Finger Prints Are Not Passwords
-
You're both technically correct
Sensor, password, whatever leaked there's an issue. My point is that passwords etc can be changed. Your identity shouldn't be used as a secure method of authenticating yourself to anything.
-
@thecreativeone91 said:
Again, you are assuming the only place these will be used is on a sensor.
What else are you intending? Your prints are public. That's a fact. You touch things all day long. That identity is out there. How many jobs require it?
Using fingerprints on your phone does not put you at more risk. If someone wants your prints, they will have your prints.
If your entire fear here is that people are going to use cool 3D printing technology to make fake finger print gloves and commit crimes, sure that's a problem, but that is one that exists and has nothing to do with the fear in this article and is purely a concern around criminal investigation departments using fingerprints via a non-trustworthy collection process (sensor) and making binding assumptions based on that untrustworthy information. It's a concern around an edge case with police departments and I don't see any connection to the concern in the article around fingerprints being "stolen".
-
@thecreativeone91 said:
@scottalanmiller said:
@thecreativeone91 said:
@scottalanmiller said:
@thecreativeone91 said:
@scottalanmiller said:
Now read that again but replace the word "password" for fingerprint and guess what - the same security vulnerability
Passwords can be changed. No big deal.
Same deal. You can disable the use of biometrics if you know that they are compromised. The issue here is being able to shim inside the system. Once you can do that, the security game is over. Biometrics, passwords, whatever. Doesn't matter.
Yeah you go ahead and cut off your fingers, you can't change your finger prints. Disabling biometerics doesn't fix the stolen/compromised information.
How exactly does it not? If you have my fingerprints, how will you access my systems unless you have a shim already between the sensor and the security system that has to trust said sensor?
Give me an ACTUAL vulnerability here. I don't see one. I see a fear of identity being stolen, but the actual fear is in people trusting ID when there is no trustworthy sensor.
Again, you are assuming the only place these will be used is on a sensor.
No, I'm assuming your prints are public. I want an example of what you are concerned about. If you have my prints, you can't use them to access anything, anywhere. Sure, you could, in theory, set up new accounts somewhere and claim to be me, but since my fingerprints don't give you access to anything of mine, you are no different than if we had a password collision. Doesn't impact me in any way.
-
@scottalanmiller said:
Now read that again but replace the word "password" for fingerprint and guess what - the same security vulnerability would impact passwords and create the same problem. The issue here is not that they got your fingerprint, but that the system vulnerability allowed ANY pass-system to be intercepted and replayed. That it is a fingerprint is inconsequential and, like everything coming out of the RSA conference, just pure hype. They add the "biometric" angle to get headlines. They leave out that the vulnerability would impact any security mechanism here.
Sure, but to the OPs point, using your identity as your password in general is horrible, and completely insecure. Yet we have devices doing just that, the iPhone and S5/S6 Galaxys.
-
@scottalanmiller said:
@thecreativeone91 said:
It's not just using sensors though. You have to think about people using this data to frame people for crimes etc.
Still a matter of sensor trust. It's an identity. If you find fingerprints on a glass and claim that that means something (forensics) you are "trusting" an untrustworthy sensor. The issue is in trusting a sensor when you don't know what the source actually was.
This is like judges trusting printed emails in court. This still absolutely floors me. It's so easy to fake a printout - so what does this tell you about our justice system?
-
@scottalanmiller said:
@thecreativeone91 said:
@scottalanmiller said:
@thecreativeone91 said:
@scottalanmiller said:
@thecreativeone91 said:
@scottalanmiller said:
Now read that again but replace the word "password" for fingerprint and guess what - the same security vulnerability
Passwords can be changed. No big deal.
Same deal. You can disable the use of biometrics if you know that they are compromised. The issue here is being able to shim inside the system. Once you can do that, the security game is over. Biometrics, passwords, whatever. Doesn't matter.
