothing... but not by much
You can't be serious. A completely unlocked phone that anybody can trivially access with a swipe.. vs. a scanner that you'd have to lift and reconstruct someone's fingerprint to bypass. That is definitely a significant improvement.
Based on what they've said previously, I'm pretty sure the people who ran that competition expected TouchID to be a lot harder than this to bypass and were doing it as a publicity stunt to try and demonstrate that.
Where the fuck did that come from? It is neither baseless or FUD. That fingerprint will be sent over the wire at some point and the NSA will gladly pick it up. How you think otherwise is beyond me.
What operating system I prefer really has nothing to do with it, even if it is linux.
Posted from my iPhone, android, third mac mini, 2nd mac air, or first thinkpad who the fuck knows (or cares? oh you obviously)
> Touch ID does not store any images of your fingerprint. It stores only a mathematical representation of your fingerprint.
> The Secure Enclave is walled off from the rest of A7 and as well as the rest of iOS. Therefore, your fingerprint data is never accessed by iOS or other apps, never stored on Apple servers, and never backed up to iCloud or anywhere else. Only Touch ID uses it and it can't be used to match against other fingerprint databases.
Then you might as well say Apple already secretly have finger scanner since iPhone first generation and already sent that data over the wire. Or may be there are also finger scanner on your keyboard right now!!! Also that video-cam on most notebook, it's now always on and secretly send the data to NSA!!!!
It's fud until you or someone else posts evidence that the fingerprint is sent over the wire, or that Apple intends to do the same (for example, code that sends the fingerprint that awaits activation by a third party). You're not going to be able to do that. It's shameful that you can't even recognize the fudishness of what you posted, especially if Linux actually is your operating system of choice and you have been through the fud wars of the late nineties and early two thousands (that was only a guess on my part).
"It's fud until you or someone else posts evidence that the fingerprint is sent over the wire"
It absolutely isn't. Even if just the hash were sent over the wire (or if it were possible for the authorities to extract it over the wire), it would be perfectly possible for the authorities to run the same hash algorithm on their candidate print and see if the hashes match. Such evidence would likely not be admissible in court but 1) it would be enough to give the authorities a tipoff, 2) for matters deemed important enough, secret trials seem to be all the rage these days.
I would be _very_ surprised if there were no backdoor in iPhones for the authorities. Even their "secure" area. The U.S. authorities simply do not take no for an answer when having a "talk" with a vendor producing a widespread "security" related product.
> I would be _very_ surprised if there were no backdoor
I'm not sure if you understand what FUD means. Your surprise or lack thereof does not count as evidence, and is irrelevant to whether something is FUD or not.
> MS Exec: "I'd be very surprised if Linux had a lower TCO than Windows Server."
Canonical example of FUD. EXACT same thing as you're saying, just in a different context.
You've got to be careful when you say things like that, because they're trivial to refute.
The whole point of a backdoor is to be obfuscated and hard to find. So it would be very likely that you would not find one even if one were present. Your example is simply a Microsoft not bothering to do something that's perfectly researchable.
We don't have any _proof_ that Dual EC DRBG is defeatable to the NSA. By your logic we should still be using it happily until we have that proof and until then any caution is simply "FUD".
So if that's "FUD", then I've got news for you: the security world is very sensibly built upon FUD.
I would be very surprised if the fingerprint is sent over the wire. Instead, I would expect the "secure enclave" to validate the fingerprint, and then emit a time-limited certificate of some sort to authenticate with servers. The fingerprint information - or derived information such as hashes - never needs to leave the phone.
While I don't have data to back it up, I believe most Android users use the draw pattern to unlock method. This feature is absolutely trivial to defeat - you can simply hold the phone up to the light, see the trails of oil left on the phone, and follow that trail. People have done this to my own phone with just a few tries.
TouchID represents a massive increase in security over draw pattern to unlock, and it's easier to use at the same time.
It probably also represents an increase in security over 4 digit PIN codes, though that's shakier.
True enough, there is other "noise" on the phone, in the form of point-like finger prints, and even other trails. But you're imagining a blank phone, where you have to try and discern one trail from another. Now turn the phone on, and the unlock background appears. Which trails intersect all of the dots of the unlock background?
