So its new iPhone time again. Reports are of a upgraded iPhone 5 called 5S and a lower budget model called the 5C. Apple need to compete with the many good and cheaper companies and appeal more to people in China and India.

New additions are said to be ''Finger print'' security and a better camera.

Apple iPhone 5S and iPhone 5C landing in UK on 20 September

http://www.itproportal.com/2013/09/0...-5c-landing-in-uk-on-20-september/

I'm patiently awaiting the 5S myself. I felt that the original 5 just wasn't enough to get me to upgrade.

Of course, I'm still using my BlackBerry Bold 9650, so Apple needs to hurry it up.  

Who here plans to get the 5S or 5C?

Quoting a321luke (Reply 1): I'm patiently awaiting the 5S myself. I felt that the original 5 just wasn't enough to get me to upgrade.

Thats actually my dilemma this time around. Im very happy with my iPhone 5 and I had the 4/4S. Until I see all the specs I am not making a decision. The cheaper 5C model is out of the question for me as its aimed for the intro market it seems. I would have to be getting a whole lot of new features that I actually needed to bite this time around. Mind you I said that with the 5  

I am already running IOS7 for the last few months and love it so that wont be a new feature for me. The big thing for me is battery life.

My 4S will most likely stay in use – it will get iOS 7 anyway (and possibly iOS 8 after that) and neither higher performance nor larger capacity (now likely up to 128GB in the 5S) are of major interest to me right now. And I very much like the steel-and-glass hardware of the 4S.

The rumoured fingerprint sensor may be an aid and motivation to upgrade security for people who did not bother with a passcode at all thus far, but an actual passcode is still quite a bit more secure than a key you keep disseminating copies of on every door handle and on every drinking glass.

Biometric keys are low-grade, but relatively high-convenience security. A passcode is lower-convenience but higher-grade security which is closer to my preference. And it doesn't need any additional sensor support.

Quoting Klaus (Reply 3): The rumoured fingerprint sensor may be an aid and motivation to upgrade security for people who did not bother with a passcode at all thus far, but an actual passcode is still quite a bit more secure than a key you keep disseminating copies of on every door handle and on every drinking glass.

Seriously, for someone who really wants to get into your phone, dealing with a PIN is easier than trying to lift fingerprints.

Quoting scbriml (Reply 4): Seriously, for someone who really wants to get into your phone, dealing with a PIN is easier than trying to lift fingerprints.

iOS supports arbitrary passcodes, not just 4-digit PINs. And even then an attacker needs to find the right PIN out of the 10000 possible ones within 10 tries before the device auto-erases its hardware-encrypted data. With a decent arbitrary passcode the chances shrink to a completely negligible quantity.

Even desoldering the flash chip won't help because the data is encrypted even there (with an individual, random key irrecoverably buried within the main processor).

This is not quite as easy as it may look at first glance.

By comparison, fingerprints can even be recovered from the device itself – and it's mainly a question of the sensitivity setting (again security vs. convenience) whether those recovered fingerprints can be used to gain access to the data for a determined thief.

[Edited 2013-09-05 05:14:05]

I will be upgrading to the iPhone 5S, I may possibly go for the champagne option, not too sure yet. I'll be upgrading from an iPhone 5.

I moved from Apple to the Samsung Galaxy IV, and have not regretted the move.

I'll be upgrading mostly because my iPhone 5 is out of memory and if I'm going to buy a new phone, then I might as well get the latest model.

Still running an iPhone 4 here. Works fine, no issues, just a little slow. I'm planning to hold out for the iPhone 6, as I don't really have the need for any of the new features on the 5S. Hoping that the 6 will be a bigger breakthrough... if not, I'll be getting one regardless.

Quoting BestWestern (Reply 7):

I never understand why people do this? That contributed absolutely nothing to this thread.

Anyway, looking forward to the keynote on Tuesday  

Quoting Klaus (Reply 3): Biometric keys are low-grade, but relatively high-convenience security. A passcode is lower-convenience but higher-grade security which is closer to my preference. And it doesn't need any additional sensor support.

How about both passcode and finger print?  

Quoting Kaphias (Reply 9): Still running an iPhone 4 here. Works fine, no issues, just a little slow. I'm planning to hold out for the iPhone 6, as I don't really have the need for any of the new features on the 5S. Hoping that the 6 will be a bigger breakthrough... if not, I'll be getting one regardless.

Ditto....It's as if he spoke for me.

Quoting virginblue4 (Reply 10): I never understand why people do this? That contributed absolutely nothing to this thread.

And yours contributed even LESS!!!

I plan to contribute the least by pointing out how comical it is to watch people claiming they will wait in line for a product they know nothing about and are already considering colors they again know nothing about.

Carry on.   

Me, I'm sticking with my Palm VIIx

  

I'm not going to be camping out in front of the Apple store, but I decided a while ago that I was going to switch to iPhone for my next phone, so I've just been holding off for a while. My biggest hope is that they have a 128 GB model. I have a several year old iPod touch (first one that was available at 64GB), and it's basically full. If they offer a 128 GB iPhone, I'll get that to replace both my old Android and my iPod.

I will wait and see what the new iPhone offers, then I´ll make a decision, I have a 32GB 4S and I am quite happy with it, and once iOS7 is released it will give it a refresh.

