Is biometric security a step too far?

Caporegime
Joined
26 Dec 2003
Posts
25,666
Murdered Russian scientist is found naked with thumb hacked off by killer ‘who wanted to use it to access her phone'
https://www.dailymail.co.uk/news/ar...ked-ex-boyfriend-wanted-use-access-phone.html

Ok granted, she was reportedly already dead but imagine a future where fingerprints and/or iris scans are the normal and used to access everything from your front door, your car and your bank account, or perhaps even people are implanted with microchips.

We're told it's super safe because your biometric data or micro chips are unique to you but criminals will naturally evolve and rather than holding you at knife-point and demanding your pin number they'll instead just chop your finger off or gauge your eye out. I think I would rather just have a bit of money stolen than be mutilated on top of it so is it a step too far?
 
Caporegime
Joined
22 Nov 2005
Posts
45,169
too many movies and tv shows told me they will just pop your eye out and wave it at the sensor.

technically you have some bargaining power when it's in your memory and not a physical item they can simply take with them
 
Capodecina
Soldato
Joined
1 Aug 2005
Posts
20,001
Location
Flatland
or perhaps even people are implanted with microchips

What do you mean "perhaps even"? This is already happening and has been for years. It's particularly popular in Sweden.

EDIT: I haven't really answered the question in the OP. Is it too far? I personally believe it is, but I also think that it's the way the world will go and everyone will be chipped one day.

Consider smartphones. Everyone knows that they track your movements, listen to what you say and that your SMSs are all stored. People even PAY to have an Amazon Alexa in their homes. But hardly anyone cares.

In order for there to be a great uptake on chips, they would have to provide something awesome to interest people en masse. And they will. 'They' will think of something.
 
Last edited:
Soldato
Joined
22 Feb 2010
Posts
5,102
Location
Southampton
Iris degrades after about a day to unusable levels
Most capacitive fingerprint scanners require being attached to the person to complete the circuit, they don't work on non living objects

lots of devices have "liveness detection" as well which helps

its up to you if you give up your password or lose an eye - but if someone is happy to just kill you outright then how they get on your phone is probably less of a concern
 
Last edited:
Soldato
Joined
22 Nov 2006
Posts
23,304
Biometrics arent even that secure. Which is why no secure areas in government buildings use them. Its all hefty mechanical locks.
 
Soldato
Joined
13 May 2003
Posts
8,833
Isn't the problem that they can be spoofed, the device can be given the correct signal based on your biometrics once captured (somehow) and then you can never change them. My password gets hacked, bummer, change it. My face or iris get cloned (digital signature wise) and short of surgery you can't change them. Imagine someone setting up a fingerprint harvesting scam so they can then start selling them to hackers.
 
Soldato
Joined
22 Nov 2006
Posts
23,304
Fingerprint scanners are pretty easy to fool. Especially when you can find valid prints on the screen :p

Sometimes you can use a bit of tape or something, push down on the print which is already there and it will just open.
 
Capodecina
Soldato
Joined
1 Aug 2005
Posts
20,001
Location
Flatland
Your only bargaining power is disclosing the data before I torture/beat it out of you anyway.

The "$5 wrench" cartoon from XKCD is completely true. You can have all the security you want, but if you're on the other end of an interrogation, it doesn't even have to be violent, you'll give up your passwords.

That said, you will only end up on the receiving end of an interrogation or $5 wrench in very rare and specific cases. For most people, they can consider their data secure during a hack or theft if protected well enough.
 
Soldato
Joined
11 Sep 2013
Posts
12,300
That said, you will only end up on the receiving end of an interrogation or $5 wrench in very rare and specific cases. For most people, they can consider their data secure during a hack or theft if protected well enough.
I'm thinking about the sort of person who would hack a thumb off to get into your phone, as well as parts of the world where gangs will happily carve you up with a machete and video it for future reference. People these days get shot dead over pairs of trainers, FFS...
 
Soldato
Joined
22 Feb 2010
Posts
5,102
Location
Southampton
Isn't the problem that they can be spoofed, the device can be given the correct signal based on your biometrics once captured (somehow) and then you can never change them. My password gets hacked, bummer, change it. My face or iris get cloned (digital signature wise) and short of surgery you can't change them. Imagine someone setting up a fingerprint harvesting scam so they can then start selling them to hackers.

I attended an interesting seminar about this a few years ago,
When you use in app biometric matching on your phone, the app doesn't get your fingerprint, the phone has it (encrypted, TEE / TPM etc) and the app interfaces with android / apple API's to authenticate against it, your biometrics don't go anywhere
The TEE / TPM etc. is I suppose "hackable" in the future *shrug*

most of the "spoofed" biometric fingerprint entry systems are crappy cheap optical ones, most modern devices have better liveness techniques

The main reason they are not used to secure government buildings etc. is the large cost compared with pin locks / keycard systems etc, plus anything biometric or personal data related scares the bejeesus out of many people
 
Associate
Joined
8 Jul 2005
Posts
1,575
THe touch sensor on my new mac laptop and ipad consistently forgets my fingerprint, my Xiaomi on the other hand never does. Seems its still not quite as easy as they would have you think
 
Back
Top Bottom