It's much easier that you imagine. I've been using my phone as I normally do throughout the day, and I can see the unlock pattern clearly on the phone.
It also doesn't work nearly as well if you are OCD about wiping your screen often, not that that makes the pattern lock any better but it isn't quite that trivial to defeat
Having a lock in your front door is not perfect but it is much better than not having one at all.
The way that Apple haters use stunts like this to suspend normal logic and reasoning in order to express their juvenile spite is staggering.
No one, ever, claimed TouchID was impregnable, but it is very good security and is better than what the vast majority of people do at present.
Anyone prepared to devote the time and resources that CCC did to breaking your phone has other simpler means at their disposal. I personally believe that no one else will replicate this achievement because it is simply a publicity stunt to get clicks and feed the hordes of anti-Apple zealots.
The problem is not so much what CCC has done, but CCC has started. In the days/month ahead.. there is now a possibility of building a more practical attack.
Remember the firefox plugin which allowed users to steal FB user sessions in a cafe with Free WiFi (or any WiFi hotspot)? That wasn't a new attack.. just made an existing attack easier (and hence caught a LOT of attention).
The threat is similar. Now there is an exploit.. now the collective security researcher (and hacktivist) will work to make the hack easier by building a tool.. THERE lies the real danger.
I still commend Apple for trying. The real issue will be if I can steal the "Hash" of the fingerprint and reverse it to know who it is... so far TouchId has done well. The way that happens, Apple users will need to rethink using TouchID
> Anyone prepared to devote the time and resources that CCC did to breaking your phone has other simpler means at their disposal
Really? Lift someone's print, leave it with superglue, scan and print it and then dump glue on the scan.
That seems to be the sum total of what needs to be done. You need only sticky tape to lift the print and the rest can be done in an hour.
It sounds quite action movie, but in reality it's pretty damn simple and if I wanted to get access to your phone I could easily prepare it in advance and carry a tiny latex strip in my wallet for just the right occasion without your knowledge at any point.
It sounds quite action movie, but in reality it's pretty damn simple
Also in reality it will foil over 99% of potential unauthorized activation attempts as most people aren't going to craft fingerprints to get into someone's device.
If reality is the bar you're using, TouchID still wins.
"Creating the fake fingerprint is arguably the hardest part and by no means “easy.” It is a lengthy process that takes several hours and uses over a thousand dollars worth of equipment..."
Is not about Apple haters is that the security code is actually more secure than TouchID.
If having TouchID will increase the amount of people that doesn't lock thir phone I'm up for it. But is not this amazing super-secure technology that will revolutionize the world.
Really? You think a four digit security code that users have to enter repeatedly is more secure than obtaining a 2400 dpi clean image of a specific fingerprint and a nontrivial lab procedure? It might require some patience but if you have an excuse for being around the target, it doesn't require great skill to see the digits as they are entered. In either case the adversary has to deal with Activation Lock which has been introduced with iOS7.
I've read there is already something like 35% adoption of iOS7 so we may see soon how effective Activation Lock is at deterring theft.
Touch ID is competing against pins chosen from a universe of 10,000. This isn't great security, but it's appropriate security for unlocking a device you already must have physical access to.
Actually doesn't that highlight one of the biggest flaws with this, in that your finger prints will already be all over the device? Lift the device, get the authorisation token for free. At least with a password you also need to either crack it or discover it from some other means.
So far, nobody has demonstrated an attack that is able to break the fingerprint reader by reading fingerprints off of the device (or another surface). The attack demonstrated by CCC requires them to take a high resolution photograph of your finger. It is likely substantially harder to just lift a good enough quality fingerprint to defeat the system.
I was going to argue with your statements but than I turned the screen in my phone off and realized that the front part of the screen is covered with my thumb prints, and they are ripe for photographing.
Touch ID is better than nothing and that people use Touch ID instead of nothing is better than the current state but not by much and this definitely isn't a huge achievement. Which is really the biggest issue with Touch ID, it's advertised as such and people believe it.