Follow

FBI Forced Suspect to Unlock His iPhoneX Through Face ID

engadget.com/2018/10/01/fbi-fa

This is why biometrics are NOT secure. Biometrics should be treated as a UserID, and NOT as a password

@matt
... Huh. Never thought of it that way. In my head, nothing sounded more secure than "literally only you can unlock it".

@hikaruaikawa Only your face or fingerprints can open your device.

Unfortunately, its relatively easy for someone else to have access to your face or fingerprints.

@matt
Yeah, that's the loophole I hadn't spotted yet.

@matt to get the true level of security we want though, we need another level of human interaction, trust and ethics. No amount of brilliant security can go around social engineering and government pressure on the highest level...

@matt Thank you for giving me another reason to go back to a flip phone when my current phone dies.

@matt 2 factor, something you know and something you have. Biometric can be the have.

@DistroJunkie @matt
Not exactly, but bio does work great in a multifactor auth scenario (1. Something you know, 2. Something you have, 3. Something you are), so you could, and ideally shoulx still have a hardware token of some sort for any secure environments. But unfortunately, the people making mobile devices don't seem to be nearly paranoid enough :/

Would love to see a laptop or something with 3+ factor auth in mind from the start

@architect @DistroJunkie Thats what I'm saying:

1. Something you know = Password
2. Something you have = 2FA token/device/thing
3. Something you are = Username/Biometric fingerprint

If your system does not allow #2, then biometrics should ALWAYS be #3 on this list, and NEVER #1

@architect @matt I said biometric could count as something you have but something like a yubikey or a password would be much better.

@matt

seriously.

as the quality of surveillance and digital photography improves, practically *anyone* can steal biometric data to unlock anything.

in China there is already a surveillance system that can capture the facial images from over 5 miles away.

biometric will be a godsend not just for the surveillance state but also for thieves and hackers.

@salixlucida

@matt
This makes sense.

Best kind of security is like a secret society: " in plain sight"? #freemasons

Or brick building , opsec?

Im sure its now possible to " steal a key" (physical metal key) via digital long range photography... In theory. I've never worked with those spooky agencies. So idk.

@QuantumHemp @salixlucida it's no theory. You can copy a key based off of a photo. So all you need is a good enough optical lens and you can make out a key at almost any distance (up to a point though, as physics will get in the way)

Sign in to participate in the conversation
LinuxRocks.Online

Linux geeks doing what Linux geeks do...