When Apple is Big Brother & the Zombies are Customers (and Disney’s Neurophone, Fukushima, Dropbox)

Look, if you go out and buy a new iPhone despite everything I’ve done to dissuade you from the Smarphone Path, you deserve what you get.

And, as the company is wont to do, Apple’s new iPhone more than delivers.

Not only do you now expose your fingerprints to the NSA — as their own analysts pointed out, “Who knew in 1984 that Steve Jobs would be big brother… and the zombies would be paying customers?”[1]

…but you also lose what little 5th Amedment (in the US, at least) protection you might have. After all, providing your fingerprint is not “self-incrimination” like giving a password might be.

Schneier[2] thinks this is a great use of biometric authentication. From a purely technical perspective, I agree — fingerprints offer about the same [subjectively-judged] level of security as a four-digit cell phone passcode, with much more convenience.

That said, the privacy concerns of everyone putting fingerprints in their cell phones are monstrous. If everyone had to show up to their local police station and deposit a thumb-print, people would take to the streets… and here, given the recent NSA disclosures, they’re paying money to do precisely the same thing.

The city of Hamburg’s director of data protection has already gone on on the record against the iPhone’s fingerprint scanner[3], pointing out that biometric identifiers stay with you your whole life, and can’t be changed — reason enough not to use them for authentication in daily life, and particularly when they’re being stored in a database.

To make matters worse, I said fingerprints are about as secure as a four digit cell phone passcode. No, they’re not the “lasers and voiceprint alarms” level of movie security you might think (and hopefully don’t, if you’ve been reading my stuff long enough).

Judging by the way the fingerprint sensor is implemented, all that may be needed to unlock a random iPhone is a gummi bear, water-filled unlubricated condom, or just a plain breath of hot air on the sensor. Someone please go down to their local Apple Store and check this — if it works, feel free to take credit for the idea and go on Colbert or whatever 🙂

[1] A better link than the originally cited coverage of the NSA/smartphone leak, actually. http://www.spiegel.de/international/world/how-the-nsa-spies-on-smartphones-including-the-blackberry-a-921161.html

[2] https://www.schneier.com/blog/archives/2013/09/iphone_fingerpr.html

[3] http://www.spiegel.de/netzwelt/netzpolitik/datenschuetzer-warnt-vor-fingerscanner-im-iphone-a-922288.html

Disney does audio-over-finger… shades of the Neurophone I mentioned earlier, Disney’s developed a device that transmits sound as electricity over the surface of the skin, without a return circuit — so you can play a sound in someone’s mind just by touching their ear! http://www.wired.co.uk/news/archive/2013-09/13/disney-touch-audio

You know Fukushima’s fucked when Russia Today is calling it a catastrophe. I suspect they’re one mistake away from being condemned in the Pripyat Daily Times. http://rt.com/op-edge/fukushima-catastrophe-nuclear-olympics-883/

Dropbox is in ur account, opening ur docs. Cloud storage sucks, as usual: http://www.wncinfosec.com/dropbox-opening-my-docs/


“There’s a lot of talk around biometric authentication since Apple introduced its newest iPhone, which will let users unlock their device with a fingerprint. Given Apple’s industry-leading position, it’s probably not a far stretch to expect this kind of authentication to take off. Some even argue that Apple’s move is a death knell for authenticators based on what a user knows (like passwords and PIN numbers).

While there’s a great deal of discussion around the pros and cons of fingerprint authentication — from the hackability of the technique to the reliability of readers — no one’s focusing on the legal effects of moving from PINs to fingerprints.

Because the constitutional protection of the Fifth Amendment, which guarantees that “no person shall be compelled in any criminal case to be a witness against himself,” may not apply when it comes to biometric-based fingerprints (things that reflect who we are) as opposed to memory-based passwords and PINs (things we need to know and remember).”

%d bloggers like this: