An "expert" quoted in the Independent predicts that thieves will amputate their victims' fingertips in order to bypass the biometric locks on the new Iphones. I'm not particularly worried about this vulnerability (if you're willing to cut off someone's fingertip to unlock his phone, you're probably also willing to torture him into giving up his PIN), though I remember reading stories of carjackers who amputated their victims' fingertips in order to make off with their biometrically protected cars.
More interesting is the prediction that phone thieves will lift their victims' fingerprints and use them to bypass the readers. As German Interior Minister Wolfgang Schauble discovered, you leak your fingerprints all the time, and once your fingerprint has been compromised, you can't change it. (Schauble was pushing for biometric identity cards; playful Chaos Computer Club hackers lifted his fingerprints off a water-glass after a debate and published 10,000 copies of them on acetate as a magazine insert).
This is the paradox of biometric authentication. The biometric characteristics of your retinas, fingerprints, hand geometry, gait, and DNA are actually pretty easy to come by without your knowledge or consent. Unless you never venture into public without a clean-room bunny-suit, mirrorshades, and sharp gravel in your shoes, you're not going to be able to stop dedicate strangers from capturing these measurements. And as with Schauble's fingerprints, you can't revoke your DNA and replace it with new DNA once a ripoff artist has used it to clean out your bank-account or break into your workplace.
That's why cops use them, after all: it's nearly impossible to keep them to yourself, and once they're in the wild, they can be used against you.
http://boingboing.net/2013/09/12/why-fingerprints-make-lousy
No comments:
Post a Comment