Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> A malicious sensor could, hypothetically, steal fingerprints from an iPhone user unknowingly. This could be used to unlock the phone and make purchases through Apple Pay without the owner's permission.

Why in the hell would anyone bother with this, if it's trivial to get persons fingerprints and reproduce them to unlock the device ? [1] Even if you lack the touch ID, the device is still encrypted by the PIN and is functioning (and is secure) normally without it.

Either it's really over-engineered or is what it is - scare tactic to bring people to Apple repair centers.

I wish they'd use rather this media attention to inform the public that fingerprint authentication isn't there for security, but conveniency first. Apple Pay would function just fine without it. But would it have it's appeal of easy payment ? Probably not.

[1] https://www.youtube.com/watch?v=2u4ZLGsw1zo



I'm not sure it was over-engineered. Recall when Touch ID was introduced there was huge media backlash: Apple is stealing our fingerprints, how do we know there isn't an NSA backdoor to the fingerprint storage, and so on.

The Secure Enclave system was set up exactly to counter those concerns.

Interestingly, when other phone vendors later implemented fingerprint unlocking there was far less outrage. Even when the fingerprint images themselves were found as unencrypted raster images on device storage.


I think it is definitely over-engineered. If it is a scare tactic to bring people to Apple repair centers why isn't this happening with other Apple products?


Oh you mean apart from all the glue and solder, non-replaceable batteries and the like?


Not sure if I understood you correctly but replacing batteries yourself in your Macbook does definitely void warranty but does not brick the device.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: