Smartphones' security enhancements just make them more dangerous Over the holidays I bought Apple’s newest, shiniest face scanner. For the first fortnight - and periodically since then, that constant lift-and-scan felt weird. As though my smartphone had suddenly become too intimate, too familiar. This is hardly the thin end of the wedge. It started with passcodes - which many people didn’t …
It's not here yet, but it might be closer than you think.
Oxford Nanopore's MinION "works by pulling DNA through around 500 nanoscopic pores and reading it as it passes through by measuring an electrical signal produced by each nucleotide" [Product details]
What that article doesn't say is that the sample requires some rather involved pre-processing first [pre-processing kits], and the disposables are 'a bit' expensive....but they are working on the pre-processing bit.
As for the size, the MinION is 'mobile phone sized', but they plan a sequencer that is smaller - the SmidgION.
I know this seems like a product placement advertisement for Oxford Nanopore, but I have no connection, and I don't even use their products. It just looks like interesting technology to me - I found it when reading about it in 'The Economist' in an article about the Cassava Virus Action Project
You leave DNA all over the place. Someone just needs to grab the straw you've been drinking out of, your lipstick, your hairbrush (yeah it sounds like women would be easier targets here...) or whatever along with your phone. Just like someone could get accurate scans of your face to produce that 3D model, or snag your fingerprints off a glass or your phone itself, and so forth.
Maybe if they embed a THz scanner it could map the blood vessels in your brain, though you might need to swallow something for contrast first...
I disagree. Not buying them means living under the Sword of Damocles, which by definition means "you're NEVER safe." Which means no peace of mind. Which is why I'm saying if the ONLY way to get ANY measure of safety is to give up your liberty, then what's the damn point of civilization at all? You're basically back to The Jungle.
How the hell does not buying a smartphone leave someone under under the Sword of Damocles? If you don't rely on a single device to hold almost your entire life then by definition all your private data is spread between disparate systems and so not vulnerable to being compromised by a single strategic security mistake, regardless of whether you're advocating passwords, biometrics or anything else.
It's the very fact that smartphones hold so much in a single package that makes them so dangerously vulnerable and also so valuable if compromised.
Also, try to avoid randomly capitalising so many words. It's like you're channelling the keyboard mashing of the Bombastic Knob.
Since your fingerprint (or face, or (presumably) DNA) is stored as a salted hash in the Secure Enclave of the phone, unreadable and unsynchronised with the cloud, I’m not hugely worried that this represents a security loophole. It might be a security hole, of course, but it’s insignificantly small compared with the massive security error that social networks represent.
Through tools like Facebook, criminals can fairly easily work out your mothers maiden name, your place of birth, your real birthday (assuming that you haven’t been foolish enough to explicitly tell them), and may even in some cases divulge what you’re spending your money on, when and how much.
With that little haul a malfeasant should be able to unlock your life without going to the inconvenience of nabbing your phone first. I think that putative problems with (correctly implemented) facial and fingerprint recognition are only worth worrying about once the far bigger security issues that millions face everyday have been resolved.
That's all well and good. It's how it's supposed to work. But how does the average user figure out if that is ACTUALLY how it's implemented? For all we know One or Xaomi or Samsung thought, meh, to hell with all that, and stores them in plain text in the ROM. Someone skilled in phone OSes might figure that out (and lack of news about such stupidity seems to indicate it's done correctly) but "Joe Average" can't.
And has been pointed out before, fingerprints should be considered a username. Not a password.
"...is stored as a salted hash in the Secure Enclave of the phone, unreadable and unsynchronised with the cloud..."
But what if, and I know this is pushing bounds of reality, a processor had a flaw that allowed un-privileged access to the secure enclave you mentioned, either by being able to read the encryption keys, the salt or directly from the authentication mechanism.
However there is not much chance that a processor would have a design flaw like that, is there?
And, given that there are easier means of stealing someones life (as discussed earlier), why would you bother?
It used to be the case that we argued against security through obscurity (i.e. it doesn't work) but you seem to be implying that security through ignorance *will* work.
Seriously, you have no idea whether there is a trivial way to exploit these processor bugs or not, and you also have no idea as to whether someone who wants to access your system will bother or not (assuming it is non-trivial).
That kind of approach to security leads to moments of regret later on, guaranteed.
@Sir Runcible Spoon
You misunderstand me, or rather, perhaps I haven't been entirely plain in my meaning. I'm not saying that these security issues in hardware should be ignored, or that they aren't worth fixing. I'm saying that, if you want to steal someones life (bank account details, identity and so forth) there are easier means than trying to bypass biometric security.
