These are a bit of a joke.
Within Apple, almost nobody knows what they pay for parts. This is super secret info. If there are more than 5 people in Apple who know what the iphone BOM cost is, I would be suprised.
The much-hyped fingerprint scanner on Samsung’s flagship handset the Galaxy S5 can be fooled just days after the device was launched. Researchers at Germany’s Security Research Labs (SRLabs) publicised their findings in a YouTube clip. According to the narrator, the scanner was hoodwinked "under lab conditions, but is based on …
The same is true in any hardware company. The details of parts supplier deals are always deep secrets, because both the competitors and competing suppliers could take advantage of them.
You're right, but for the wrong reasons. BOM are uncannily difficult beasts for a "real" all-encompassing tech company like Samsung. At Apple it's mostly a matter of trade secrecy, because Apple is mostly a product _designer_; for companies like Samsung (and, to a smaller extent, Moto for example) you have to factor in the fact that they actually make a lot of the parts in their devices themselves... but in different branches, branches which bill each other almost as if they were different companies. But only almost. Now factor in the cross-licensing deals that Samsung (and Apple, but to a staggeringly smaller extent, because they don't hold as much IP in the electronics or manufacturing departments) have with external manufacturing companies, most of which are not per-piece or even per-product and you may -just may- approach the complexity of the thing. And now remember all these Branches in Samsung? well, if they are remotely as retorse as Western companies they have internal "intellectual property" deals as well.
Now I need to stop and grab a beer, because if I go on I'll need an Aspro instead and that's much less fun.
"The same is true in any hardware company. ". Nope, you are wrong.
I've been in the embedded systems industry for 30 years, of which I worked for a year at Apple.
Engineering is the art of compromise. Many of those compromises are things like speed vs amount of RAM, cost of FPGA vs cost of microcontroller. Engineers need this info to make good design trade-offs.
Most companies share this information within the company so that engineers can use it in their decision making.
Not Apple. People with very real reasons to have access to numbers, even ballpark numbers, don't get them.
While the BOM cost is not accurate given that they do not know what each company is paying for components, it is still a good guide to see an approximate cost of the electronic device. When the same parts are used, the same price is used and generally all of the prices IHS uses for components would be the worst case scenario. You don't need a super accurate price to compare the component cost of two handsets; both have the same correction factor.
and time again, fingerprint scanners are easily fooled with a bit of ingenuity.
Yet *still* its touted as some uber secure access system....
Its not, never has been and in its current guise, never will be.
Its a convienience over security battle and as most of us are lazy bastards, the former will always triumph.
There is nothing to replace a good strong password (at the mo) but i dont want to type in a 30 CHR$ pass phrase just to check some message......
I think it is a case of selecting the correct biometric parameter; a retina scan would certainly be more secure since you don't tend to leave that everywhere you go. Sure, someone could grab the retina photo from your optician (if they really wanted to) or could dupe you into scanning your retina on a compromised device - with the latter dodge this is already the case with PINs and the like.
Perhaps, at least for mobiles, an ear swipe would be good - other devices not so much :)
Alternatively randomly (and infrequently) use double authentication, asking for a second swipe with a specified digit (or alternative eye/ear/whatever) or requiring entry of a PIN too. A bit like how supermarkets with self-scan occasionally request the re-scanning of random items from the shopping by the cashier.
The cashier is always faster processing a checkout. It's only the queue time to get to the cashier that can make self-checkout faster.
I only use them when I have a handful of items and usually don't have a problem with needing to rescan something. BUT, I do pay close attention to the voice instructions it gives me and wait for the next prompt. If you get ahead of the automated process it all goes to hell.
On the rare occasion my roommate is with me, she does not do that. She tries to scan multiple items or bag them or scan the next item before the weight for the previous item has registered. Always ends in disaster. Because the cashier lane doesn't have the same restrictions, they can do those things (especially scanning 1 carton of diet coke 4 or 5 times instead of each one individually).
"I'd say the same. I use self service tills regularly and have never been asked to re-scan a barcode."
It's not self-service tills, it's self-scan where you have a barcode reader you carry around with you. A sort of "scan as you shop", assuming you have bags in your trolley.
Security wise, they ask you to re-scan it every so often. If your re-scan is deemed to match your initial scan, you won't be asked again for a while. So to the "6 out of 10" person, I suspect you've been carelessly scanning. Scatty friend of mine was eventually barred from the system for continuously messing up :-D
Exactly, and they are using it for ePassport gates?
