02-08-15 07:45 PM
61 123
tools
  1. BBPandy's Avatar
    I remember when "Touch ID" first came out. Apple assured everyone that it was safe because your fingerprint never leaves the device. They denied claims by their critics that they wanted to build a massive fingerprint database like their current massive CC database.

    Now we see them working on a system where any store can scan your fingerprint, and charge you for your merchandise using the iCloud. So much for all those claims/lies that they were not going to do this.

    It just shows you, you can't believe a thing Apple ever says

    Apple wants your fingerprints in the cloud ? The Register
    Andy_bb_king and TheAuthority like this.
    01-16-15 01:13 PM
  2. Ment's Avatar
    It wouldn't be your actual fingerprint its a hash.

    Touch ID doesn't store any images of your fingerprint. It stores only a mathematical representation of your fingerprint. It isn't possible for someone to reverse engineer your actual fingerprint image from this mathematical representation.
    That hash is what would be stored in the cloud instead where it is now in the Secure Enclave of the Iphone. If the hash is compromised then a new one would have to be created. I imagine if a cloud breach took place that Apple would send a notification to every Iphone to setup Touch ID again.
    01-16-15 01:32 PM
  3. Tkarps's Avatar
    It wouldn't be your actual fingerprint its a hash.


    That hash is what would be stored in the cloud instead where it is now in the Secure Enclave of the Iphone. If the hash is compromised then a new one would have to be created. I imagine if a cloud breach took place that Apple would send a notification to every Iphone to setup Touch ID again.
    Not sure about all of this. If A=B doesn't B also equal A. Finger print is equal to hash. If hash gets hacked in some way can you not get an image from it?

    The finger print itself, which is a copy of your physical print, is equal to that hash. The only way to get a new hash is to modify the math used to create it. In both cases if you crack the math you should be able to get an image out of it.

    Not saying this can happen but simply putting it out there for discussion .

    Tim



    Posted via CB10
    01-16-15 02:09 PM
  4. GoJaysGo's Avatar
    It's amazing how much finger-pointing (pun intended) you're accusing Apple of based on only a patent. When this is announced at the next WWDC, then you can spew about it.
    01-16-15 02:13 PM
  5. Eric Ton's Avatar
    It's amazing how much finger-pointing (pun intended) you're accusing Apple of based on only a patent. When this is announced at the next WWDC, then you can spew about it.
    If you havent notice, some members here hate Apple with a fashion, on the hand we have people here complain about BB bashing, lol
    sentimentGX4 likes this.
    01-16-15 02:18 PM
  6. Ment's Avatar
    Not sure about all of this. If A=B doesn't B also equal A. Finger print is equal to hash. If hash gets hacked in some way can you not get an image from it?

    The finger print itself, which is a copy of your physical print, is equal to that hash. The only way to get a new hash is to modify the math used to create it. In both cases if you crack the math you should be able to get an image out of it.

    Not saying this can happen but simply putting it out there for discussion .

    Tim



    Posted via CB10
    We don't know whats in the data that creates the hash, it would be smart to include a variable that Apple controls but could still be unique to the user, some mash of the IMEI and data in an app for example. So if the hash is compromised Apple updates app data and Touch ID setup is done again. I'm not a security researcher but creating new hashes from static and variable data is an old concept.
    01-16-15 02:18 PM
  7. whatsever's Avatar
    the fun part is that your finger print will be used also to pay stuff with apple pay and where you think where this all will land. Yes it will be there also in the icloud. So there you have it

    O, that's not all , because there is also exchange of information what you buy and how much and where and what. Itls all for your onw benefit. It will not be there on your Phone but Yes in the cloud also and with others.
    Apple wants your fingerprints-screen-shot-2015-01-15-11.31.43.jpg
    People thinking android is Malware , I'm glad using Blacberry 10.
    Andy_bb_king and Alvin Loh like this.
    01-16-15 02:34 PM
  8. MmmHmm's Avatar
    FUD
    01-16-15 02:59 PM
  9. BBPandy's Avatar
    If you havent notice, some members here hate Apple with a fashion, on the hand we have people here complain about BB bashing, lol
    It's got nothing to do with my thoughts for or against Apple. It's got to do with people predicting this ages ago, and Apple out right denying it, while quietly working on it.