If it´s worth it, then I will buy it come december so I can give it a few months to settle and see what people think of it.

Will there be new iPads announced as well? iPad Mini is due for a refresh and so is the current iPad 4.

MIAspotter.

Quoting rwy04lga (Reply 12):

The difference being, I had already contributed to the thread in my previous post. He came in and posted something unrelated to the thread.

Quoting Jetsgo (Reply 13):

There have been plenty of leaks so a lot is know actually. Leaks of the champagne / gold model have already been shown, so I know exactly what it will look like.

Quoting Luftfahrer (Reply 11): How about both passcode and finger print?

That would work, but it would not have really better security than a slightly longer passcode anyway but you'd have at least occasional rejection even with the proper passcode. I personally would not see a significant gain in that either.

It's primarily for people who wouldn't bother with a passcode at all. For them it may provide some low- to medium-grade data security vs. none at all.

Quoting HomSar (Reply 15): My biggest hope is that they have a 128 GB model.

That seems to be a plausible option.

Quoting HomSar (Reply 15): 128 GB model

Leaks indicate that this would be very possible on the next iteration of the iPhone.

Quoting Klaus (Reply 3): The rumoured fingerprint sensor may be an aid and motivation to upgrade security for people who did not bother with a passcode at all thus far, but an actual passcode is still quite a bit more secure than a key you keep disseminating copies of on every door handle and on every drinking glass.

We use fingerprint readers at work and it's not as insecure as you think. They're much better than passwords. They make us change our passwords every three months and we can't use any of the last five passwords. I keep forgetting them!

Presumably, Apple would use a capacitance scanner similar to the ones we have at work. Those combine a capacitance scanner (which works on touch) with a thermal and pulse sensor, so a mold or my dismembered finger can't be used. This is required security for HIPAA, so the requirements are very stringent indeed.

Unlike passwords, you can't forget or lose your fingerprints (well, if you do, you have bigger problems). The big vulnerability is that if someone really wanted to, they could collect your fingerprints somehow, create a thin wearable glove with your fingerprints molded on, and then fake out the scanners we have at work. So a fingerprint scanner would not be good sole choice of security for, say, Fort Knox. But for most routine secure operations, it is usually sufficient.

But leaving such extreme measures aside, it is not your fingerprint that unlocks such a device, it is your finger. And fingers are hard to steal, and frankly, if someone does that, you have bigger problems than your phone.  

Quoting Kaphias (Reply 9): Still running an iPhone 4 here. Works fine, no issues, just a little slow. I'm planning to hold out for the iPhone 6

  

Me too. Presuming that my 4S lasts that long, I have decided to skip a generation and go straight to the 6. It's working fine right now, so fingers crossed.

Quoting DocLightning (Reply 8): I'll be upgrading mostly because my iPhone 5 is out of memory and if I'm going to buy a new phone, then I might as well get the latest model.

lol... then take some of your apps in ipad... no need to buy another phones!! Maybe you have got too many photos of the planes!!

The ideas some people have about security never stops to amaze me. Apparently it is easier to find someones fingerprint and create a usable replica than it is to read the pin code someone is entering. I know an eight year old kid who has access to every phone around him and he has not lifted a single fingerprint...

My IBM thinkpad laptop 10 years ago had fingerprint access.

I presume the technology has improved since then.

Quoting DocLightning (Reply 21): We use fingerprint readers at work and it's not as insecure as you think.

How much actual penetration testing has been done with those? I remain sceptical, particularly on a low-power, ultra-compact mobile device.

Quoting cmf (Reply 24): The ideas some people have about security never stops to amaze me. Apparently it is easier to find someones fingerprint and create a usable replica than it is to read the pin code someone is entering. I know an eight year old kid who has access to every phone around him and he has not lifted a single fingerprint...

How do you "read" my passcode? I take care to not have the display side exposed to anyone when I enter it. Changing the passcode also makes that a bit impractical. My fingerprints would be a lot easier to come by. Whether I want to or not, I leave them on smooth surfaces everywhere. And as noted above, I can't change them (practically).

Quoting Klaus (Reply 26): How do you "read" my passcode? I take care to not have the display side exposed to anyone when I enter it. Changing the passcode also makes that a bit impractical. My fingerprints would be a lot easier to come by. Whether I want to or not, I leave them on smooth surfaces everywhere. And as noted above, I can't change them (practically).

I'm glad you're perfect. Certainly not representative of how most people enter pin codes.

Suggest that you continue using your perfect pin code but let the rest of the world take a step up by using fingerprints instead of no pin code or easily read pin codes.

Quoting HomSar (Reply 15): I'm not going to be camping out in front of the Apple store, but I decided a while ago that I was going to switch to iPhone for my next phone, so I've just been holding off for a while. My biggest hope is that they have a 128 GB model. I have a several year old iPod touch (first one that was available at 64GB), and it's basically full. If they offer a 128 GB iPhone, I'll get that to replace both my old Android and my iPod.

Interesting. My music collection alone is around 32gb, and so on my last phone I went with an 8GB Galaxy S3 plus a 64 GB microSD card. I'm thinking having a 64GB choice as a standard next time would work fine for me, and if there is a 128GB choice it'll only help to push down the price of a 64GB choice.

Quoting DocLightning (Reply 21): Unlike passwords, you can't forget or lose your fingerprints (well, if you do, you have bigger problems). The big vulnerability is that if someone really wanted to, they could collect your fingerprints somehow, create a thin wearable glove with your fingerprints molded on, and then fake out the scanners we have at work.

Doesn't seem that hard to do, given that 3d printer technology is out there. The benefit is it can be done without your knowledge and a lot quicker than iterating through 10,000 numbers. If the target is valuable enough it could be funded pretty easily. For instance, how much money would a tabloid have given to have medical info about the recent 'royal' baby?

HUGEly looking forward to it. Right now I use a VZW Samsung Android that's CDMA only (not a world phone) and has battery life problems. As I plan to travel internationally I need GSM and the iPhone fits the bill nicely. I'm also deciding between that and the new Android Motorola RAZR Maxx (48 hours battery life, highest mAH). My current phone literally dies with 3/4 to 1 day usage and that's WITH LTE disabled. I also need a better camera. Oh and on the VZW global phones, the GSM portion is unlocked out of the box (so I can swap SIM'es, even a US SIM if I wanted!).

Quoting cmf (Reply 27): I'm glad you're perfect. Certainly not representative of how most people enter pin codes.

I'm nowhere near "perfect". Just cautious.

Quoting cmf (Reply 27): Suggest that you continue using your perfect pin code but let the rest of the world take a step up by using fingerprints instead of no pin code or easily read pin codes.

It can be better than no security at all, but that's not saying much. Particularly since pretty good security is so easy to get.

Quoting Revelation (Reply 28): Doesn't seem that hard to do, given that 3d printer technology is out there. The benefit is it can be done without your knowledge and a lot quicker than iterating through 10,000 numbers.

When the device erases itself after 10 unsuccessful attempts, that's not even a real option.

Apple isn't just selling a standalone product with the iPhone, it's part of an Apple ecosystem. People that need to upgrade their phone and want to stay part of the Apple ecosystem won't have much choice which is why they are already lining up to purchase the new product.

I LOVE the new Blackberry Z10 and Q10 a heck of a lot more than I like my iPhone 5 but I will never buy either of the BBs because they aren't part of the ecosystem, I currently own a 2013 Macbook Air, iPad 2 and iPhone and everything runs so smoothly, I don't want to leave/alter the current ecosystem between media/document sharing and device syncing.

I'm not an Apple fanboy, if another company offered such an idiot-proof and convenient way of providing an ecosystem along with consistently top notch products I would have jumped on that wagon. I love Dell's laptops, I've owned a few in the past and others in my family own them as well and love them.

Quoting Klaus (Reply 30): It can be better than no security at all, but that's not saying much. Particularly since pretty good security is so easy to get.

No, it is much better than the poor security you propose because it is practical. Reality is that pin codes are poor because a) people find them too tedious and thus don't use them or b) enter them so other people easily can see them. (Of course I'm talking about how most people do it. Not people who always cover the screen with one hand while entering the pin with the other)

Reality is that lifting a fingerprint and making a good enough copy to fool a reader is a much more complicated task than lifting a pin code. Again, considering real life and not theoretical life.

This is in the same category as requiring password changes every month, quarter, or whatever and then have people write down their passwords next to the computer. Better to let them have a password they remember and only force a change if the system has been compromised.

Sadly too many security experts are so concerned about that once in a billion situation instead of the everyday situation that they create very unsecure systems.

The real problem with biometric security is when the system fails and no-one remembers the password backup because it hasn't been used in the last 2 - 3 years.

[Edited 2013-09-07 16:03:01]

I think the big things we will see on Tuesday are in order of probability
1. Iphone 5s and 5c
2. Ipad mini with Retina display
3. Ipad refresh
4. Radio Agrreement for iTunes
5. Apple TV refresh
6. Emphasis on Gaming center. Controlling Apple TV and perhaps an App with the Iphone/Ipad with a gaming cover with sticks and buttons ( I base this off the colors in the invite and the fact that they use the same colors on the game center in their ios 7 Gamecenter app)
7 More content for the Apple TV.

Quoting Klaus (Reply 30): When the device erases itself after 10 unsuccessful attempts, that's not even a real option.

The problem with that is someone could possibly erase all of your info on purpose. A rival, an angry girlfriend, a mean older brother....any of those people could easily ruin your day.

Quoting cmf (Reply 32): No, it is much better than the poor security you propose because it is practical.

So is a passcode. If you don't have any data worth protecting with a passcode, a fingerprint sensor can still provide a little protection even so, but it's really just the lowest-level protection there is, not least because to be really convenient it must be calibrated towards false positives rather than false negatives.

I expect the first "fingerprint crack" within the week.

Quoting rwy04lga (Reply 34): The problem with that is someone could possibly erase all of your info on purpose. A rival, an angry girlfriend, a mean older brother....any of those people could easily ruin your day.

Not really. I'd put it in the dock and when it would be charged again, it would also have its last backup (from when it was charged the last time) restored and be exactly identical to the state before, without any manual work to be done and with all apps, settings and data present and up to date as expected.

Apart from a saboteur having to get my iPhone in his/her grubby paws in the first place. Which would be quite difficult to begin with.

Quoting Klaus (Reply 35): So is a passcode.

You think so and I think it is easy enough. But, a good portion of the world doesn't think so. Claiming it is simple doesn't change the fact they don't agree. That is reality.

