Get better soon, Kieran!
.
.
.
ElReg-readers sure are a weird bunch.
Everyone knows the trope. The baddies smash their way in and gun down the guard standing in front of the vault. "Dammit," says the lead bad guy, "it's a biometric scanner, we'll never get in!" His most grizzled henchman turns round, holding up the dead guard's lifeless arm. "Oh yes we will…" A Reg reader recreated this scene …
Does the same trick.
But then I did manage to have that reattached. It's still got a weird lump with a white scar running around it and does require a certain amount of finessing before finger scanners will pick it up though due to the odd geometry of appendage.
Did he still have his fingernail by the way El Reg reporters? Severed fingertips and fingernails can result in some weirdness when things heal up abit more. (Morbid) enquiring minds and all that..
Yeah I was thinking the same thing. Surely any tech checking if the finger is real/alive has less to do with knowing the exact characteristics of a live vs dead/fake finger, and more about detecting more than just the finger print so it can then detect the difference when that state changes. Otherwise you also have to get into the realm of deciding what the acceptable range of values should be to cover everyone, since one person may naturally have much warmer or much colder fingers than someone else. So since he had access to the phone and setup the dead finger as being valid, when he then used it the phone obviously unlocked because it was a perfect match.
Makes me think of Nick Fury in Winter Soldier, where he'd previously already registered his dead eye so he had a backup in case someone removed his official working eye scan from the system.
Mage,
Do you unlock your phone with that Even in the office?
I've heard that biometrics is a growing field - with stiff challenges to overcome in order to solve some hard problems and offer protection from infection.
OK, OK, I'll get my coat. The long, dirty one with the suspicious rubber items in the pockets please.
For amusement and morbid interest, I checked out a book on hand injuries from the pre-clinical library at Uni.
I'm not squeamish, but my housemates did struggle with many of the graphic photos.
One that stuck in the mind was a poor guy who had all his fingers on one hand torn out, including 30cm of tendons that controlled them, preventing them being meaningfully reattached...
Icon for what his hand looked like afterwards --->
Hit my left thumb (resting on stone) with a 2 kg hammer. I could breathe normally only after about 90 seconds later, the pain was just evil. Daring to take off the glove? That took about 20 minutes. Unbelievably neither a bone cracked nor a tendon snapped.
Fun fact: the "Payday" movie will never be the same again.
Got my right thumb smashed in mid June 2013 or 14 by my nephew wielding a maul while hammering in stakes to hold our newly-built "playscape" to the backyard lawn. Nothing broke, but had urgent care use what looked like a soldering iron to burn two holes right through the nail to bleed out the extra blood to ease the swelling. Lost the nail within a couple weeks; it grew back in about six months, stronger than ever.
LOL (sorry!). I had an X-ray taken and, as I said, all seemed fine. Said thumb was mightily swollen though and oozing funny fluids. I was told that should the swelling not go away I should come back to get a cut through the skin so the funny stuff could come out. I just said: IT WILL BE OK! THANKS! BYE!
Karma note: was with a girl that day and had been a bit of an obnoxious bastard. I think she had the best day of her life that day.
Oh yes, the "we must make a hole in the finger for stuff to come out". Here's a tip, if you wait with that, stand well back when it's being done because it doesn't half build up some pressure. Not that the fantastic balloon shape isn't already a hint, but still. In my case they made a hole in the nail with a heated needle. It did help immensely with the pain, though, but it took a while for the flow to stop, with the pressur off new blood could flow.
Been there, done that, felt it, seen it. Broken off the top bit of the uppermost bone in a thumb, so that was several weeks offline for me.
I had a road accident once, and the upper joint of my right middle finger was smashed, it looked like a peeled banana, with the naked bone sticking out from between the three flaps of skin, one with the nail still attached. A&E cleaned it out and pushed it back into shape, before bandaging it tightly with a gauze finger stall. They said that it would heal, but that I would probably lose the nail. Then they said they were going to give me a Tetanus shot. Seconds later I turned a sickly green colour and fell off the couch onto the floor, apparently I was (still am) allergic to Tetanus Toxoid. They all rushed about like headless chickens until someone found an Adrenalin shot, which rectified the situation somewhat. I didn't lose the nail, but there is a strange bump on the tip of that finger, which had no feeling for many years but is fine now.