Sure IRIS was not perfect, BUT its much harder to fake at border control (i.e. you can't just stick a fake iris on your eyeball like you can a fake fingerprint).. the technology needed some updating, to avoid the need for multiple cameras at different heights which often had the wrong one activated I noticed.... Surely some form of eye tracking technology as you walked into the gate, with a high magnification lens would allow the eye to be scanned at a distance...
"Sure IRIS was not perfect, BUT its much harder to fake at border control (i.e. you can't just stick a fake iris on your eyeball like you can a fake fingerprint)"
IRIS wasn't retina scanning though. You're correct, retinal scanning is very hard to fake given it's an image of the back of your eye, but also less user-friendly to use.
It's relatively trivial to fake an iris scan though - coloured contact lenses effectively have a fake iris on them. Commercial scanners are even fooled by a high quality photograph being held up to them.
People can't just look over your shoulder to copy it, they have to exercise more ingenuity than the average criminal is capable of to exploit it. I'm surprised nobody has developed a method of scanning and 3D printing to produce fake fingers ... oh look, they did already (PDF).
A password that you cannot change, and leave written everywhere you go. I can't fathom why people think it's a good idea.
I have 2 reasons for you:
-It takes days to counterfeit for a team dedicated to the task with expensive hardware, a dedicated lab and specialized skills. Most passwords can be cracked in a matter of minutes by a script kiddie with a 200 bucks laptop from eBay.
-you can't possibly forget it. Most "hard-to-guess" passwords end up written on a post-it, which is demonstrably worst than holding them at your fingertips (litterally). And most of them aren't hard to guess at all anyway, cue the obligatory xkcd reference: http://xkcd.com/936/
Consider a password something like gQ9#dL consisting of 6 randomly chosen symbols from a set of 64, none the same, something most people could learn with reasonable effort.
Is it safe from someone who has the hash and a few minutes to compute and test? Certainly not.
Is it safe from someone who has three or four chances to enter it correctly before the entry device locks? Very likely so.
Exactly. It's a concerted effort, beyond the ken of most drug-addled thieves. By the time they get it to someone who can do it, the owner has hopefully realised it's gone and had it locked down or tracked.
Security is never 100% foolproof in stopping people getting in. The point is to slow people down enough that they are likely to be noticed.
and time again, fingerprint scanners can be fooled by a dedicated team with heavy equipment. In a lab. Set up specifically for that purpose. With previous knowledge of both the "key" and the target. Within FOUR DAYS, assuming the target did not notice their ultra-hush-hush device went missing. FOUR DAYS AGO.
Meanwhile, "good" passwords are cracked almost instantl by the million every single day by virtually anyone on the planet, leading to numerous kinds of frauds, costing real money.
Kids these days.
Fingerprints of the stars! You too could unlock your iBling/SBling with the same fingerprint as KIM KARDASHIAN. Be the envy of your Facebook Friends, be the envy of your real friends (Real friends not supplied!). Protect your most private selfies with the same built in security used by such luminaries as Paris Hilton, Scarlett Johansson and Jude Law.
Not technically worse I mean, but it seems to me that it's a worse vulnerability. The iPhone sensor only allows you to unlock the phone, and to sign in to (and purchase from) the Apple stores. Sure, that's not ideal if someone's got your phone and can circumvent the fingerprint reader....
....but, your passcode is required when you switch the phone on (and it's likely they'll have switched it off to avoid being tracked after the theft) or after ~5 failed attempts (as the article mentions) and even if they get past it all, all they can do is buy you music and apps. Which Apple will refund you for when you report it stolen etc.
If the Samsung one doesn't need your passcode, AND you can have infinite attempts AND you can spend real money through PayPal (and other apps?) then that seems a lot worse to me.
It does seem that this is a very poor implementation of fingerprint security. Even Samsung's draw-a-figure security system has a time-out (short, but, if I recall, user configurable) after five failed attempts. It is elementary to have a lockout (with an option to use another option if necessary).
On the other aspect - one-factor authorisation for financial transactions - how silly! Even if you use PayPal's two-factor (SMS) authorisation, the message is going to go to the phone that the thief has (though could be the case with the PayPal app on any phone if security is inadequate). Personally, I never use my phone for anything to do with finance, except as the second factor of authorisation.
Someone at the thread about luggage beacons posited everyone getting an RFID tag like they make for pets. Embed in the back of the hand and all.