Quoting Klaus (Reply 35): If you don't have any data worth protecting with a passcode

What phone out there are not worth protecting? The only I can think of are the phone that are receive only calls or those only able to dial preset numbers. Looking forward to see what you come up with.

Quoting Klaus (Reply 35): a fingerprint sensor can still provide a little protection

Where do you get this idea from? Fingerprints provide plenty of protection for the situations we are looking at. We are not talking about national security. But if we were then biometric would provide much better security than a pin code. Of cource the scanner would be on a different level than the cheap fingerprint scanners we see on computers today.

Quoting Klaus (Reply 35): not least because to be really convenient it must be calibrated towards false positives rather than false negatives.

Again, this shows you don't understand what we are trying to protect. This is for opportunistic situation. It isn't for the situation where someone is prepared to find your fingerprint. Go home and create a usable replica and then make sure they get your phone. Those people will get your pin code too. However, they are much more likely to take a completely different approach, e.g. MSAB XRY.

Quoting Klaus (Reply 35): I expect the first "fingerprint crack" within the week.

The pin code crack is already here.

Quoting Klaus (Reply 26): How do you "read" my passcode? I take care to not have the display side exposed to anyone when I enter it. Changing the passcode also makes that a bit impractical. My fingerprints would be a lot easier to come by. Whether I want to or not, I leave them on smooth surfaces everywhere. And as noted above, I can't change them (practically).

If someone goes as far as trying to lift your fingerprints to gain access to your iPhone, you're probably storing way too valuable information (trade secrets of a large company? government secrets?) inside said iPhone.

In my opinion, the average citizen (and I consider myself to be one, as far as what kind of information I store on my iPhone) isn't at risk of having someone lifting his fingerprints to gain access to the phone.

I think the fingerprint scanner (if the next iPhone really gets that, if the rumors are true) is a huge step forward in security. I check my iPhone quite often, and I'm annoyed by having to type the code every time. Therefore I set it to be enabled only after 15 minutes of inactivity. This means my iPhone is *very* insecure for 15 minutes after each time I've used it. I dislike that, but it's a trade-off I took to work against the annoyance of entering the code over and over.

If I can replace that code with a fingerprint, it would mean that my iPhone is *always* locked, and that only my finger (or a code) can unlock it. Always. No 15-minute window. If I drop it or if it gets stolen, the average thief won't be able to access my data, because he won't have lifted my fingerprints off my glass at the restaurant (seriously?).

Let alone those users who don't use a PIN code at all, because they simply can't be bothered. I hear stories of iPhones being stolen all the time, and people have their personal data looked at, their social media profiles all messed up, and whatnot.

So I don't see how this can't be a huge step forward.

Quoting cmf (Reply 36): What phone out there are not worth protecting? The only I can think of are the phone that are receive only calls or those only able to dial preset numbers. Looking forward to see what you come up with.

Ask the people who don't protect their phones – not me.

Quoting cmf (Reply 36): Again, this shows you don't understand what we are trying to protect. This is for opportunistic situation.

See my posts above.

Quoting cmf (Reply 36): The pin code crack is already here.

Nope. It isn't. Whoever told you that didn't know what they're talking about.

A thief has no realistic chance of cracking a passcode on a semi-recent iOS device. Only for older devices which have a bug in their unfixable boot ROM (iPhone 3GS, iPhone 4, iPad 1) the outer hardware encryption layer can be circumvented, but that does no longer work with newer devices (iPhone 4S, iPad 2 and up). And even then only a simple 4-digit passcode can be cracked on the device. Good passcodes still remain out of reach even so, and critical personal data still can't be accessed.

Even Apple themselves can only unwrap the outer encryption layer through their private code-signing key, not the inner ones.

Using a nontrivial passcode makes it pretty much impossible to get at the data on the device for all that is known at this point.

Quoting ManuCH (Reply 37): So I don't see how this can't be a huge step forward.

As I said: It's a step forward for people who hadn't secured their iPhone at all so far.

Replicating fingerprints is not difficult. There are easy do-it-yourself instructions on the internet. The main question is how long it will take to circumvent the new sensor (my guess: not very long).

Passcodes are a much better protection if they are used properly.

Quoting Klaus (Reply 38): Ask the people who don't protect their phones – not me.

No, it is you who insist fingerprint isn't enough. back to you, where isn't fingerprint enough? My experience tells me the occasions are far between.

Quoting Klaus (Reply 38): See my posts above.

I've seen your posts. You have dug yourself a hole from where you refuse to look out.

Security isn't about making everything perfectly safe. In fact, it hardly ever is about making it perfectly safe. Security is about making it difficult enough that it isn't worthwhile.

Quoting Klaus (Reply 38): Nope. It isn't. Whoever told you that didn't know what they're talking about.

remember the thread where you stated you never attack other people? Another example of you failing to live up to your claims.

Problem for you is that I do know what I'm talking about. Even worse is that I'm talking about the most basic form of cracking there is and something mentioned above. All it takes is an eye and looking at the device when someone enters the code. As mentioned above it works with just about everyone and requires much less effort that lifting a fingerprint and making it readable.

Quoting Klaus (Reply 38): A thief has no realistic chance of cracking a passcode on a semi-recent iOS device

Again, you're barking at the wrong tree. It is the steps before this that are addressed. The steps that are much more common issues.

