Reader Comments

Subscribe: RSS

View by: Time | Thread

1. 

   Rex Rollman, 3 Apr 2017 @ 5:46pm

   
   

   What it comes down to, for me, is: can it be used if you are unconscious? Both face and fingerprint recognition can; meaning that it is a convenience feature and not a security feature.
   
   No thank you.

   [ reply to this | link to this | view in thread ]

2. 

   OldMugwump (profile), 3 Apr 2017 @ 6:13pm

   
   

   Re: convenience feature and not a security feature

   As with all things security, it depends on how much security you need, the consequences of failure, and who your opponent is.
   
   There are lots of things for which minimal security is fine - when a breach involves minor consequences you can easily live with.
   
   For other things you need more security. If your phone can transfer away your life savings, for example.
   
   And if your opponent is the NSA you need stronger security than if it's the nosy guy in the next cube at work.
   
   Nobody should expect a single level of security to be right for everyone, or for everything.
   
   Stronger security has costs that you don't want to pay for trivial gains.

   [ reply to this | link to this | view in thread ]

3. 

   Anonymous Coward, 3 Apr 2017 @ 6:26pm

   
   

   I don't know why people expect these commodity electronics companies to be concerned with security and fail to see these for what they truly are, gimmicks.

   [ reply to this | link to this | view in thread ]

4. 

   Anonymous Coward, 3 Apr 2017 @ 6:27pm

   
   

   At least the phone doesn't explode. That's gotta count for something.

   [ reply to this | link to this | view in thread ]

5. 

   Anonymous Coward, 3 Apr 2017 @ 6:29pm

   
   

   >Maybe it would be best to table this security feature until it's, you know, secure.
   
   In the absence of a threat model, the word secure has no meaning. Not everyone requires bars outside their windows.
   
   If you lost your phone on the street, it's highly unlikely a thief would also happen to have a picture of you to defeat this system.

   [ reply to this | link to this | view in thread ]

6. 

   Anonymous Coward, 3 Apr 2017 @ 6:31pm

   
   

   Biometrics are not security, they're convenience!

   [ reply to this | link to this | view in thread ]

7. 

   Anonymous Coward, 3 Apr 2017 @ 6:31pm

   
   

   Re: Re: convenience feature and not a security feature

   Unless the nosy guy in the next cubicle works for the NSA. But then, if he works for the NSA, he's probably working *in* the NSA's buildings, which means that you're working in the NSA's buildings, which means that *you* also work for the NSA, which means that you must have the strongest possible encryption against your own access.
   
   Ok, that's done it. My head's exploded.

   [ reply to this | link to this | view in thread ]

8. 

   timmaguire42 (profile), 3 Apr 2017 @ 6:42pm

   
   

   All biometric security suffers from the same fatal flaw--no matter how hard it is to steal or fake, once done, you're done.
   
   You can change your password, but good luck changing your fingerprints, your iris, your face.

   [ reply to this | link to this | view in thread ]

9. 

   rasz_pl, 3 Apr 2017 @ 7:45pm

   
   

   iphone fingerprint reader can be defeated with a XERO/print of a fingerprint, and still millions of idio^^consumers use it

   [ reply to this | link to this | view in thread ]

10. 

    K`Tetch (profile), 3 Apr 2017 @ 8:39pm

    
    

    I used the facial recognition for a while on my galaxy tab 3 7.0
    
    My (then) 11-yo daughter could unlock it half the time by looking at it.
    
    Sure people say "you spit her out" to me, BUT ANDROID SHOULDN'T BE SAYING THAT!

    [ reply to this | link to this | view in thread ]

11. 

    Eldakka (profile), 3 Apr 2017 @ 8:53pm

    
    

    Re: Re: Re: convenience feature and not a security feature

    Ok, that's done it. My head's exploded.

    That level of security is a bit excessive don't you think?

    [ reply to this | link to this | view in thread ]

12. 

    Eldakka (profile), 3 Apr 2017 @ 8:55pm

    
    

    Re:

    I don't know, a remote explode sounds like a good security measure.

    [ reply to this | link to this | view in thread ]

13. 

    orbitalinsertion (profile), 3 Apr 2017 @ 9:05pm

    
    

    Well, once it is secure, the governments will want a backdoor to your face.

    [ reply to this | link to this | view in thread ]

14. 

    orbitalinsertion (profile), 3 Apr 2017 @ 9:07pm

    
    

    Re: Re: Re: Re: convenience feature and not a security feature

    Yeah, just the phone maybe. Oh wait, they already do that.

    [ reply to this | link to this | view in thread ]

15. 