Yeah you go ahead and cut off your fingers, you can't change your finger prints. Disabling biometerics doesn't fix the stolen/compromised information.
How exactly does it not? If you have my fingerprints, how will you access my systems unless you have a shim already between the sensor and the security system that has to trust said sensor?
Give me an ACTUAL vulnerability here. I don't see one. I see a fear of identity being stolen, but the actual fear is in people trusting ID when there is no trustworthy sensor.
Again, you are assuming the only place these will be used is on a sensor.
No, I'm assuming your prints are public. I want an example of what you are concerned about. If you have my prints, you can't use them to access anything, anywhere. Sure, you could, in theory, set up new accounts somewhere and claim to be me, but since my fingerprints don't give you access to anything of mine, you are no different than if we had a password collision. Doesn't impact me in any way.
If I have your fingerprints I can't get into your iPhone? then I guess you're not using the sensor on your iPhone, good for you (I'm serious, good for you).
-
@Dashrender said:
This is like judges trusting printed emails in court. This still absolutely floors me. It's so easy to fake a printout - so what does this tell you about our justice system?
Or text messages http://www.ios7text.com/
-
@Dashrender said:
@scottalanmiller said:
@thecreativeone91 said:
@scottalanmiller said:
@thecreativeone91 said:
@scottalanmiller said:
@thecreativeone91 said:
@scottalanmiller said:
Now read that again but replace the word "password" for fingerprint and guess what - the same security vulnerability
Passwords can be changed. No big deal.
Same deal. You can disable the use of biometrics if you know that they are compromised. The issue here is being able to shim inside the system. Once you can do that, the security game is over. Biometrics, passwords, whatever. Doesn't matter.
Yeah you go ahead and cut off your fingers, you can't change your finger prints. Disabling biometerics doesn't fix the stolen/compromised information.
How exactly does it not? If you have my fingerprints, how will you access my systems unless you have a shim already between the sensor and the security system that has to trust said sensor?
Give me an ACTUAL vulnerability here. I don't see one. I see a fear of identity being stolen, but the actual fear is in people trusting ID when there is no trustworthy sensor.
Again, you are assuming the only place these will be used is on a sensor.
No, I'm assuming your prints are public. I want an example of what you are concerned about. If you have my prints, you can't use them to access anything, anywhere. Sure, you could, in theory, set up new accounts somewhere and claim to be me, but since my fingerprints don't give you access to anything of mine, you are no different than if we had a password collision. Doesn't impact me in any way.
If I have your fingerprints I can't get into your iPhone? then I guess you're not using the sensor on your iPhone, good for you (I'm serious, good for you).
If you had my fingerprints AND you had my iPhone AND I used fingerprints for iPhone access.... how would you get into my iPhone? Are you planning to use a really intense 3D printer to print copies of my finger?
While theoretically possible, is this practically possible? There are probably far easier ways to break into my iPhone if you had physical access to it like that. Like pulling the storage out of it and brute forcing the encryption. You are talking about a pretty major security effort here, one that breaches the key rule of security - it is harder to crack than the value of the data is. Nothing is impenetrable, that's never the point. The point is to make things practically useless to break into and I think that this clearly qualifies.
-
@thecreativeone91 said:
@Dashrender said:
This is like judges trusting printed emails in court. This still absolutely floors me. It's so easy to fake a printout - so what does this tell you about our justice system?
Or text messages http://www.ios7text.com/
I worked at a hotel in the 1990s that would access any coupon printed out at home that had the name of the hotel on it. They told us to accept anything after some of us had turned down people using coupons that they had printed out themselves and did not match any promotion that we had.
So one of my coworkers, @AndyW started printing out "one week free stay" coupons for management to see that looked more official than official ones. They started reconsidering once anyone could hand out free ANYTHING coupons anytime.
-
@Dashrender said:
Sure, but to the OPs point, using your identity as your password in general is horrible, and completely insecure. Yet we have devices doing just that, the iPhone and S5/S6 Galaxys.