Quoting Klaus (Reply 38): Even Apple themselves can only unwrap the outer encryption layer through their private code-signing key, not the inner ones

Wrong. It takes them time but they can reduce it to a point where it is a realistic projects. It is a service they provide.

Quoting Klaus (Reply 38): Using a nontrivial passcode makes it pretty much impossible to get at the data on the device for all that is known at this point.

Nope, you still have the problem of people thinking it is too much work and people looking.

Quoting Klaus (Reply 39): Replicating fingerprints is not difficult.

Have you tried it? It is not nearly as simple as you think. depending on the technology used in the scanner it ranges from a lot of tries the first times to damn near impossible.

Quoting cmf (Reply 40): No, it is you who insist fingerprint isn't enough. back to you, where isn't fingerprint enough?

On my device with my data.

Quoting cmf (Reply 40): I've seen your posts. You have dug yourself a hole from where you refuse to look out. Security isn't about making everything perfectly safe. In fact, it hardly ever is about making it perfectly safe. Security is about making it difficult enough that it isn't worthwhile.

Exactly. And leaving copies of the key to my data everywhere I touch any smooth surface is not my idea of data security.

I've nowhere stated that everybody had to agree with me. It's just my own position.

Quoting cmf (Reply 40): Quoting Klaus,reply=38: Nope. It isn't. Whoever told you that didn't know what they're talking about. remember the thread where you stated you never attack other people? Another example of you failing to live up to your claims.

There is absolutely zero personal attack on you in my statement above. You may not happen to like what I have to say, but that is a completely different thing.

Quoting cmf (Reply 40): Problem for you is that I do know what I'm talking about. Even worse is that I'm talking about the most basic form of cracking there is and something mentioned above. All it takes is an eye and looking at the device when someone enters the code. As mentioned above it works with just about everyone and requires much less effort that lifting a fingerprint and making it readable.

I don't even let friends look at the display and my fingers when I enter the passcode, much less potential thieves.

Quoting cmf (Reply 40): Wrong. It takes them time but they can reduce it to a point where it is a realistic projects. It is a service they provide.

Sorry, but you're still wrong there.

Even Apple injecting special firmware which is properly signed with their private key into a device they've got in their physical possession can only unwrap the outer layer which doesn't hold sensitive data.

Even they need to inject code to run a brute-force attack against the passcode on the actual device, which after unwrapping the outer layer is no longer protected by the 10-tries-limit.

With a simple 4-digit passcode this already takes many hours (which is part of the design); With a nontrivial passcode it is just not feasible even then since it would take years or decades.

The service Apple provides for this gives no guarantee that they'll actually be able crack the passcode – just enough criminals are lazy enough to use only a basic passcode which is plausibly crackable to get police access to their data that way (at least normally with proper court orders accompanying the device in question).

And this service is not available to thieves (but possibly to the NSA even without proper paperwork, unfortunately), so thieves will already fail at the outer layer and never even get to the brute-force part since there is no known crack for the firmware signature. Ask the "jailbreakers" if you want. They have no way in to a locked device either, despite intensive reverse engineering through several years by now.

Quoting cmf (Reply 40): Have you tried it? It is not nearly as simple as you think. depending on the technology used in the scanner it ranges from a lot of tries the first times to damn near impossible.

I didn't need to (nor do I have any such incentive). There are people who make it their hobby to circumvent locks of all kinds and other people who investigate security issues.

Quoting cmf (Reply 32): Sadly too many security experts are so concerned about that once in a billion situation instead of the everyday situation that they create very unsecure systems.

Quoting ManuCH (Reply 37): I think the fingerprint scanner (if the next iPhone really gets that, if the rumors are true) is a huge step forward in security. I check my iPhone quite often, and I'm annoyed by having to type the code every time. Therefore I set it to be enabled only after 15 minutes of inactivity. This means my iPhone is *very* insecure for 15 minutes after each time I've used it. I dislike that, but it's a trade-off I took to work against the annoyance of entering the code over and over.

  

Quoting cmf (Reply 32): The real problem with biometric security is when the system fails and no-one remembers the password backup because it hasn't been used in the last 2 - 3 years.

Security folks are all about CYA, everything is simple and easy to put down on paper, unfortunately for the rest of the world, security folks live in their own world and only interact with us via their demands and rules implementation.
Bring on hump day then TGIF so we can get away from them for a day or two  

Quoting Klaus (Reply 39): As I said: It's a step forward for people who hadn't secured their iPhone at all so far.

Or for those who secured them, like myself, but only enable the PIN after a 15 minute timeout, for conveniency. The fingerprint sensor is probably more of a step forward in conveniency, but that's a biggie for me. If it works as expected, it'd be a huge usability improvement for my daily use cases.

Quoting Klaus (Reply 39): Replicating fingerprints is not difficult. There are easy do-it-yourself instructions on the internet.

How easy really? How much of an effort is required? Also, how do you know whose prints you need? Any surface is likely to have many prints of several different people.

OTOH, looking over someone's shoulder when he types his PIN is easy. I know plenty of friends' PINs because I overlooked while they unlocked their iPhone - and no, not even on purpose. It would require much more of an effort to lift my friends' fingerprints. But I could unlock their iPhones, right now, without any effort.