Then again, like with the barcodes, someone's always gonna try to clone them. I think the concern is that anything man-made can be cloned, so they're trying to use something biological and thus innate.
"We can simply deactivate the key from a lost or stolen device, and you can create a new one."
So that would mean chopping off a finger and growing a new one with a different fingerprint, to the best of my knowledge mammals can't do that, reptiles can. Perhaps David Ike was right all along.
When I was at school I burnt the fingerprint off my left index finger by dragging it gently along a wall every day.
It grew back. Not sure if it was exactly the same, but I presume so.
A few months back I also managed to slice a good chunk of the flesh part of my thumb off whilst chopping veg. Again, it's still healing but I can see the fingerprint growing back in and all the lines seem to join up with the undamaged skin.
So yes, we can grow replacement fingerprints, but they are the same as the old ones.
Maybe you're joking and your sense of humour eludes mine. Generally, I only understand it's a joke if it's actually funny.
It's not the fingerprint that is revoked but the cryptographic key held protected by the fingerprint.
The biometric stuidd is strictly between the owner and their S5, the Crypro key is between S5 and paypal. Simples.
"Generally, I only understand it's a joke if it's actually funny."
Really? What about things that are a joke but aren't meant to be funny, like how our government spunks money up the wall on useless brain-dead projects with no earthly value and yet takes money away from people who can't afford to live with schemes like the bedroom tax?
Seriously, our government is a joke, but I'm not laughing. Perhaps you should refine your sense of humour?
What is funny? It's not to do with the seriousness of the subject matter, for me. I'm open to laughing about all sorts of serious or even tragic things if there is an ironic twist.
Where the funniness of the lizard thing is lost is that it's based on a misunderstanding on the technical point: You don't revoke the fingerprint!
Make a comical point about some crap policy like the bedroom tax: bring it on.
If you're driven into rent arrears and debt because you can't afford your council house any more and there is no smaller one to move into, you may be upset about it, but it doesn't take the "funny" away.
I can't work out if you are being serious, but, just in case you are, I'll explain. Fingerprint readers don't store (the image of) the fingerprint. It creates a key - basically a password. Cancelling a fingerprint key and then re-enrolling the same one will create a different key (at least in a decent system - I don't know about the Samsung or Apple ones). However, as someone else mentioned, most people have more than one finger, and the centrally placed ones on phones make it easier to to use either hand, unlike the offset one on my Thinkpad which almost guarantees that most users will use the right hand ...
It issued the following statement in a bid to head of a potential consumer backlash
I think you seriously over estimate the power of a 30 second news report on BBC's Click.
Also, most people will turn off this security features after a few hours as the drag fingerprint sensor (or the one I tried to use at least on an HP laptop), was notoriously crap unless you dragged your finger at precisely the same speed and angle as when it was learning - which probably explains the unlimited tries thing. I mean, if you're going to copy Apple, do it better not worse.
So they have to take a photo of a perfect finger print from either the digit in question or from the screen of the phone.
Look at the screen of your phone. Tell me how many complete fingerprints you can see on it. The answer will be somewhere between zero and none because you typically use the tip of your fingers and then it gets smudged as you swipe your fingers across the screen.
Personally I'm not worried by this.
four whole days? Why back when I was a youth we'd have done this in two, with nothing more than some store shelf gelatin and some back copies of "2600"...
But even back then, just like now, people still believe things are "secure" even when the press is open about the problems. Just like locks, only the honest crooks are deterred.
Complacency is the second biggest security threat, next only to the criminal element itself. Never assume you're smarter or "better" than the thieves. The moment you do that, you're only defense is not being a juicy enough fruit to pick. Though with modern bot harvesting methods, simply being on the tree is enough to get nailed for a pittance (to scale) these days.
Facial Recognition (i don’t know if it can be done but 3D facial recognition taking into account the sides of the face by turning your head)
A voice phrase (easily recorded but useless by itself when combined with the above)
Would make sense to me
I employ a crack team of highly trained medical professionals to also perform blood and DNA testing, alongside the facial recognition, voice analysis, fingerprint, iris and retina scanners, all feeding in to the security guard who presses the "open door" button for my volcano lair.
Note that in this scenario, your PayPal password (or the crypto cert used by the phone to authenticate to PayPal, after it assesses the biometric data) is the "open door" button, which is still your single point of failure ^^;
Much like placing a 50cm thick steel door with multiple locking mechanisms on a vault whose walls are made of brick; any smart criminal will go for the weakest link, so you need to make that highly secure door the weakest link.