I agree but only for legal reasons, not security ones. (Policy can force you to use identity but not passwords to access devices, for example.) Passwords "prove" approval, not just identity. However, in many cases, outside of quirky legal issues, I'd prefer that my devices know it was me rather than know that I approve.
For example, if I lose my memory I'd still like ME to have access to my devices, even if I can no longer provide approval.
-
And I mean amnesia, my human memory, in the case above.
-
I think there are important semantics being missed here.
I think that proving identity (proving you are yourself) is a GREAT alternative to passwords.
But I think that failing to ensure that people are who they are is bad.
The fear here is that identity will be used when it is NOT proved. That's not a failure of the concept of biometrics, it is a failure of the system to ensure that the biometrics belong to the person in question.
Read: Proving identity is an excellent security methology. Proving knowledge of identity is a poor security method.
-
It is the assumption that biometrics are secret that causes such problems. I propose that we make all biometrics public - breaking any assumption of privacy. This might fix these issues. Maybe even make it a crime to use public knowledge of ID as a password.
The concerns here are not that biometrics are not secure, but that some devices will accept that you "know of" the biometrics, not that you can provide the biometrics themselves. Does that make sense?
-
@scottalanmiller said:
If you had my fingerprints AND you had my iPhone AND I used fingerprints for iPhone access.... how would you get into my iPhone?
Sticky tape
Ā
Since my thoughts aren't usually considered patters, here's how sticky tape is your undoing. I think you lot call it cello tape but anyhoo.
...
Sticky tape traps your fingerprints (on the sticky sice, duh)-
stick the sticky side to the sticky side of another bit of sticky tape
One finger print... taaa daaa -
Put newly minted finger print on finger print reader and cover with palm of your hand (hand needs to make contact with iPhone and sticky tape). Swipe down if that's what you do with it.
You are defeated... in theory...
-
-
@nadnerB said:
If you had my fingerprints AND you had my iPhone AND I used fingerprints for iPhone access.... how would you get into my iPhone?
Sticky tape
How do you transfer the digital signature of my fingerprints onto sticky tape?
-
Two issues with the common ideas around the issue.
-
The stolen fingerprints are digital, not physical. So you need some complicated 3D printer mechanism to turn the model of the fingerprint into something that can be leveraged in the physical world. (At least for the situation mentioned in the OP. If you are fearing physical theft of fingerprints, that's a different issue and different concerns.)
-
The thing that is stolen isn't actually a fingerprint at all. It is a digital signature created from a fingerprint. Think a SHA hash of it. So even if you have it, likely there is no way at all to recreate my actual fingerprint. In order to use it you have to attack the device from which it was stolen, or at least one using the same hash mechanism and salt, and attack it from the position of having already bypassed the fingerprint reader and talking directly to the security mechanism "as if you were the fingerprint reader."
It requires not only compromising your fingerprint but compromising the device as well. It's an important risk to think about and consider, but it is also important to keep it in context. The issue, in this specific case, is the security mechanism has been compromised, not your fingerprint.
In the context of passwords, the same type of shim could get a hashed password after it has been entered and theoretically replay that too with the same concerns. But you could not use that to recreate the original password and attack other devices without having the same encryption, same salt and same shim.
-
-
@scottalanmiller said:
@nadnerB said:
If you had my fingerprints AND you had my iPhone AND I used fingerprints for iPhone access.... how would you get into my iPhone?
Sticky tape
How do you transfer the digital signature of my fingerprints onto sticky tape?
Clearly the silliness of my post didn't make it to Spain.
-
@scottalanmiller said:
Two issues with the common ideas around the issue.
-
The stolen fingerprints are digital, not physical. So you need some complicated 3D printer mechanism to turn the model of the fingerprint into something that can be leveraged in the physical world. (At least for the situation mentioned in the OP. If you are fearing physical theft of fingerprints, that's a different issue and different concerns.)
