Finger Prints Are Not Passwords

MattSpeller

As I've long ranted and raved about, finger prints are your identity not a password. Some unfortunate Android owners are now finding out the hard way.

http://www.theregister.co.uk/2015/04/23/samsung_galaxy_s5_fingerprints/

To quote the article: You can change a password. You can change a PIN. Good luck changing your skin

scottalanmiller

@MattSpeller said:

To quote the article: You can change a password. You can change a PIN. Good luck changing your skin

But as long as we are talking about identity, does it matter than it leaks? A fingerprint is similar to your photo, your ID number, your voice, your heartbeat, your typing pattern, your username, pub key.... all things that we regularly allow to be public. I don't care who has those things (the police often take them by force anyway) because they ARE identity. What's the concern of your ID being in the public? It's already public in so many ways.

The only concern I can think of is services that don't require authentication and only require ID. Which is the same as a site only requiring a username and not a password.

MattSpeller

@scottalanmiller It's a concern when they're used as passwords

Edit: example: door locks, phone locks, car door locks (just you wait)

A Former User

It matters a lot when they can make replicas as well and make it look like you did something. That's why DNA based biometerics are even worse but, that's what the FBI/CJIS is pushing for.

scottalanmiller

@MattSpeller said:

@scottalanmiller It's a concern when they're used as passwords

Edit: example: door locks, phone locks, car door locks (just you wait)

Actually, none of that applies here. Here is what the article says:

Yulong Zhang and Tao Wei of FireEye say they have found a way to snatch the fingerprint scan when the user presses his or her finger against the phone: apparently, software running with system-level privileges and the TrustZone code both have access to the fingerprint sensor in the Samsung Galaxy S5.

This means malware that gains system permissions can read fingerprints straight off the sensor, we're told. A miscreant could present a fake lock screen, read the fingerprint sensor when the victim tries to unlock their device, and snatch a copy of the prints.

"If the attacker can break the kernel, although he cannot access the fingerprint data stored in the trusted zone, he can directly read the fingerprint sensor at any time," Zhang told infosec journalist Tom Fox-Brewster this week.

scottalanmiller

Now read that again but replace the word "password" for fingerprint and guess what - the same security vulnerability would impact passwords and create the same problem. The issue here is not that they got your fingerprint, but that the system vulnerability allowed ANY pass-system to be intercepted and replayed. That it is a fingerprint is inconsequential and, like everything coming out of the RSA conference, just pure hype. They add the "biometric" angle to get headlines. They leave out that the vulnerability would impact any security mechanism here.

A Former User

@scottalanmiller said:

Now read that again but replace the word "password" for fingerprint and guess what - the same security vulnerability

Passwords can be changed. No big deal.

scottalanmiller

@thecreativeone91 said:

It matters a lot when they can make replicas as well and make it look like you did something. That's why DNA based biometerics are even worse but, that's what the FBI/CJIS is pushing for.

In some ways that is true. But it becomes a game of getting the system to prove that it is the FINGER that is being used or that it knows a person is providing the DNA. Part of the issue here is that the SENSOR is not secure, not that the fingerprint is leaked. It's easy to jump to the conclusion that leaked fingerprints put us at risk, but that's not the risk. Your fingerprints are always out there, that has to be accepted. That's public data. It's that a system is set up to accept that but doesn't have a trust-worthy sensor that is the problem.

scottalanmiller

@thecreativeone91 said:

@scottalanmiller said:

Now read that again but replace the word "password" for fingerprint and guess what - the same security vulnerability

Passwords can be changed. No big deal.

Same deal. You can disable the use of biometrics if you know that they are compromised. The issue here is being able to shim inside the system. Once you can do that, the security game is over. Biometrics, passwords, whatever. Doesn't matter.

A Former User

@scottalanmiller said:

@thecreativeone91 said:

It matters a lot when they can make replicas as well and make it look like you did something. That's why DNA based biometerics are even worse but, that's what the FBI/CJIS is pushing for.

In some ways that is true. But it becomes a game of getting the system to prove that it is the FINGER that is being used or that it knows a person is providing the DNA. Part of the issue here is that the SENSOR is not secure, not that the fingerprint is leaked. It's easy to jump to the conclusion that leaked fingerprints put us at risk, but that's not the risk. Your fingerprints are always out there, that has to be accepted. That's public data. It's that a system is set up to accept that but doesn't have a trust-worthy sensor that is the problem.

It's not just using sensors though. You have to think about people using this data to frame people for crimes etc.

A Former User

@scottalanmiller said:

@thecreativeone91 said:

@scottalanmiller said:

Now read that again but replace the word "password" for fingerprint and guess what - the same security vulnerability

Passwords can be changed. No big deal.

Same deal. You can disable the use of biometrics if you know that they are compromised. The issue here is being able to shim inside the system. Once you can do that, the security game is over. Biometrics, passwords, whatever. Doesn't matter.

Yeah you go ahead and cut off your fingers, you can't change your finger prints. Disabling biometerics doesn't fix the stolen/compromised information.

scottalanmiller

@thecreativeone91 said:

It's not just using sensors though. You have to think about people using this data to frame people for crimes etc.

Still a matter of sensor trust. It's an identity. If you find fingerprints on a glass and claim that that means something (forensics) you are "trusting" an untrustworthy sensor. The issue is in trusting a sensor when you don't know what the source actually was.

scottalanmiller

@thecreativeone91 said:

@scottalanmiller said:

@thecreativeone91 said:

@scottalanmiller said:

Now read that again but replace the word "password" for fingerprint and guess what - the same security vulnerability

Passwords can be changed. No big deal.