    Anonymous Coward, 3 Apr 2017 @ 9:17pm

    
    

    The government and various LEO's would love for these easily defeated biometric "security" features to be the standard on all phones. No need to go to court or try to force someone to open the phone at the border or wherever, they can just show the phone your picture and they're in. These kinds of things just shouldn't be used for security or at the very least it shouldn't be the sole step for any security.

    [ reply to this | link to this | view in thread ]

16. 

    That Anonymous Coward (profile), 3 Apr 2017 @ 9:21pm

    
    

    I wondered where all of those IoT security engineers landed after they got fired from their last job securing things...

    [ reply to this | link to this | view in thread ]

17. 

    Anonymous Coward, 3 Apr 2017 @ 10:50pm

    
    

    gimmicks

    my thought to the letter.

    [ reply to this | link to this | view in thread ]

18. 

    Anonymous Coward, 3 Apr 2017 @ 11:03pm

    
    

    It's the same (or worse) in windows.

    Friend of mine showed me his cool facial recognition login on his Lenovo, I opened my phone, selected his phonebook entry which thanks to his google profile had his face on it and used it to log into his laptop.
    
    He was kinda pissed. I laughed.

    [ reply to this | link to this | view in thread ]

19. 

    Anonymous Coward, 3 Apr 2017 @ 11:04pm

    
    

    Re:

    He will if it's on your google profile.

    [ reply to this | link to this | view in thread ]

20. 

    TKnarr (profile), 3 Apr 2017 @ 11:44pm

    
    

    I'd like a variant of two-factor: my fingerprint can unlock the phone alone while connected to my headset or PC via Bluetooth, otherwise it requires the PIN or password in addition to the fingerprint.
    
    To be nasty, let it ask for the PIN/password regardless of what fingerprint it scanned but too many failed PIN/password attempts with the wrong fingerprint presented would lock out all further attempts.

    [ reply to this | link to this | view in thread ]

21. 

    Anonymous Coward, 3 Apr 2017 @ 11:55pm

    
    

    Probably reason for this./

    How do you get lots of faces to test such software with, why by using photographs.

    [ reply to this | link to this | view in thread ]

22. 

    Bergman (profile), 4 Apr 2017 @ 2:56am

    
    

    Re: Re: Re: Re: convenience feature and not a security feature

    Burn all documents before reading, shoot yourself before discovering something secret?
    
    Sounds about right.

    [ reply to this | link to this | view in thread ]

23. 

    Yes, I know I'm commenting anonymously, 4 Apr 2017 @ 3:59am

    
    

    As Bruce Schneier mentioned on his blog: biometrics are equivalent to user names, not passwords.
    If implemented correctly, after the facial recognition, the phone should ask for a password.
    It could even keep checking and close down again when a new face appears.

    [ reply to this | link to this | view in thread ]

24. 

    DannyB (profile), 4 Apr 2017 @ 5:46am

    
    

    Re:

    Dear Mr. Comey,
    
    The brightest minds in our police department have discovered an amazing, incredible hack. As you know, once a suspect is arrested for resisting arrest, their mugshot is normally taken. Most police departments have someone of sufficient technical skill and capability who are able to somehow use the mugshot to unlock the suspect's phone. That enables the phone to be searched to provide additional basis for the the arrest.
    
    Just thought you would like to know. The federal government may be able to find people skilled enough to use this same sophisticated technique.
    
    Sincerely,
    
    Chief Donut Eater

    [ reply to this | link to this | view in thread ]

25. 

    peter, 4 Apr 2017 @ 5:57am

    
    

    NSA's detailed instructions to exploit

    SECRET.
    
    Not for release to the general public as criminal elements may learn and use the exploit.
    
    Step 1 - hold phone in front of owner
    Step 2 - Er...nope. Thats about it.

    [ reply to this | link to this | view in thread ]

26. 

    Anonymous Coward, 4 Apr 2017 @ 6:13am

    
    

    Why is it so hard for companies to get this right. Bio metrics should be replacing USERNAMES not passwords. So then suddenly the phone will not unlock without seeing your face and having a passcode. This makes it so the trivial picture trick isn't that important while at the same time making it more of a pain for someone to get into your phone.

    [ reply to this | link to this | view in thread ]

27. 

    AnonJr (profile), 4 Apr 2017 @ 6:14am

    
    

    Worth Considering

    Samsung, to its credit, doesn't allow facial recognition to authorize Samsung purchases. If it's not good enough for that, why should it be good enough to serve as a locking mechanism for the phone at all? Other locks, including other biometric locks, perform far better. Maybe it would be best to table this security feature until it's, you know, secure.