Mum sometimes has that problem on her phone - but seemingly not her iPad.
I'm in my mid 40s, and if I've just been washing up, or just got out of the shower, so all the oils have been washed out of the skin in my hands and the skin is totally dry - I sometimes find it takes a couple of goes to make the smartphone screen work. Or I have to hold my thumb flat, to have a larger surface area in contact, rather than just brushing the end over the screen.
As I understand it, our skin loses conductivity as we age. But I've had success suggesting to Mum that she use the flat part of the finger or thumb, instead of the end. It seems to give the screen more to detect.
I suspect there may also be an issue with some panels being less sensitive - though equally it could be software.
From Scientific American on disappearing fingerprints:
The elasticity of skin decreases with age, so a lot of senior citizens have prints that are difficult to capture. The ridges get thicker; the height between the top of the ridge and the bottom of the furrow gets narrow, so there's less prominence. So if there's any pressure at all [on the scanner], the print just tends to smear.
https://www.scientificamerican.com/article/lose-your-fingerprints/
Some of that is due to cheap touch elements. I have that problem, and I'm quite young. I only have it on a old and very cheap device I keep around for ... actually I don't know why I keep it around as it does nothing useful and is a pain to use. Well anyway it's here. The older and cheaper panels can lack precision which means they don't frequently register finer movements. For example, on this one, it will register taps well enough but it is not very good at registering movement of the finger. Scrolling frequently doesn't work because it thinks I'm just tapping on something.
At the end Kryten said "now might be time for you to give me five, sir" and Lister said "I can do better than that - I can give you fifteen!" Cos he'd still got the hand.
That's it. Yeah, I logged in for the first time in years to post that.
Biometrics is NOT security, it's just like the username part of authentication, except you can't change it. You can change even your real name as part of a whim or witness protection scheme.
Biometrics should never be part of identity checks, passports, car licence etc. Because you can't change it and a criminal can use their real biometrics edited into your account, or vice versa as no computer system is secure.
As always, it depends. There's always a compromise between security and convenience, you just have to choose which balance is best in each particular situation. For most people, by far the biggest risk to their phone is losing it and having some random pick it up or having it swiped by a casual thief. In either case, a fingerprint is more than sufficient, since they have no idea who you are, no way to get a copy of your fingerprint, and no interest in anything beyond wiping it and selling it on. On the other hand, most people want to unlock their phone tens or hundreds of times every day, so being able to give it a quick poke has a large benefit.
Obviously requirements for accessing top secret military information has very different considerations.
So a blanket "never" doesn't really make sense. Biometrics have some clear downsides, but they also have some upsides. And depending on what you're doing, those downsides may not be that bad, but the upsides might be quite useful. And in any case, security guidelines always need to take into account what is actually possible. Even if using a long, complex password to secure your phone, the vast majority of people will never actually use one, so insisting that they do is completely pointless. A fingerpring might not be the best solution, but it's likely better than a simple four digit PIN or a swipe pattern that can be clearly seen smeared across the screen. As always, it's important not to let perfect be the enemy of better.
One issue is the laws on biometrics vs. passwords are different, at least on this side of the pond.
Giving up a password is testifying against yourself, and banned by the 5th amendment, but you can be jailed for refusing to swipe your phone.
If they're threatening you with violence, just give them the pin anyway. I haven't seen a device which accepts fingerprints and doesn't have a backup pin for when you've recently washed your hands thoroughly or are wearing gloves. If they want it unlocked, that's more reliable and less painful for you.
But that's kind of the point - your average casual thief may be happy to swipe a phone or other small valuables, but is less likely to be willing to cause serious harm, and much, much less likely to have any interest in targeted severing of body parts. If you're a target of interest to a TLA or drugs cartel, this may be something you need to take into account for your security precautions. But it's simply not relevant to the vast majority of population who only need to worry about casual opportunistic theft and not targeted violent attacks.
But that's kind of the point - your average casual thief may be happy to swipe a phone or other small valuables, but is less likely to be willing to cause serious harm, and much, much less likely to have any interest in targeted severing of body parts.