-
The thing that is stolen isn't actually a fingerprint at all. It is a digital signature created from a fingerprint. Think a SHA hash of it. So even if you have it, likely there is no way at all to recreate my actual fingerprint. In order to use it you have to attack the device from which it was stolen, or at least one using the same hash mechanism and salt, and attack it from the position of having already bypassed the fingerprint reader and talking directly to the security mechanism "as if you were the fingerprint reader."
It requires not only compromising your fingerprint but compromising the device as well. It's an important risk to think about and consider, but it is also important to keep it in context. The issue, in this specific case, is the security mechanism has been compromised, not your fingerprint.
In the context of passwords, the same type of shim could get a hashed password after it has been entered and theoretically replay that too with the same concerns. But you could not use that to recreate the original password and attack other devices without having the same encryption, same salt and same shim.
I think people are a little paranoid about being framed or tracked by a government/ other body with an extensive fingerprint db. So if the hash is stolen from the device, add a few tablespoons of paranoia and your fingerprints are now a part of the database.
I don't see how this is any different than having your fingerprint found on public transport l, a glass door or anywhere public when they get dusted at a crime scene
-
-
God, out of all biometrics, I really hate finger print probably the most. There's zero scientific evidence they're unique and the manner of which they're matched is dubious at best and always has been. Hell, there have been people convicted for matching finger prints when they turned out to actually be innocent. Consider also finger prints can slightly change over time or even drastically depending on various environmental factors and a lot of matching is left to human judgement, even after computers match them for crimes.
-
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@thecreativeone91 said:
@scottalanmiller said:
@thecreativeone91 said:
@scottalanmiller said:
@thecreativeone91 said:
@scottalanmiller said:
Now read that again but replace the word "password" for fingerprint and guess what - the same security vulnerability
Passwords can be changed. No big deal.
Same deal. You can disable the use of biometrics if you know that they are compromised. The issue here is being able to shim inside the system. Once you can do that, the security game is over. Biometrics, passwords, whatever. Doesn't matter.
Yeah you go ahead and cut off your fingers, you can't change your finger prints. Disabling biometerics doesn't fix the stolen/compromised information.
How exactly does it not? If you have my fingerprints, how will you access my systems unless you have a shim already between the sensor and the security system that has to trust said sensor?
Give me an ACTUAL vulnerability here. I don't see one. I see a fear of identity being stolen, but the actual fear is in people trusting ID when there is no trustworthy sensor.
Again, you are assuming the only place these will be used is on a sensor.
No, I'm assuming your prints are public. I want an example of what you are concerned about. If you have my prints, you can't use them to access anything, anywhere. Sure, you could, in theory, set up new accounts somewhere and claim to be me, but since my fingerprints don't give you access to anything of mine, you are no different than if we had a password collision. Doesn't impact me in any way.
If I have your fingerprints I can't get into your iPhone? then I guess you're not using the sensor on your iPhone, good for you (I'm serious, good for you).
If you had my fingerprints AND you had my iPhone AND I used fingerprints for iPhone access.... how would you get into my iPhone? Are you planning to use a really intense 3D printer to print copies of my finger?
While theoretically possible, is this practically possible? There are probably far easier ways to break into my iPhone if you had physical access to it like that. Like pulling the storage out of it and brute forcing the encryption. You are talking about a pretty major security effort here, one that breaches the key rule of security - it is harder to crack than the value of the data is. Nothing is impenetrable, that's never the point. The point is to make things practically useless to break into and I think that this clearly qualifies.
When the fingerprint technology came to iPhone some group (I forget who now) showed that a print could be lifted (granted this was the toughest part - obtaining a good print) and a fake created pretty easily. The process they showed was much easier than trying to bruteforce the encryption in the phone.
Now I'll give you that the effort would probably not be worth it in most cases as the data on said phone would not be worth this effort of less than one day to achieve, but showed that it was clearly possible. The reader in the case of the iPhone makes no attempt to ensure the print is coming from a living being.