Put another way, I'm not suggesting for one moment that one should ignore flaws in the design of the lock, or put off replacing the lock with one that is more secure, I'm merely saying that a criminal is unlikely to force the lock if the kitchen window has been left open.
Social networks are akin to an open window. The people who need to concentrate on more secure locks are those who eschew social networks in the first place (a minority these days, it seems). Those who have social network accounts probably need to look to deleting those first before worrying about how secure the biometrics on their phone are - because, realistically, the phones biometrics are going to be considerably more secure that their digital online presence, no matter how badly the phones manufacturer implemented it.
I'm certainly not arguing for security through ignorance - quite the opposite. I'm suggesting that one should plug the bigger hole before concentrating on the smaller one. But yes, I agree with you entirely that security through ignorance (or obscurity) "leads to moments of regret later on, guaranteed."
Thanks for clarifying, I thought you were referring to the processor bugs in particular, but that doesn't change anything I don't suppose.
Totally agree on fixing the most commonly exploitable holes first. Not having a smart phone or social media accounts (apart from this one) I tend to immediately focus on the next line of defense, such as fixing processor bugs etc.
> Since your fingerprint (or face, or (presumably) DNA) is stored as a salted hash in the Secure Enclave of the phone
Disclaimer, it has been a few years since I last looked into facial recognition (wasn't quite up to snuff back then), but I work on systems with deep integration of fingerprint and vein scan as well as regular password authentication.
Hashed authentication for passwords/passcodes works because you can* store Hash(secret + salt) and later test whether Hash(guess + salt) == stored value without storing the secret itself. You don't need that secret, just statistical proof that it is neigh impossible for the guess to not be the actual secret**.
Biometric templates are different because you are not able to get an identical scan for verification. Even two photos taken on the same camera on a tripod in a studio seconds apart will have subtle differences. If you were to perform a substraction operation on the bitmaps, it would not be pure black. Because of this, templates are more like a series of measurements of angles and ratios of various features. It can be thought of as a template in the sense that you can't take those numbers and reconstruct the original scan/photo, but the verification logic needs to have those numbers to determine whether the candidate finger/face is "close enough" to the template. (This is why we can meaningfully talk about false accept rate and false reject rate for biometrics). My point is that you can encrypt the template but you cannot hash it.
*But please don't. Google scrypt or bcrypt and use one of them.
**Aka a collision
"Obvious solution then: don't carry your data, put it in The Cloud instead."
All you have to carry then is effectively the key to the safe. Lose the key - then quickly change the lock after using a spare key.
However - that assumes that the safe's lock cannot be breached by other means.
While it may protect your device if the device is stolen there are far too many ways to collect fingerprint, facial and DNA data metrics to be able to 'spoof' them to fool the device.
Any security model that relies on anything other then a secret known to and stored in the owners memory is fundamentally a flawed model, convenience is no substitute for a properly implemented strong security model.
--->Although it's a different story when the best secret that people can come up with is 123456.
That's easy to fix:-
1. It's a training issue and if people don't want to protect themselves that's a personal choice.
2. 'Force' different levels of password/pin implementation onto the device (i.e. no usage of more then two continuous numbers, no usage of duplicate numbers).
The reason these things aren't done 'properly' is people bitch about it, then complain when their data gets stolen and they haven't taken sensible simple precautions themselves.
While I don't believe in the nanny state, I also don't believe that dumb fucks should drive security implementation models, security models should NOT be dictated by the dumbest/laziest common denominator.
I'm reminded of a conversation I had years back when banks started to implement pin based security for phone banking, I had a multi week stand up argument with an implementation team manager who was happy to use a model that allowed staff to see the WHOLE pin number, rather then have to ask for say digits 3 and 5 of the pin which were then entered into a hidden field system for verification. When I asked what his view was when it was offshore staff doing the security checking and they would also have access to the whole number, he stated that wasn't his problem, that was the offshore contractors problem to manage. How I didn't punch him in the mouth I'm not quite sure to this day,
"While I don't believe in the nanny state, I also don't believe that dumb fucks should drive security implementation models, security models should NOT be dictated by the dumbest/laziest common denominator."
You MUST. They're the majority, and they outVOTE and outSPEND you. That's why you MUST take the Stupid User into consideration if you want to stay in business long-term.
PS. Some people really DO have serious memory problems where "123456" becomes "271052" and "correcthorsebatterystaple" becomes "donkeyenginepaperclipwrong". AND they're too proud to ask for help. Yet if you don't deal with these kinds of people, what they house can take other people with them...including potentially YOU thanks to unknown connections.
