[Ray III]

Tell that to Ryan Seacrest.

A BlackBerry's keyboard design is a trademark. There is nothing about Apple's fingerprint scanner that makes it recognizable as an Apple product were it to be removed from the device.

[slagman5]

Touch ID does not store an image of your fingerprint. The chip in the sensor converts your fingerprint into a hash that is stored for future comparison. So, nobody can acquire an image of your fingerprint from the process. My iPhone is pretty secure since it is always locked, now, when I'm not using it. Yes, I'm still vulnerable to all sorts of things being done to me when I'm fast asleep - I haven't been able to mitigate that risk.

If you can convert one way, you can convert the other. And nobody needs the actual fingerprint. Even when they use fingerprint identification they don't actually look at the print itself but a comparison of where the ends and gaps are in relation to each other. Either way, it's just a personal preference that I like to keep personal information limited on anything that is connected. Even if it's just a perception, that's how I'm more comfortable.

Posted without the aid of AutoCorrect with my physical keyboard via CB10

[arlene_t]

That would be nice. Maybe BlackBerry will do something different. An eye scanner! Lol how expensive woulf it become.

via Q10

[rajbir01]

It's been confirmed.

Posted via CB10

[early2bed]

Check out the latest Crackberry podcast to hear Kevin argue for about 10 minutes about how great Touch ID is (starting 29:30) and how he hopes the new trackpad will have something like it.

[gabbleratchet]

If you can convert one way, you can convert the other.

Actually, the hashing function is one-way. It's like a password hash, where it's mathematically impossible to recover the original password from the hash.

The real issues are: (1) do you trust that the company or companies that implemented the scanner tech aren't secretly storing your biometric data along with the hashed data - either by accident or design? and (2) do you trust that OS and the scanning software is bug-free, and can't be subverted by some malicious app?

Without access to the source code and schematics of the system, and without the expertise to understand the source code and schematics, you can't be 100% sure that your raw biometric data is secure.

As an analogy: It's perfectly reasonable to be wary of typing your password into a computer or phone, because there might be a keylogger running that is secretly storing your keystrokes.

Of course, we usually trust computers and phones enough to give them our passwords. And besides - if some malware does end up stealing one of our passwords, it's not the end of the world. We just change our password and move on.

But we have to be much, much more trusting of systems that read our biometric data, because it's much harder to change your fingerprints than it is to change your password.



Posted via CB10

[Prem WatsApp]

If you can convert one way, you can convert the other. And nobody needs the actual fingerprint. Even when they use fingerprint identification they don't actually look at the print itself but a comparison of where the ends and gaps are in relation to each other. Either way, it's just a personal preference that I like to keep personal information limited on anything that is connected. Even if it's just a perception, that's how I'm more comfortable.

Posted without the aid of AutoCorrect with my physical keyboard via CB10

Richard Stallman speaking here?

He's absolutely anti when it comes to a "network-able fingerprint scanner", to him this is absolute madness and the pinnacle of irresponsible tech behaviour.

I agree, I would NOT want a fingerprint scanner. If you know the algorithm, a hash can be recreated. Once you get a match, you're in.

Some hashing algorithms even have weaknesses, so you can't rule out an overlap, or same hash, different starting point. Hash collision. MD5 is pretty weak, sorry no info about the hashing algorithms Apple is using.

Any thoughts?

"No Q10?" -> "Buy from Chen... "

[Prem WatsApp]

Actually, the hashing function is one-way. It's like a password hash, where it's mathematically impossible to recover the original password from the hash.

The real issues are: (1) do you trust that the company or companies that implemented the scanner tech aren't secretly storing your biometric data along with the hashed data - either by accident or design? and (2) do you trust that OS and the scanning software is bug-free, and can't be subverted by some malicious app?

Without access to the source code and schematics of the system, and without the expertise to understand the source code and schematics, you can't be 100% sure that your raw biometric data is secure.

As an analogy: It's perfectly reasonable to be wary of typing your password into a computer or phone, because there might be a keylogger running that is secretly storing your keystrokes.

Of course, we usually trust computers and phones enough to give them our passwords. And besides - if some malware does end up stealing one of our passwords, it's not the end of the world. We just change our password and move on.

But we have to be much, much more trusting of systems that read our biometric data, because it's much harder to change your fingerprints than it is to change your password.



Posted via CB10

Hashes can be recreated, if you know the algorithm. Just enough input, for long enough time, and you will have a match. AMD GPU power ftw.

Also, hashes have weaknesses, like the infamous MD5 collisions. Different input, same hash output value.



"No Q10?" -> "Buy from Chen... "

[allwi]

Hopefully not. I don't want anything collecting my biometric data like retina scans, fingerprint scans, or anything like that unless it's something that isn't connected to any kind of network like a safe at home or something...

Posted without the aid of AutoCorrect with my physical keyboard via CB10

Huh?! Why not - i'm pretty sure the NSA or any other spy agency will tell you that I will protect you against terrorist attacks like 9/11.

[early2bed]

Touch ID stores the fingerprint hash physically on the chip in the home button. The chip is what stores the hash and notifies the OS of a match at unlock time. I would imagine it is pretty difficult to get information out of a chip that has been designed to never output it. It also wipes itself at a hard reset and has to be re-trained with the user fingerprint again.

I don't lose any sleep over who might be able to get through Touch ID. I do sleep better, though, knowing that my smartphone is always locked whenever I put it in my pocket. If your phone is more secure than mine is then I salute you but that also means you must be logging in 50 times per day.

[gabbleratchet]

Hashes can be recreated, if you know the algorithm. Just enough input, for long enough time, and you will have a match. AMD GPU power ftw.

Also, hashes have weaknesses, like the infamous MD5 collisions. Different input, same hash output value.

It's true that you rely on the implementators being competent and honest. I would hope that BlackBerry wouldn't be using MD5 for anything.

But I agree with you that every system has its weaknesses. And I personally would lean towards not trusting any system with my biometric data.

Posted via CB10

[Jerale]

I know this is an old thread but after doing some research I found a patent BlackBerry had back in 2004.





So it turns out BlackBerry already had a patent before Apple, Samsung, Lenovo, and Motorola. The patent is named "APPARATUS AND METHOD OF INPUT AND FINGER PRINT RECOGNITION ON A HANDHELD ELECTRONIC DEVICE".

Powered by my BlackBerry (Z10). Join my #BBM Channels C001227CF, C00476C37, C003829C9, C002454C9,C002190AC, C00120CE3

[jvinp]

Fingerprint scanners don't record fingerprints. They record data points between ridges and then compare those data points to what's on file. It all gets turned to numbers and if the device data is encrypted anyway, it's indecipherable.

Posted via CB10

[frrboom]

Blackberrys optical trackpad supplier has a biometric solution that is implemented in Pantech vega secret note and some Fujitsu devices. I have been wondering why we haven�t seen a fingerprint sensor in a BB phone.

[Mrisheq5]

What the hell does anyone need a finger scanner for? Let's not mock and walk behind Apple with this pointless innovation. If information is so valuable to where you need a fingerscanner to access it, it shouldn't be on your phone.

Posted via CB10

[deadcowboy]

What the hell does anyone need a finger scanner for? Let's not mock and walk behind Apple with this pointless innovation. If information is so valuable to where you need a fingerscanner to access it, it shouldn't be on your phone.

Posted via CB10

And now the Samsung GS5 has it, too. I think it'd be silly not to include it in the Q20. Why not hang with the big boys?

And fingerprints aren't really about supreme security so much as convenience, imo. And the iPhone 5s's implementation is very convenient.

As for sensitive information, what are you talking about? Loads of people have lots of sensitive information encrypted on their BlackBerry phones. It's just how business works, sometimes.

[RyanGermann]

There's no standard encoding for fingerprint data, is there? I mean, suppose someone gets the unencrypted "map" of my fingerprint off an iPhone... can they take that data and feed it to some other system that captures fingerprint data and gain access to another system that has my fingerprint on record? Isn't this worry about fingerprint-theft a bit overblown?

That said, I have no interest in using it, but it's not like it's just a PNG of my finger is it?

[deadcowboy]

There's no standard encoding for fingerprint data, is there? I mean, suppose someone gets the unencrypted "map" of my fingerprint off an iPhone... can they take that data and feed it to some other system that captures fingerprint data and gain access to another system that has my fingerprint on record? Isn't this worry about fingerprint-theft a bit overblown?

That said, I have no interest in using it, but it's not like it's just a PNG of my finger is it?

Very good point.