This means that inside a "circle of trust" (close friends, family members) the fingerprint sensor is a step forward. It would be much harder to unlock, say, your partner's phone (leaving aside the fact that if you do that, your relationship probably has other issues  ). You couldn't just casually go "oh I know the code because I saw it", but you'd need to proactively lift their fingerprints?!

For the casual thief, it wouldn't probably make any difference, *unless* you have a timeout for PIN protection (like I do), which I admit is pretty unsafe. But as I said earlier, I wanted a trade-off between being annoyed with a PIN entry request every time I unlock my phone, and decent security.

To sum it up: I'll definitely enable that feature, if it is introduced, and my phone will be safer than now, because it will need some kind of security *every* time I unlock it. And I will never use my PIN, so nobody else looking over my shoulder would know it. This means that if I leave my phone unattended (which I rarely do, but still) the casual observer will not be able to unlock it.

Quoting ManuCH (Reply 43): How easy really? How much of an effort is required?

Pretty quick and easy with readily available means:
http://www.edri.org/edrigram/number6.7/fingerprint-schauble

Of course newer sensor designs have tried to counteract such home-cooked attacks, but we'll see how long the presumable sensor in the 5S will remain a barrier there.

Quoting ManuCH (Reply 43): Also, how do you know whose prints you need? Any surface is likely to have many prints of several different people.

On your phone a thief already has in their hands, most likely there will only be your own.

Quoting ManuCH (Reply 43): This means that inside a "circle of trust" (close friends, family members) the fingerprint sensor is a step forward.

If you have friends who you let see the code and who on the other hand are untrustworthy enough to actually steal your device and try to break into it...   

Quoting ManuCH (Reply 43): It would be much harder to unlock, say, your partner's phone (leaving aside the fact that if you do that, your relationship probably has other issues &nbsp . You couldn't just casually go "oh I know the code because I saw it", but you'd need to proactively lift their fingerprints?!

The excuse would simply be: "Oh, was it locked? It just unlocked right away, don't know why!"

This is not a falsifiable claim with a fingerprint sensor which always just has a statistical response, but a passcode will never accidentally unlock a device, so intent is definite and undeniable.

Quoting ManuCH (Reply 43): To sum it up: I'll definitely enable that feature, if it is introduced, and my phone will be safer than now, because it will need some kind of security *every* time I unlock it. And I will never use my PIN, so nobody else looking over my shoulder would know it. This means that if I leave my phone unattended (which I rarely do, but still) the casual observer will not be able to unlock it.

I've never denied that it can be a viable option if you accept the consequences. But it's not for me.

But then I'm paranoid enough to also force sudo password entry on each and every invocation on any system under my control, by eliminating the convenient but insecure "grace period" via configuration.

I agree that security is never absolute, and convenience is always its primary antagonist. The problem is just that biometric analysis has been massively over-hyped in recent years and its security features have been wildly overstated. It can provide some security benefits if it is done right, but its impact is much more difficult to determine and its risks much more subtle and difficult to check than the old but well-understood password / key principle.

That it has become known that Apple has been subverted by the NSA recently as well unfortunately also makes it a major issue to have technical analysts check specifically for back doors providing wholesale fingerprint collection via surreptitious upload to central servers.

Things have unfortunately come to the point where that must actually be assumed until proven otherwise.   

Supremely bad timing for a feature like this.

Quoting Klaus (Reply 39): Replicating fingerprints is not difficult.

Yes it is. Because you do not know which part of the print the software examines for minutae, you need an intact, complete print. Even the surface of the phone itself will have multiple smudged prints that will need to be dusted, imaged, and computer-combined to assemble a full print.

Then, because any such scanner being installed in a high-end smartphone will have thermal and pulse sensors, you need to make a very thin glove with the fingerprint on the glove's fingertips.

In the stories that have been posted, this has been accomplished, but it requires some specialized equipment and a fair amount of effort. How many petty smartphone thieves are going to be willing to go to it to unlock a phone that will probably be remotely wiped and deactivated, anyway?

I think you are too paranoid about it. Obsession with security can be counter-productive, too. The more times you have to enter a passcode, the more opportunities a hacker has to intercept it.

Quoting DocLightning (Reply 45):

But James Bond makes it look sooooooooo easy!

Quoting Klaus (Reply 41): On my device with my data.

That's not an answer. You need to tell what type of data is unsecure with fingerprint but safe with pin code. All your answer provide is that you have classified some type of data you have as being in that range so it should be easy for you to provide a real answer.

Quoting Klaus (Reply 41): And leaving copies of the key to my data everywhere I touch any smooth surface is not my idea of data security

You need to look at the effort it takes. Even for the most simple scanners it takes a significant effort to lift and create the fingerprint substitute. It is a pretty safe bet Apple would not use that kind of technology since even 10 years ago when we manufactured scanners it was easy to implement features raising the bar.

What kind of protection do you have on your house? Most people have one or two locks. The effort to steal your keys is much less than the effort required to create a fingerprint substitute.

Reality is that if you have someone dedicated enough to go thru this process to get your data then the pin code will not stop them either.

Quoting Klaus (Reply 41): I've nowhere stated that everybody had to agree with me. It's just my own position.

Look back at your posts. This isn't what you state. You're stating fingerprints is a bad idea, that people should use pin codes instead.