But this is also kind of the point. I personally don't want it to be "much less likely" for any criminal (whether casual or not) to have any interest in the targeted severing of my body parts.
If they are participating in a hack on my employer and they want my admin account to help with that i'd rather than the hack didn't begin with them hacking my finger off. I want a situation engineered where the most stupid and sociopathic thief out there knows full well that there is absolutely zero reason to remove any of my body parts.
Anything less is likely to eventually lead to some poor git being mutilated if the reward is sufficiently in excess of the risk.
That's never going to happen. If you're faced with a criminal who is willing to cut your finger off, they can also just use the cutting implement to threaten you until you use the fingerprint to unlock the system. Then they're in. Or they can similarly threaten you until you give them the backup password, which basically everything has, and they've achieved the same. If the theoretical criminal wants access to something, they will be satisfied with a password because nobody wants to carry around a dismembered finger unless they absolutely have to. Even if the finger would work, if there's an alternative which there is, they'll use that.
There was a news report years ago about some guy in South America who thought it was smart to protect his expensive car from theft by installing a biometric reader to start it.
Guess what the theives did to steal it then??
Can't remember if he survived or not, but would answer to Stumpy if he did.
(Those of a faint disposition may want to skip the video...)
https://www.youtube.com/watch?v=KbsAU0emA2A&t=115s
RIP Mr Everett - you are sorely missed
More than 20 years ago I tested fingerprint readers from Precise Biometrics, that would refuse to recognize "dead fingers", even when the fingers were still attached to the body, but suffering from a serious lack of blood flow. After the blood flow returned, the fingers came back to life, and the fingerprint reader would accept them again.
I think I must have a rather pessimistic "what if" consider-all-possibilities sort of mindset, as, when I first got a mobile phone with a fingerprint reader, it seemed to me only sensible to register a finger on each hand just in case "what if"…
I had the same toenail issue you speak of.
Unforunately it was a bank holiday weekend, and after 1 1/2 days of agony by Sunday morning I'd had enough and went at it with a kitchen knife (!) with the back-and-forth rotation method at 4am.
It actually worked!! Blood spot and pain retreated to mere Shirley Temple level.
My attempt at Supergluing my thumb back together after a slight cooking oops on the other hand didn't work as well though at least the healing process had begun by the time the glue finally failed.
AC because the penalties for DIY surgery without an MD present are more severe than Class A drug dealing in some jurisdictions.
> toenail issue .... after 1 1/2 days of agony by Sunday morning I'd had enough and went at it with a kitchen knife (!) with the back-and-forth rotation method at 4am.
Even my Boy Scout Manual said a needle heated in a flame. You already hurt bad, back-and-forth makes it worse. A hot needle can't be worse than whatever crushed your digit. When you hit blood/juice the point of the needle cools rapidly, you won't 'go too far'. And flame sterilizes: the LAST thing you need in a smashed and swollen finger is a pernicious infection under the nail where it can't be treated.
I had the thumb smashed so the bone showed. It's almost healed now, 45 years later. Fingerprint is slightly messed-up, but who knows? The first I heard of practical print readers was a couple years later, a pal working in AT&T and had to visit the north Jersey super-secure room. (Net-ops? Billing? Staging for tapes shipping to Iron Mountain? She would not say.)
Supposedly, the scanners at CERN check for "viability" and will refuse entrance if the appendage or eye is no longer alive.
Learned that from someone who claims to have worked there.
This is actually a valid point, as a severed finger could feasibly be hooked up to a cheap pump before the vessels fill up with
clotted blood and/or it dries out irreversibly.
Anyone care to test it out, please post back here!
AC, because I use biometrics and don't want to get gutted like a fish.
It is perhaps just as well that this unlucky and unpleasant incident didn't coincide with the "Post-pub neckfiller" series…!
And on the subject of pubs, drinks and detached digits…
The stump can be excruciatingly sensitive - allodynia is the medical term.
These days the cap is 3D printed from the impression. Your finger will be far more comfortable with it on. With the proper material, there is some protection from cold temperature.
Don't bother with the silicone glove. Unless you spend a whack of money, it looks dreadful, is expensive and all too easy to lose.
A gel toe protector works fine over the cap.