    As for my views on Apple. I don't trust them, and I don't like them. The corporation, not the products. They do make some great stuff, but they also make a lot of crap & claim that it's great innovative stuff. I also haven't forgiven them for breaking wifi on my 4S with their OS7 update & then telling me to fix the problem by buying a new iPhone (apparently it was only a few hundred thousand people affected. Not enough for them to do anything about it)

    Posted via CB10
    01-16-15 06:01 PM
  10. jmr1015's Avatar
    01-16-15 06:09 PM
  11. cbvinh's Avatar
    Not sure about all of this. If A=B doesn't B also equal A. Finger print is equal to hash. If hash gets hacked in some way can you not get an image from it?

    The finger print itself, which is a copy of your physical print, is equal to that hash. The only way to get a new hash is to modify the math used to create it. In both cases if you crack the math you should be able to get an image out of it.

    Not saying this can happen but simply putting it out there for discussion .

    Tim
    The "image" you're likely to get, if at all from a hash, is a series of dots, and perhaps lines and curves, which is a simplified version of the actual real fingerprint. The question will be if you can reconstruct a real finger print from that data so that the resulting simplified version matches so that the hash will be the same.
    01-16-15 06:33 PM
  12. Prem WatsApp's Avatar
    Yeah, pull the Revelation 13:16 card... ;-)

    I'm waiting for a few real creepy payment systems to pop up. Convenience wins, right..? This one already is enough for me. My fingerprint is private, I'm not a criminal and I wouldn't support any payment system storing, using and transmitting it into the cloud, left alone the iCloud...

      2015 - already in full swing - berry good ...  
    01-17-15 02:58 AM
  13. Prem WatsApp's Avatar
    The "image" you're likely to get, if at all from a hash, is a series of dots, and perhaps lines and curves, which is a simplified version of the actual real fingerprint. The question will be if you can reconstruct a real finger print from that data so that the resulting simplified version matches so that the hash will be the same.
    Question is,
    Is it a one-way hash, or is it reversible...?

    And if (not), for how long will it be secure until someone cracks or finds the algorithm...? *eek* 8-o

      2015 - already in full swing - berry good ...  
    01-17-15 03:02 AM
  14. BBPandy's Avatar
    Who needs to crack the hash algorithm? Don't forget this system would rely on finger scanning terminals in all the stores. They can just skim your fingerprints right in the store just like they do with your bank card. Except unlike your bank card, you can't get issued new fingerprints

    Posted via CB10
    01-17-15 03:14 AM
  15. gvs1341's Avatar
    With every major tech company:
    1. Trying to remain one step ahead of each other...
    2. While adding more convenience...
    3. And more security to tackle the crooks...

    Soon we'll be having mobile devices with those DNA cheek swabs being converted to encrypted digital hash algorithms stored in secure clouds!!!

    CB10 @ Q5
    01-17-15 03:46 AM
  16. EnchantedBB's Avatar
    Might consider this technology once they are able to support elbow print. In the meantime, cash or credit card that is.
    01-17-15 06:20 AM
  17. Tkarps's Avatar
    We don't know whats in the data that creates the hash, it would be smart to include a variable that Apple controls but could still be unique to the user, some mash of the IMEI and data in an app for example. So if the hash is compromised Apple updates app data and Touch ID setup is done again. I'm not a security researcher but creating new hashes from static and variable data is an old concept.
    My limited understanding / common sense tells me that everything is based on the math. Static or not there is some formula that takes you from image to hash. If you can go one way you should be able to go the other way also. The only thing the variable does is make it harder and perhaps there are now 2 formulas that have to be determined before the image can be recreated.

    Don't get me wrong, the likelihood of this happening is slim, but for the sake of conversation I would think it is possible.

    Tim

    Posted via CB10
    tuxedo323 likes this.
    01-17-15 06:47 AM
  18. DenverRalphy's Avatar
    Static or not there is some formula that takes you from image to hash. If you can go one way you should be able to go the other way also.
    If that were indeed the case, Public/Secret key pair encryption would be completely useless. Which would turn the encryption industry upside down.