    While I agree that it's good that Samsung isn't allowing this sort of authentication for financial transactions, I'm not sure we should go so far as to say "don't use it".

    Don't forget, it wasn't that long ago that fingerprint scanners were quite the joke. (and to a lesser extent, still can be)

    It's going to take time in the real world to refine the techniques for these sorts of systems. You can only do so much in the controlled lab settings, and only a small bit more with in-house testing.

    That said, you would think they would have known that someone was going to try the photo thing... it's not like that's a new workaround for facial recognition.

    [ reply to this | link to this | view in thread ]

28. 

    Anonymous Coward, 4 Apr 2017 @ 6:23am

    
    

    Re:

    Why is it so hard for companies to get this right.

    If you had ever tried discussing technical issues with a n MBA qualified manager, you would know the answer.

    [ reply to this | link to this | view in thread ]

29. 

    Anonymous Coward, 4 Apr 2017 @ 7:18am

    
    

    Re:

    How do you know? It hasn't even been released to the public yet. Not like the Note 7 started exploding right off the bat. Have to give it at least a month after it's on sale to the public which is still a couple weeks away.

    [ reply to this | link to this | view in thread ]

30. 

    Michael, 4 Apr 2017 @ 7:26am

    
    

    Re:

    They already have everyone's backdoor.
    
    It's called taxes.

    [ reply to this | link to this | view in thread ]

31. 

    Bamboo Harvester (profile), 4 Apr 2017 @ 7:46am

    
    

    Re: Re: Re: convenience feature and not a security feature

    That's not so far fetched. If you have a security clearance, you often don't have *enough* clearance to read your own personnel file.
    
    Yeah, I know....

    [ reply to this | link to this | view in thread ]

32. 

    DebbyS, 4 Apr 2017 @ 7:49am

    
    

    Funny face

    I don't have a cell phone (well, I have a tiny Posh to play mp3s), so I don't know about facial recognition software. Could the phone's owner simply have the phone imprint (so to speak) on the owner making a funny face (sticks tongue out, crosses eyes/closes one eye, looks 3/4 profile at phone, holds hand over half of face, etc.)? Would then a normal picture (or holding phone to owner in a line up) then NOT work to unlock the phone? Just curious.

    [ reply to this | link to this | view in thread ]

33. 

    Cdaragorn (profile), 4 Apr 2017 @ 9:52am

    
    

    Re:

    Exactly. The security world needs to give up on biometrics. As flawed as passwords are, biometrics are NOT better.
    
    The very fact that you cannot change your biometrics breaks one of the basic requirements of security. To say nothing of the fact that anyone can grab them from you without needing your help in any way.

    [ reply to this | link to this | view in thread ]

34. 

    Anonymous Coward, 4 Apr 2017 @ 9:52am

    
    

    Re: Re: Re: convenience feature and not a security feature

    if he works for the NSA, he's probably working in the NSA's buildings

    You're not paranoid enough. We should assume they have moles working for companies with "interesting" data.

    [ reply to this | link to this | view in thread ]

35. 

    Anonymous Coward, 4 Apr 2017 @ 9:55am

    
    

    Re: Re: Re: convenience feature and not a security feature

    "if he works for the NSA, he's probably working *in* the NSA's buildings"
    
    Ummm... no, he could work at the Geek Squad, UPS, ANYWHERE.

    [ reply to this | link to this | view in thread ]

36. 

    Cdaragorn (profile), 4 Apr 2017 @ 9:56am

    
    

    Re:

    I just want to make it so using my fingerprint instantly locks out the phone and double encrypts the data on it.

    [ reply to this | link to this | view in thread ]

37. 

    Anonymous Coward, 4 Apr 2017 @ 9:59am

    
    

    Re: Re:

    Biometrics actually would work well as a user identifier. Just also require a password. I lot more inconvenient to hack an account if you need both biometric information as well as a password.

    [ reply to this | link to this | view in thread ]

38. 

    Cdaragorn (profile), 4 Apr 2017 @ 10:01am

    
    

    Re: Funny face

    That would require too detailed a case to work. Basically, it would make it almost impossible for the person to ever unlock their phone again because they'd have to get that exact facial expression exactly right the second time, which is next to impossible for any person to do.
    
    Facial recognition attempts to analyze several generic data points to tell if it's likely the same face looking back at it. This actually describes part of the problem with biometrics. You never get 100% match accuracy, so you're always guessing and accepting some degree of inaccuracy.

    [ reply to this | link to this | view in thread ]

39. 

    Anonymous Coward, 4 Apr 2017 @ 11:16am

    
    

    what good is it?

    It is a great feature for law enforcement and intelligence officers.

    [ reply to this | link to this | view in thread ]

40. 