Quoting Klaus (Reply 41): There is absolutely zero personal attack on you in my statement above. You may not happen to like what I have to say, but that is a completely different thing.

You stated I do not know what I'm talking about, as It was my claim. You did not provide any support for why my statement was wrong, only an attack on my knowledge. Then add that the method for cracking open a pin code protected iPhone had already been posted and your claim is even more ridiculous.

Quoting Klaus (Reply 41): I don't even let friends look at the display and my fingers when I enter the passcode, much less potential thieves.

You must be an extreme outlier because everyone I know slip from time to time. Reality is that most people enter pin codes so it is easy see what it is.

Quoting Klaus (Reply 41): Sorry, but you're still wrong there.

The data we got back indicate differently...

Quoting Klaus (Reply 41): With a simple 4-digit passcode this already takes many hours (which is part of the design); With a nontrivial passcode it is just not feasible even then since it would take years or decades.

We got the data in a week. It took a lot of time getting it setup but it was very fast once they got the device.

Quoting Klaus (Reply 41): I didn't need to (nor do I have any such incentive). There are people who make it their hobby to circumvent locks of all kinds and other people who investigate security issues.

So how can you claim it is easy? Looks to me that you have found some claims of people being successful and think it applies to every fingerprint scanner. Even 10 years ago, when we developed our scanner, it was very difficult to fool anything but the most basic scanners.

Quoting Klaus (Reply 44): Pretty quick and easy with readily available means

It takes time and equipment. Just that removes easy.

Quoting Klaus (Reply 44): but we'll see how long the presumable sensor in the 5S will remain a barrier there.

What is there to suggest this? What is preventing locking the phone after x number of failed attempts at reading a fingerprint? It is afterall what you rely on to prevent brute force pin code crack. We have already addressed that it is much easier to lift a pin code than it is to create a workable fingerprint, as most people use them. As with all new code there are options for exploits but they will be locked down quickly, just as happened with the pin codes.

Quoting Klaus (Reply 44): On your phone a thief already has in their hands, most likely there will only be your own.

What real difference is there because of this? There is no shortage of stolen phones today. The process if your phone is stolen will not be any different than it is is today.

Quoting Klaus (Reply 44): This is not a falsifiable claim with a fingerprint sensor which always just has a statistical response, but a passcode will never accidentally unlock a device, so intent is definite and undeniable.

This got me laughing   If you did this to me I'd just tell you to unlock it again... You will fail and then we will have the same discussion as if you lifted my pin code.

Quoting Klaus (Reply 44): I've never denied that it can be a viable option if you accept the consequences. But it's not for me.

I have to accept the consequences of using pin code too. Reality is that with fingerprint I am just about every other person is safer than with pin code because the people around me are much more likely to get my pin code than they are to be able and ready to make a fingerprint substitute. In all other situations there really isn't a difference in risk as those people will do the same if I use pin code or fingerprint.

There you have the sum of the pin code or fingerprint argument in the real world. Not the outlier situations you seem so concerned about.

Quoting DocLightning (Reply 45): but it requires some specialized equipment and a fair amount of effort.

   Fingerprint takes away all opportunists. It makes no difference to the dedicated.

Quoting DocLightning (Reply 45): Obsession with security can be counter-productive, too.

  
It is amazing how many people, including those with security titles, insist on locking everything so much that in reality all they do is cause costs to the company.

Quoting cmf (Reply 47): That's not an answer. You need to tell what type of data is unsecure with fingerprint but safe with pin code. All your answer provide is that you have classified some type of data you have as being in that range so it should be easy for you to provide a real answer.

The answer to the question when protection is safe "enough" is inherently a judgment call and inherently does not have an objective answer except where formalized requirements and sufficiently precisely quantifiable assumptions about all significant circumstances are available (which is rarely the case – even where that is desired).

In my case I prefer passcodes with known properties over an opaque, sensor-based method with merely a statistical distribution of rejection vs. acceptance.

Quoting cmf (Reply 47): You need to look at the effort it takes.

I have. The example I've linked to back then stunned many experts because they had massively overestimated the effort it should have taken. This may have shifted gradually due to sensor improvements since then (minus the margin imposed by an ultra-compact, low-power, high-convenience implementation in a mobile phone), but it's still a statistical gamble which inherently needs to be skewed towards false positives in order to actually deliver its desired convenience benefit in the first place.

Quoting cmf (Reply 47): It is a pretty safe bet Apple would not use that kind of technology since even 10 years ago when we manufactured scanners it was easy to implement features raising the bar.

If the rumours have it correct, they're just starting.

Quoting cmf (Reply 47): Look back at your posts. This isn't what you state. You're stating fingerprints is a bad idea, that people should use pin codes instead.

Nope. I have presented my view on what the technology can do and where I see risks and benefits. For myself I see more risks than benefits, for people who out of convenience never used a passcode I see more benefits than risks, as I have stated above.

Quoting cmf (Reply 47): You stated I do not know what I'm talking about, as It was my claim.

Nope. I have said that whoever told you that didn't know what they were talking about. Which still isn't a personal slight but addressing the factual content of a statement.

Quoting cmf (Reply 47): You did not provide any support for why my statement was wrong, only an attack on my knowledge. Then add that the method for cracking open a pin code protected iPhone had already been posted and your claim is even more ridiculous.