Same deal. You can disable the use of biometrics if you know that they are compromised. The issue here is being able to shim inside the system. Once you can do that, the security game is over. Biometrics, passwords, whatever. Doesn't matter.

Yeah you go ahead and cut off your fingers, you can't change your finger prints. Disabling biometerics doesn't fix the stolen/compromised information.

How exactly does it not? If you have my fingerprints, how will you access my systems unless you have a shim already between the sensor and the security system that has to trust said sensor?

Give me an ACTUAL vulnerability here. I don't see one. I see a fear of identity being stolen, but the actual fear is in people trusting ID when there is no trustworthy sensor.

A Former User

@scottalanmiller said:

@thecreativeone91 said:

It's not just using sensors though. You have to think about people using this data to frame people for crimes etc.

Still a matter of sensor trust. It's an identity. If you find fingerprints on a glass and claim that that means something (forensics) you are "trusting" an untrustworthy sensor. The issue is in trusting a sensor when you don't know what the source actually was.

How is that Sensor trust? Pulling a physical print has nothing to do with the sensor.

scottalanmiller

@thecreativeone91 said:

How is that Sensor trust? Pulling a physical print has nothing to do with the sensor.

The pulling of the fingerprints is a manual (human process) sensor. They don't have a trust worthy process because they only look to see what prints remain but do not observe them get collected from end to end. So it is a non-trustworthy process. There is no observation, only forensics, which is not at all the same thing. We know WHOSE prints are there but not WHO put them there.

A Former User

@scottalanmiller said:

@thecreativeone91 said:

@scottalanmiller said:

@thecreativeone91 said:

@scottalanmiller said:

Now read that again but replace the word "password" for fingerprint and guess what - the same security vulnerability

Passwords can be changed. No big deal.

Same deal. You can disable the use of biometrics if you know that they are compromised. The issue here is being able to shim inside the system. Once you can do that, the security game is over. Biometrics, passwords, whatever. Doesn't matter.

Yeah you go ahead and cut off your fingers, you can't change your finger prints. Disabling biometerics doesn't fix the stolen/compromised information.

How exactly does it not? If you have my fingerprints, how will you access my systems unless you have a shim already between the sensor and the security system that has to trust said sensor?

Give me an ACTUAL vulnerability here. I don't see one. I see a fear of identity being stolen, but the actual fear is in people trusting ID when there is no trustworthy sensor.

Again, you are assuming the only place these will be used is on a sensor.

A Former User

@scottalanmiller said:

@thecreativeone91 said:

How is that Sensor trust? Pulling a physical print has nothing to do with the sensor.

The pulling of the fingerprints is a manual (human process) sensor. They don't have a trust worthy process because they only look to see what prints remain but do not observe them get collected from end to end. So it is a non-trustworthy process. There is no observation, only forensics, which is not at all the same thing. We know WHOSE prints are there but not WHO put them there.

Okay? You can't change how forensics works just because people want to use finger print readers.

MattSpeller

You're both technically correct

Sensor, password, whatever leaked there's an issue. My point is that passwords etc can be changed. Your identity shouldn't be used as a secure method of authenticating yourself to anything.

scottalanmiller

@thecreativeone91 said:

Again, you are assuming the only place these will be used is on a sensor.

What else are you intending? Your prints are public. That's a fact. You touch things all day long. That identity is out there. How many jobs require it?

Using fingerprints on your phone does not put you at more risk. If someone wants your prints, they will have your prints.

If your entire fear here is that people are going to use cool 3D printing technology to make fake finger print gloves and commit crimes, sure that's a problem, but that is one that exists and has nothing to do with the fear in this article and is purely a concern around criminal investigation departments using fingerprints via a non-trustworthy collection process (sensor) and making binding assumptions based on that untrustworthy information. It's a concern around an edge case with police departments and I don't see any connection to the concern in the article around fingerprints being "stolen".

scottalanmiller

@thecreativeone91 said:

@scottalanmiller said:

@thecreativeone91 said:

@scottalanmiller said:

@thecreativeone91 said:

@scottalanmiller said:

Now read that again but replace the word "password" for fingerprint and guess what - the same security vulnerability

Passwords can be changed. No big deal.

Same deal. You can disable the use of biometrics if you know that they are compromised. The issue here is being able to shim inside the system. Once you can do that, the security game is over. Biometrics, passwords, whatever. Doesn't matter.

Yeah you go ahead and cut off your fingers, you can't change your finger prints. Disabling biometerics doesn't fix the stolen/compromised information.

How exactly does it not? If you have my fingerprints, how will you access my systems unless you have a shim already between the sensor and the security system that has to trust said sensor?

Give me an ACTUAL vulnerability here. I don't see one. I see a fear of identity being stolen, but the actual fear is in people trusting ID when there is no trustworthy sensor.

Again, you are assuming the only place these will be used is on a sensor.

No, I'm assuming your prints are public. I want an example of what you are concerned about. If you have my prints, you can't use them to access anything, anywhere. Sure, you could, in theory, set up new accounts somewhere and claim to be me, but since my fingerprints don't give you access to anything of mine, you are no different than if we had a password collision. Doesn't impact me in any way.