    Anonymous Coward, 4 Apr 2017 @ 11:49am

    
    

    Re:

    Probably because for Millions of consumers the threat of someone lifting their fingerprint or finding a photograph with enough detail, printing it out using conductive ink is far lower than someone breaking in using their cleverly devised 4 digit PIN.

    [ reply to this | link to this | view in thread ]

41. 

    Digitari, 4 Apr 2017 @ 2:40pm

    
    

    Re: Re: Re: Re: convenience feature and not a security feature

    or like in my case you only can read a "Portion" of the file for logging purposes, you have the entire file but only can read the "Headers", to keep a log of said file. (date of file, from:, To:, and subject)

    [ reply to this | link to this | view in thread ]

42. 

    Digitari, 4 Apr 2017 @ 2:41pm

    
    

    Re: Re: Re: Re: convenience feature and not a security feature

    the the Geek Squad......

    [ reply to this | link to this | view in thread ]

43. 

    Digitari, 4 Apr 2017 @ 2:56pm

    
    

    the answer....

    DNA blood testing with facial recognition with 8 number pin, by the time you get your phone open you will forget who you were going to call. think of the data savings :)

    [ reply to this | link to this | view in thread ]

44. 

    Psilax (profile), 4 Apr 2017 @ 3:26pm

    
    

    Re: convenience vs security

    I'm with you, but it does depend on your threat model. At home, the primary threat to my phone is my horrible, attentive, shoulder-surfing kids who invariably work out every digital passcode after watching me for a few weeks. Fingerprint unlock is perfect for this scenario. At the US border, not so much. That's a time to depend on a passcode locked inside my head.

    [ reply to this | link to this | view in thread ]

45. 

    AEIO_ (profile), 4 Apr 2017 @ 8:17pm

    
    

    Re:

    "...can it be used if you are unconscious? "
    
    But most of the population is unconscious. Or at least unthinking, which is the same thing.

    [ reply to this | link to this | view in thread ]

46. 

    AEIO_ (profile), 4 Apr 2017 @ 8:23pm

    
    

    Re:

    "You can change your password, but good luck changing your fingerprints, your iris, your face."

    That's what reincarnation is for. Just hope they don't wipe your mind in the process -- I don't think they've quite got the process down yet.

    (1) http://people.com/books/meet-the-boy-who-believes-he-was-lou-gehrig-in-a-past-life-his-mom-is-convin ced-too/ --- because if you can't convince your mom, you're sure not going to convince anyone else.

    [ reply to this | link to this | view in thread ]

47. 

    The Wanderer (profile), 5 Apr 2017 @ 6:51am

    
    

    Re: Re: convenience vs security

    That's why the correct solution is to use both.

    In fact, that points back to one of the key things people keep saying (and other people seem to miss) about this: biometrics make excellent replacements for usernames, but very poor replacements for passwords.

    Require face- or fingerprint-recognition before the device asks for the passcode, then require the passcode before the device actually becomes unlocked. Slightly less convenient than either alone, but aside from that, more or less the best of both worlds.

    [ reply to this | link to this | view in thread ]

48. 

    Lady Gwyneth (profile), 6 Apr 2017 @ 8:40am

    
    

    They're not. Those cameras on stoplights that use these types of technologies (I assume) had her speeding in a state across the country that she'd never been to before.

    [ reply to this | link to this | view in thread ]

49. 

    Jamie, 11 Apr 2017 @ 8:27pm

    
    

    Re: It's the same (or worse) in windows.

    The facial recognition built into Windows 10 ("Windows Hello") is really quite good. It requires a 3D camera system that can detect depth, and cannot be defeated by a 2D photo or video. However, the number of laptops/tablets out there that have this hardware is pretty small.
    
    It's quite possible that your friend's laptop is running Lenovo's Veriface software, which only requires a 2D camera. The lack of depth sensing makes it much easier to fool. Similarly, Dell laptops use SensibleVision's FastAccess software, which has the same limitations.

    [ reply to this | link to this | view in thread ]

50. 

    Concerned consumer, 10 Sep 2017 @ 6:36am

    
    

    With iPhone 8 on verge of release, this subject is extremely relevant and I hope it's revisited. Why wouldn't a mugger, violent criminal, or even law enforcement simply point the confiscated phone at the owner's face? The owner may not be in control of their own phone at the time, they may be victimized, beat down, or subdued in some way. Criminals may become more brazen, knowing they can immediately unlock the victim's phone at the point of confiscation. I prefer to keep my security sourced from the inside of my head, not what's on the outside of it.

    [ reply to this | link to this | view in thread ]

Add Your Comment