I recently fixed a problem on an Asus Fonepad FE170CG. This tablet (or technically, more a phablet, since you can also make phone calls with it) is sold in Italy at the bargain price of 99€ and is quite popular in circles where people need a cheap appliance that can stand as access point, and make the occasional phone call.
Apple has recently spur some controversy with the introduction of a biometric sensor onboard its last flagship product, the iPhone. When it comes to this topic (governments stealing fingerprints…anyone?), I think that most people are overseeing some other interesting issues.
In my knowledge, available and affordable biometric sensors are known to be quite easy to bypass. Even those considering skin humidity can be bypassed and this vulnerability is known since 2002 so it comes in no surprise that Apple touch-id has been broken in a few hours after its launch by CCC .
So, if everything was just known, why manufacturers decided to insert a biometric sensor anyway. Why? There may be different reasons, some understandable, some outside the scope of this article.
– PINs and passphrase authentication schemes are showing their weakness and a suitable answer was required by market.
– biometric sensor is a great way to tie the device to the user. In a not distant future, ‘for security reasons’ it may be handy for manufacturers to tie the biometric credential to the device in an irreversible way, to ‘burn in‘ thus zeroing the second hand market (and black market as well).
Update(27.09.2013):I feel that thid will eventually come up any time soon.
– Plausible Deniability: in this not distant future, once the biometric credential is ‘burned in’ the device during initial setup, it can be difficult for the user to repudiate the device, claiming he does not own it.
As far as I know, the link between the biometric credential and the device is not so strong at the moment, and I suppose that the phone can be reset and sold without particular issues in this regard.
For normal people, the ones who fear more a violent assault by petty thieves than a government coming after them for espionage, there a are a few reason why a biometric sensor on a phone is a good thing:
- PINs, unlock schemes and pass phrase may be awkward to insert in an emergency situation. While it’s true that the emergency dialer is always accessible, an emergency situation may include a scenario where one has to call a different number from the standard one and PINs and pass phrase are difficult to remember under stress.
- an authentication scheme based on a biometric sensor is better in an hands-free situation, because it does not require the user to focus on the credential insertion.
- a biometric sensor is great for elderly people and impaired one.
- you cannot forgot a biometric credential (*hopefully*).
On the other end, there are plenty of cons regarding a credential system solely based on a biometric sensor.
- a biometric credential cannot be easily changed.
- a biometric credential, like a fingerprint, is comparably cumbersome to protect while for normal situation protecting a PIN or a pass phrase is relatively easy.
- fingerprints, in particular, are mostly exposed as unless the user is using gloves, as fingertips are always in contact with the surrounding environment. The claim that touch-id works also with other part of the body may be fun, but fingertips have a very special characteristic: they are different from person to person. I would love see people unlocking their device with the forehead, but it would be interesting to see if foreheads of other people forehead can work as well. Moreover, no more placing your forehead on the window in a cold day like Keanu Reeves would possibly do, unless you want to risk to compromise your main credential.
The use of fingerprints as a biometric credential while practical, has some real issues that people should consider. First of all, there’s a better chance of violent crimes being conducted where the thieves unlock forcibly or cut the fingertip
to obtain the biometric credential. And living without the thumbs can be at least uncomfortable.
Then there’s the aspect of privacy and data security. Everyone may find himself in a situation where a third party can forcibly try to obtain access to the device.
While a little interrogation or trying to access by forensic methods can be a viable alternative every law agency can consider, bypassing a biometric credential is easy like forcing the user to swipe a finger on the sensor. You don’t even have
to spend 5$ on a wrench .
A few points worth mentioning:
- biometric authentication means that the device is vulnerable in any situation where the user is unconscious or’unavailable’, while for classical credential like PINs and passphrase this scenario works conveniently the opposite way.
- it’s difficult to oversee a plausible deniability scheme where one can provide the adversary with a different fake credential that will reveal uninteresting data, because the user can be observed acting in normal life ( so it may, for example, be difficult to swipe a different finger under distress, as the adversary may and probably already knows what the valid finger is).
So, are we ready for biometrics? Probably not. But probably, like many innovations Apple has endorsed, this will bring some good, spurring manufacturers into developing safer biometric systems.
Update (24.09.2013): a really good article on the subject (with some first hand experience on the touch-id hack) can be found here.
Importance of Open Discussion on Adversarial Analyses for Mobile Security Technologies: http://web.mit.edu/6.857/OldStuff/Fall03/ref/gummy-slides.pdf
Chaos Computer Club breaks Apple TouchID: http://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid
Why I Hacked Apple’s TouchID, And Still Think It Is Awesome: https://blog.lookout.com/blog/2013/09/23/why-i-hacked-apples-touchid-and-still-think-it-is-awesome/
“The appearance of safety was mistaken for safety itself.” (Walter Lord)
It seems reasonable to me that the prefix UN- should be banned from the world of computing and technology in general.
We have several examples of UN-thingies.
so why not go on with the ‘unhackable’ netbook network
“There was no way we could do any of this on XP,” he said. “Windows 7 nailed it for us.”
Tom Olzak from TechRepublic.com reports another sad XOR story.
Whilst an indipendent confirmation would be needed, it seems that the Tornado Plus from Alutek present us with another bad XOR story: poor cryptographic knownledge and a strong target towards clueless home users. Tom says they used XOR encryption for real!
OMG. More snake oil for everyone…
Heise-online.co.uk is reporting another sad-sad-sad XOR Story. It seems that some usb biometric pendrives are relying on the pc’software to unlock the safe partition, instead of bothering inside the chip itself.
“…the controller on the stick does not decide whether to provide access to the partition; the software running on Windows does. “
It seems that a simple open source utility, PLscsi, will unlock the safe partition, without superglue and latex biometric hacks.
“…You do not need to use superglue and latex to forge fingerprints if you want to access the data “protected” on these sticks from **** and ****”
“Conclusion: The fingerprint sensors in the products mentioned above apparently only serve one purpose: they mislead interested buyers. “
I don’t understand the point of these Snakeoils sellers. Nowadays, these tricks don’t stay covered for a long time. Sometime someone will find out and verbose it. And personally, I would never buy again from a company that resorts to these ugly commercial tricks, so it’s all-loss, on my opinion.
See my other post here and here, and thanks Heise-online.co.uk to uncovering this out.
[Source: ./ ]