Nope. I have explained in detail how cracking of a passcode works on iOS devices – and what the limitations of such attempts are. You can research the current state of this issue and you will find that my presentation does reflect it correctly and by contrast your assumptions didn't.

Quoting cmf (Reply 47): The data we got back indicate differently...

Nope. What you're saying is exactly consistent with my explanation above:
• (Unless you're the NSA or other secret agency which operates outside the law) you need to provide a) the actual physical device to Apple with b) a valid court order confirming that you do indeed have a legitimate right to have it cracked (I assume your "we" fits that description here).
• Even at Apple it takes many hours to break a simple passcode.
• If you do this more often, you will sooner or later come across devices locked with a proper passcode which even Apple can't break. This has already happened as far as I'm aware.

Quoting cmf (Reply 47): We got the data in a week. It took a lot of time getting it setup but it was very fast once they got the device.

The toxic nature of dealing with a specifically prepared passcode-breaking firmware version correctly signed by Apple (as explained above) forces Apple to be highly restrictive and to not let it out of their sight since it could be extremely corrosive to the security of millions of devices in the field (at least to those using weaker passcodes).

That is why most likely only very few of their employees are trusted with this and that and the still-remaining difficulty of actually brute-forcing the passcode (which is by design!) means that they can process only a small number of devices at a time, resulting in long waiting lists for law enforcement clients.

This is exactly consistent with what I've explained above.

Quoting cmf (Reply 47): You must be an extreme outlier because everyone I know slip from time to time. Reality is that most people enter pin codes so it is easy see what it is.

I'm an individual. And one who does indeed happen to have an above-average level of knowledge on a) software, b) chip design, c) sensor technology and its theoretical and practical application, d) iOS and its internal security architecture and e) the mathematical foundations of digital security technology.

For my own needs and existing risks I see passcodes as the primary mitigation strategy. I see too many drawbacks and too few benefits in sensor-based security for myself. But as I've said repeatedly: It depends on what your status quo is and what you're ready to accept in exchange for increased data security.

Quoting cmf (Reply 47): What is preventing locking the phone after x number of failed attempts at reading a fingerprint? It is afterall what you rely on to prevent brute force pin code crack. We have already addressed that it is much easier to lift a pin code than it is to create a workable fingerprint, as most people use them.

No, you're simply assuming that to be the case. Whether that is actually true varies from case to case.

Quoting cmf (Reply 47): This got me laughing   If you did this to me I'd just tell you to unlock it again... You will fail and then we will have the same discussion as if you lifted my pin code.

Nope. Unless a passcode is set in addition to the fingerprint, the fingerprint sensor response will always just be statistical. The claim that it "just unlocked" via fingerprint is not falsifiable unless you've got access to internal system logs.

By contrast, that same claim vs. a passcode lock is always and definitely false.

Quoting cmf (Reply 47): I have to accept the consequences of using pin code too. Reality is that with fingerprint I am just about every other person is safer than with pin code because the people around me are much more likely to get my pin code than they are to be able and ready to make a fingerprint substitute. In all other situations there really isn't a difference in risk as those people will do the same if I use pin code or fingerprint.

There is no definitive and absolute answer to this. As I've said all along: It depends on the circumstances and on your willingness to accept inconvenience in exchange for increased security.

Quoting cmf (Reply 47): There you have the sum of the pin code or fingerprint argument in the real world. Not the outlier situations you seem so concerned about.

Somebody trying to crack your device is already an "outlier" situation in itself. We're not discussing standard situations either way.

All that said, we'll have to see a) whether Apple has actually introduced such a sensor into the new iPhone, b) in what way they're actually employing it and c) which level of security is achievable this way.

Data security is too complex a topic to provide clear-cut, simple answers to many questions. Which is why it remains necessary to differentiate between different situations and behaviours on the one hand and technological mitigation approaches on the other.

Just because there might(!) be a new technological solution this does not automatically mean that it had to be a better solution for absolutely every need. This is not how that kind of thing works.

Quoting Klaus (Reply 48): Nope. Unless a passcode is set in addition to the fingerprint, the fingerprint sensor response will always just be statistical. The claim that it "just unlocked" via fingerprint is not falsifiable unless you've got access to internal system logs.

And you really think that 2 friends, or 2 partners in a relationship, will have a discussion going along the line of "oh well, your claim is not falsifiable, so I'll just believe that it unlocked by itself"? Probably Sheldon from Big Bang Theory with one of his nerdy girlfriends might do so - but 2 regular people who don't happen to be data security specialists will never discuss along these lines, realistically.

I know how fingerprint scanners work, and that there might be "false positive" unlocks (although unlikely if implemented properly). But if I found anyone with my phone unlocked, I would smell BS from miles away and wouldn't believe their claims of "it just unlocked by itself". Everything else is just academic banter, which doesn't apply in the real world among non-specialists.

Quoting Klaus (Reply 48): Somebody trying to crack your device is already an "outlier" situation in itself. We're not discussing standard situations either way.

I disagree. A spouse or a friend unlocking your phone is not an "outlier". He may just be curious, looking for some gossip, or mad at you and wanting to do some damage to your social networks. You know, random things humans do when they're not being rational. And that is much easier to achieve if they look over my shoulder and catch my PIN, than if they start lifting my fingerprints. My friends may be crazy, but there's a limit to everything  

[Edited 2013-09-09 01:34:52]