|
Samsung S8 'eye security' fooled by photo - BBC News[^]
I always remember a long time ago Mythbusters set out to test fingerprint authentication as found on anything from laptops to bank vaults. To prep for the feature they had a range of devices that offered fingerprint authentication all the way up to very expensive vaults and they also had a range of possible solutions to try. No doubt they were planning on starting with the more basic bits of kit and the most basic tools to circumvent and they'd get more and more sophisticated with their tools until the device was cracked. They would then move up to the next more secure device and repeat the process.
The simplest way they had to beat the system was a photocopy\printout of a fingerprint. The most complex involved a finger modelled in ballistic gel which matches the conductivity of human skin, and they had a mechanism to ensure the gel was also heated to body temperature. They basically tried to make the most realistic finger they could.
The whole bit was a damp squib though as the result was that the most basic of methods (a printout of a fingerprint) cracked the most advanced of the devices (the professional safe).
It's like the security industry is constantly looking for the next "big thing" and trying all these gimmicks and it's as if the gimmick is the most important thing....even more important than if the method actually works, and the end result is that things are getting less secure, not more.
|
|
|
|
|
F-ES Sitecore wrote: It's like the security industry is constantly looking for the next "big thing" and trying all these gimmicks and it's as if the gimmick is the most important thing....even more important than if the method actually works, and the end result is that things are getting less secure, not more. and not forget to say more expensive as they include the "latest" technologies
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Well, at least the battery didn't catch fire.
Are people really paying £800 for these?
98.4% of statistics are made up on the spot.
|
|
|
|
|
It cost no more than £650 - and the eye photo is free
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
Well, if it's down to 6.5 times what I paid for my 'phone, I have to admit it starts to sound a little tempting.
98.4% of statistics are made up on the spot.
|
|
|
|
|
Blimey - many times even my own fingerprint won't unlock my S6!
|
|
|
|
|
F-ES Sitecore wrote: It's like the security industry is constantly looking for the next "big thing" and trying all these gimmicks and it's as if the gimmick is the most important thing....even more important than if the method actually works, and the end result is that things are getting less secure, not m
I think a lot of that is probably implementation - they also employ the cheapest workers they can to produce the software, and I suspect that means they get their code from questions in QA...
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
OriginalGriff wrote: code from questions in QA
In that case you need no bother yourself with infrared images and contact lenses - just look at the phone with harassment...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
If they get their code from questions in QA is not what worries me.
I think it is worst if they get the code just from somewhere in the net. At least here there still is a % of people really willing to help that do know what they say.
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
I didn't say they got their code from the answers!
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
|
There is a way to destroy the reputation of every mobile phone that does eye recognition. Let its camera face another phone (of the same model) with your eye photo, taken on the same phone.
Now all outcomes fall in one category:
- eye recognition sucks,
- display sucks,
- camera sucks.
|
|
|
|
|
F-ES Sitecore wrote: It's like the security industry is constantly looking for the next "big thing" and trying all these gimmicks and it's as if the gimmick is the most important thing....even more important than if the method actually works, and the end result is that things are getting less secure, not more.
Compounded with the fact they are asking forcing us to put more of our information into their hands.
Big brothers not just watching, he's directing.
Sin tack
the any key okay
|
|
|
|
|
Crazy Train (4)
One morning I shot an elephant in my pajamas. How he got in my pajamas, I don't know.
|
|
|
|
|
Ozzy
|
|
|
|
|
Loco.
98.4% of statistics are made up on the spot.
|
|
|
|
|
Bang on.
One morning I shot an elephant in my pajamas. How he got in my pajamas, I don't know.
|
|
|
|
|
I was recently required to sign up to voice recognition security when I telephoned a government department. I had to keep repeating the phrase "My Voice is my Password" while it was recorded and analyzed. Now my records are supposedly protected by my voice. That scares me.
What happens when my Bank also starts to use this technology? Then the big online retailers? Then the utility service providers. I only have one voice, so all my accounts will be secured with the same voice print security. That is like forcing everyone to use the same password for all their accounts.
Human nature will have users relax the complexity of their typed passwords because Voice Recognition becomes the main security measure, which is counterproductive for overall security.
One employee in any one organization could steal and abuse all my accounts everywhere using my voice records.
Try playing the hacking game Uplink for a demonstration of what might be possible with voice simulation (I found Uplink on Steam).
Imagine what happens when a large telephone company get their database of bank account details hacked, together with the voice prints of all their customers? Instant access to all the tools necessary for total identify theft.
The responsibility for proving fraud has happened passes from the bank to the customer. Try proving that you didn't transfer all your money to a scammer's account when the bank have what they claim is a recording of you logging in with your voice.
Just because we have the technology to do some things doesn't mean we should.
|
|
|
|
|
|
Couldn't agree more - it's a technology that will be hacked to buggery by voice synths in a very short space of time. As Griff's link shows, it can even be hacked without technological assistance.
I'm somewhat astonished that an organisation the size of HSBC are using this kind of snake-oil. If I had shares in them, I'd be selling.
98.4% of statistics are made up on the spot.
|
|
|
|
|
PeejayAdams wrote: I'm somewhat astonished that an organisation the size of HSBC are using this kind of snake-oil. If I had shares in them, I'd be selling.
Small fry. The Australian Tax Office has brought this in. I refuse to sign up and keep going through to an operator for verification/
Michael Martin
Australia
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible."
- Mr.Prakash One Fine Saturday. 24/04/2004
|
|
|
|
|
PeejayAdams wrote: will be hacked to buggery by voice synths
Well, maybe that'll result in improvements in cheap but good voice synthesis!
Marc
Latest Article - Create a Dockerized Python Fiddle Web App
Learning to code with python is like learning to swim with those little arm floaties. It gives you undeserved confidence and will eventually drown you. - DangerBunny
Artificial intelligence is the only remedy for natural stupidity. - CDP1802
|
|
|
|
|
it's a technology that will be hacked to buggery by voice synths in a very short space of time
Well, you can already use such kind of technology today. Try this: https://lyrebird.ai/demo
|
|
|
|
|
And what happens when you quit/start drinking/smoking?
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
Or what if they bring you to the vet to get you neutered?
The language is JavaScript. that of Mordor, which I will not utter here
This is Javascript. If you put big wheels and a racing stripe on a golf cart, it's still a f***ing golf cart.
"I don't know, extraterrestrial?"
"You mean like from space?"
"No, from Canada."
If software development were a circus, we would all be the clowns.
|
|
|
|