    In very basic terms using the expressions used in this thread... the hash would be the public key good for nothing but encrypting data. It would still require the information from the secret key (the fingerprint) which contains the essential variables to decrypt the data.
    01-17-15 08:20 AM
  19. early2bed's Avatar
    If the hash were to use not use a part of the fingerprint like the very center, then you would never be able to generate a complete fingerprint from the hash. It's not A equals B, it's a is a subset of B.
    01-17-15 08:38 AM
  20. Tkarps's Avatar
    If that were indeed the case, Public/Secret key pair encryption would be completely useless. Which would turn the encryption industry upside down.

    In very basic terms using the expressions used in this thread... the hash would be the public key good for nothing but encrypting data. It would still require the information from the secret key (the fingerprint) which contains the essential variables to decrypt the data.
    Now it's getting interesting.

    My understanding of all electronic components is the same. It doesn't matter what it is, at the very core it all boils down to a sequence of 1's and 0's.

    If the hash is only half of the required sequence of 1's and 0's then the other half comes from the finger print. That finger print, regardless of method obtained, is made up of 1's and 0's.

    The whole premise of breaking an encryption is figuring out the math behind it. I don't believe in true randomness and if what you say is true why would any encryption be broken.

    It's all math to me but thank you for the reply. I like discussing this sort of stuff.

    Tim

    Posted via CB10
    01-17-15 12:32 PM
  21. Ment's Avatar
    Who needs to crack the hash algorithm? Don't forget this system would rely on finger scanning terminals in all the stores. They can just skim your fingerprints right in the store just like they do with your bank card. Except unlike your bank card, you can't get issued new fingerprints

    Posted via CB10
    IF this ever goes into retail POS terminals, look how long it took for NFC terminals to take hold, your fingerprint won't be the only authentication. Two factor authentication would be used, finger and pin/pattern, and voila Apple has patents on that too.

    Much more likely this will be used for employees in an company to be used instead of an access card where a barrier of cost per unit install would not be as high a consideration.
    01-17-15 01:03 PM
  22. MikeX74's Avatar
    Apple patents a lot things, some that never see implementation outside of a lab in Cupertino, but you probably knew that when you decided to post this "information" in the first place. Also, do you honestly expect us to believe that your negative feelings toward Apple had nothing to do with why you posted this? I don't think anyone's avatar has the words "stupid" or "naive" on it.
    Last edited by MikeX74; 01-17-15 at 01:45 PM.
    01-17-15 01:17 PM
  23. Cozz4ever's Avatar
    It wouldn't be your actual fingerprint its a hash.


    That hash is what would be stored in the cloud instead where it is now in the Secure Enclave of the Iphone. If the hash is compromised then a new one would have to be created. I imagine if a cloud breach took place that Apple would send a notification to every Iphone to setup Touch ID again.
    Lol that's like me saying I illegally downloaded a movie but it's not the actual movie... it was compressed

    The hash, if any, regardless if it's SHA based, holds the fingerprint model.

    Posted via CB10
    01-17-15 06:21 PM
  24. matt0135's Avatar
    Posted via CB10
    01-17-15 06:28 PM
  25. reeneebob's Avatar
    I'm going to bookmark this thread for when BB starts using the same tech and it suddenly is oh so awesomely super!


    Sent from my iPad Air using Tapatalk
    jmr1015, LazyEvul, MikeX74 and 2 others like this.
    01-17-15 06:40 PM
61 123

Similar Threads

  1. Keep your Classic protected at your side with the BlackBerry Leather Swivel Holster
    By CrackBerry News in forum CrackBerry.com News Discussion
    Replies: 1
    Last Post: 08-22-17, 05:59 AM
  2. Replies: 3
    Last Post: 02-18-15, 05:01 PM
  3. Replies: 3
    Last Post: 02-17-15, 02:13 PM
  4. Hi guys need your opinion on a carrier
    By Ziro1 in forum BlackBerry Passport
    Replies: 9
    Last Post: 01-18-15, 11:03 AM
  5. UK wants more encryption, USA wants lesd
    By DC364 in forum General BlackBerry Discussion
    Replies: 6
    Last Post: 01-15-15, 06:43 PM
LINK TO POST COPIED TO CLIPBOARD