> 2. 'Force' different levels of password/pin implementation onto the device (i.e. no usage of more then two continuous numbers, no usage of duplicate numbers).
You've just reduced the size (difficulty) of the problem set that has to be solved for a brute-force password attack by including those restrictions.
'here are far too many ways to collect fingerprint, facial and DNA data'
Yeah, and another essential part of any lock / key system is the ability to change the lock, if you know that someone has been to Timpson's and had a duplicate key cut. Assuming that it's possible to spoof someone's face / fingerprints / dna.... How can i rescind any of that stuff when it's comprised? Plastic surgery? Using a stanley knife to adorn my fingerprints? Some kind of DNA editing? None of them seem like particularly pleasant options to me.
Here's an interesting though exercise: If an individual* cannot remember a password more complex than '123456' etc. what is the statistical likelihood that the data they are carrying will impact anyone other than themselves if the data is compromised.
*All government employees are exempt
Might be a bit awkward, you could easily have some other persons DNA on your fingers.
I imagine p***y grabbing POTUS would be positively disappointed if a day passed where he did not get other DNA on his hands
Seriously, DNA to unlock a phone is massively insecure (but so are fingerprints, faces so it might happen!)
Mines the one with the long PIN
And presumably you could have multiple PINs that unlock the phone in different, possibly partially data-earsing, ways?
Or is nobody as paranoid / devious as me in the outside world? Or do we simply not put such stuff on our phones because we trust them as far as we can comfortably spit a rat?
If the author is unconvinced with using his face to unlock his phone why doesn't he just use a PIN? My new phone's got a fingerprint scanner built in but there's no way I'd ever enable it. That sort of idiocy is for people who can't tell the difference between a username and a password and don't know how easy it can be to spoof the biometrics.
There are some people who suffer such problems, although I suspect the author would have mentioned it if he fell into that category. They're by far in the minority though. Biometrics are the sort of thing that should be used as a method of last resort for edge cases, if at all, rather than the new default simply because it makes for a flashy sales gimmick and seems to be more secure to the average bloke in the pub who isn't particularly interested in this whole conversation.
The point I'm trying to make is that companies that tout the security of their products should endeavour to good security practice.
As ever it comes down to more input from engineers, less input from the clueless fuckwits in marketing.
Thing is, edge cases don't STAY edge cases for long.
"The point I'm trying to make is that companies that tout the security of their products should endeavour to good security practice."
Problem is, security clashes with ease of use, and the prole prefers the latter to the former and is not likely to take training. How do you do a secure solution for someone who doesn't care about security (and yes, you MUST care about their security since they become weak links to compromise others)?
Using a smart watch (or actually just a wrist-mounted RSA dongle - which could easily be incorporated into a watch - heck, some fella has even built one into a Casio F91W ) isn't a bad approach.
Rolling codes could be entered manually into one's phone, or else scanned by the phone's camera or otherwise communicated (NFC, IR, sound).
A list of modded F91W features below:
https://github.com/carrotIndustries/pluto
It hurts when I do this. Ow.It hurts when I do this. Ow.It hurts when I do this. Ow.It hurts when I do this. Ow.It hurts when I do this. Ow.It hurts when I do this. Ow.It hurts when I do this. Ow.It hurts when I do this. Ow.It hurts when I do this. Ow.It hurts when I do this. Ow.It hurts when I do this. Ow.It hurts when I do this. Ow.It hurts when I do this. Ow...
'Sfunny, when I ring my auntie in Doncaster I can tell straight away if it's her on the other end of the 'phone or some dumb female burglar who's just pretending to be her.
Now unless I'm very much mistaken, most 'phones, even mobile ones, have a microphone in there somewhere. You've possibly overlooked it because it's so far down on the list of requirements for a modern mobile.
Anyway, using this microphone thingy I bet I could tell if it was reall me talking.
Just sayin'...
"Can you tell the difference between your aunt and a recording of your aunt?"
Hah hah. OK, I have to tell this story. When my voice was changing -- yes, I passed puberty, far too many years ago in fact -- for a while I sounded like Mom. So her friends would call to talk to her, and start chatting away... and when they stopped for a breath I'd say, "Hold on, I'll get Mom."
Poor ladies were mortified, because they knew how sensitive boys could be about such things. Me? I thought it was funny.
Anyway, one day I answer the phone and it's my grandmother. Of course SHE could tell it wasn't Mom's voice, but it was still close enough that she said, "Jo?! What are you doing there?!" She thought it was my aunt Johanne, and wondered why Mom's sister was visiting and nobody had told Grandma... it must be a family emergency?
"Hi Grandma! Hold on, I'll get Mom."
The problem is more than just smartphones, it is the fact that all that personal information is stored on the cloud somewhere making it in theory a) accessible to persons other than you and b) Impossible to verify
One of the consequences of this came home to roost recently when I was required to act as guarantor of my daughters rented house. To do this I needed a utility bill less than 3 months old.
5/10 years ago this would be easy , as virtually every week a bill would drop through the letter box. Today, it took 2 days of hunting for something that would meet the requirements, with virtually all the providers gone online.
The question then begs itself is when we will reach the point where the only way we have to identify ourselves and all our information is some bio-metric indicator tied to the cloud, and what happens when either (maliciously or accidentally) this goes wrong . Does it mean you will forever be shut out of your life, incapable of proving your identity to the world that will only believe what the computers say is true and has lost the ability to verify in any other manner?
"Does it mean you will forever be shut out of your life, incapable of proving your identity to the world that will only believe what the computers say is true and has lost the ability to verify in any other manner?"
No idea. Let's ask Doc Daneeka...
As I recall, Identity Theft was a thing BEFORE the Internet came along.
It is not so much a question of identity theft, but the a ability to prove your own identity.
It used to be under your own control with the various forms of physical documentation you held. In the virtual world however you are dependent on 3rd parties to maintain, control and secure your online identity. If this fails, then how do you then correct the issues?
If anyone seen the film Brazil, you will know what I mean
A few months back, as I queued for a flight, I handed the check-in staff my smartphone, expecting they’d scan the QR code representing my boarding pass. They waved it away. “We’d prefer you scan your code yourself - just in case we drop it. People get very upset. They lose their whole lives.”
You're going to be flying with an airline whose staff have a track record of letting things hit the ground badly. Enjoy your flight.
All security is gradually dumbed down so them that run around with a finger in their ear shouting can easily get into the device which will halt the thing planned by a cross between elton john and hitler.
Then they wake up and its another desk piled up with funny names to sift through and people to randomly harass.
Bit of a comedown when you joined thinking you were going to foil plots to strap rockets to the british museum and launch it into orbit for ransom.
Everything seems to be is good old fashion police work which there are no police available for due to the budget being pushed the way of imaginative fantasists lol.
Thats all biometric are, a decleration hat the person requesting access is present (or atleast part of them).
In multi-factor authentication, its about a combination of factors and without one of the other two, biometrics just dont stand up
Something You Know - shared secret (Unique Static Changeable)
Something You Have - shared object (Unique Static Changeable)
Something You Are - further identity (Unique Variable Constant)
To make a biometric system viable, you have to add other factors, such as pulse, movement, behavior etc that confirm the assertion
I'm by no means an expert in US history but I've always understood Franklin's quote to refer to the fallacy of trying to restrict citizens' rights to improve security. AFAIK Franklin's ideas were key to the protections granted by the constitution. Not only does the comparison with the I-Phone cheapen the debate, it's also completely off the mark because it's about convenience.
It's been noted elsewhere that biometric systems do not require the person's consent to be unlocked, which makes them per se less secure than a passcode.
If you are worried about security make sure you don't have anything worth stealing on a device that you have a high chance of losing, forgetting or breaking.
But Apple's latest "innovation" is really all about reassuring the punters that it was worth spending all that money to stay ahead of the plebs. Apple does make some fantastic products but it's even better an manufacturing demand for them.
"If you are worried about security make sure you don't have anything worth stealing on a device that you have a high chance of losing, forgetting or breaking."
Which means you eventually reach a point where you MUST have such valuable information on things easily lost/stolen in order to function AT ALL in modern society. Then you end up asking, "NOW what do you do?"
Apple pretend they're first but anyone who's not an Apple prisoner will know they are not but want to continue the myth.
Samsung are ahead of the curve with Iris scanning which is unique. Their Galaxy S8 phone gives security at 4 levels - Iris + Fingerprint + Face + PIN ... you can choose the freedom or stick with with Apple!
Even if perfected to be fake-proof, biometrics will remain insecure due to inherent trade-off between False Acceptance and False Rejection, which demands the co-use of a fallback password. Two entrances placed in parallel provide nice convenience to criminals.
um, idiots really are giving these companies/ the state their fingerprints, face scans....and soon dna? :-( nobody should ever have that kindof power.....especially as the state employs total idiots to enforce said laws....i mean if i was the type to go around raping and murdering people....it wouldn't be my cigarette butts that i 'drop' outside their window now would it? :-(
what reaally worries me is that this is becoming so embedded in society that at some point it will probably end up being mandated by govt even...or even without it will become impossible to be a functioning member of society without agreeing to it....
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
