Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Well it's a lock, not a user application. In the intended usage scenario, the lock is meant to fend off hacking attacks and to protect from theft.
If the physical key alone were enough, that would reduce the lock security to the level of the physical component, which you can bet isn't first class. Lock picking would be the consequence. -
It'd be terrible security-wise if anything other than the fingerprint can unlock it. It's actually why I dislike having to put a PIN code on Android that you can use instead of the fingerprint scanner, and have to use on boot. I'm not gonna lie, my PIN code is a lot weaker than my fingerprint. But sure a hacker is going to be so nice to use my fingerprint instead of my PIN code π
Same thing with that key lock actually. If it's possible to reset the fingerprint with just a key, then what's the point of it anyway? Say that a lock picker comes along and the lock can be reset with just a key, do you think that they'll ever bother with the fingerprint sensor, other than resetting it to just import *something* of their own and use that? -
@Condor "If all doors are locked, try looking for open windows instead"
-
@ThermalCube true, there's always windows for entrance into the network π
-
@ThermalCube yea but this level of lock is so easy to get through by 100 other means. These locks are for keeping honest people honest as they say. Having an internal reset button with a security screw would be fine at this level.
-
@Condor the fingerprint secure zone isn't unlocked until you decrypt it with your PIN.
-
@plttn which is exactly my point. The point is that unlocking the device can be done with PIN, and so can adding new fingerprints. It is not something that I deem secure compared to my fingerprint. And I can't insert random gibberish into it either, because every few days, and on every reboot it requires that PIN code again. I find fingerprint scanners nowadays sufficiently reliable to rely on them exclusively.
Essentially, fingerprint is secure but PIN code isn't. Having both available increases the attack surface, conventional locking methods such as pattern and PIN lock being quite a large one. From a security perspective, I don't like this. -
@plttn here's a rant of mine that puts pattern lock security into a nice perspective btw: https://devrant.com/rants/1581491
-
@Condor Considering iPhone acts the same way I think you're a little off base. The purpose of the fingerprint sensor isn't to be the super secure authentication, it's to make using a very secure pattern or PIN less of a PITA. I think I have to enter my PIN on my Pixel 3 once every few days when I wanted to use Pixel Imprint due to security. Throw in the legalities of compelling fingerprints vs PIN, no fallback if biometric system fails, and I'd run far away from a ROM that would just let me set a fingerprint and call it a day.
-
@plttn well the thing is, on my Nexus 6P I've never had any unlock fails and even on my current OnePlus 6T with on-screen fingerprint sensor (which is still very beta right now) the failed unlocks are very minimal. Given 5 unlock attempts currently before PIN becomes required, I feel like that could become the primary authentication method, perhaps with a 5 minute timeout for security purposes and for the operator to go wash their hands (on the OP6T I've found greasy hands from a night's sleep to be the most common cause of authentication failures).
I honestly don't see any reason to keep on using PIN codes anymore. Sure it's easier to swap out than a finger, but it's also much easier to duplicate. A 4 character PIN code (which pretty much everyone uses) is 10k combinations. Sounds like much, but not for a computer. Now compare that to the 7 billion fingerprints currently out there, which are nonetheless all unique. I think that's pretty impressive. And especially capacitive fingerprint authentication is hard to fool, even when you have a copy of the owner's fingerprint from something they touched. -
@Condor Currently Google is deciding whether or not the optical sensor in the 6T is secure enough to be a valid trustzone security method.
-
@plttn I can refuse to police officers regardless, and they can compel me in various ways to unlock it for them as well. That doesn't change with the unlocking method. The only way in which I would be able to trick police officers is if I were to have e.g. a LUKS encrypted hard drive that has a key in it for self-destruction. But that'd play against me in a very significant way legally. It's safe to assume that if they have legal grounds to access my data, they'll get in with my (not so voluntary) help. But again, that has nothing to do with security.
Security has to do with a crook getting a hold of my phone and choosing the easiest way in without any legal warrants to do so (edit: and without me giving them access by putting my finger on it or giving them my PIN, assume that the crook stole my phone and wants to unlock it by themselves, and don't know how to flash a new ROM). What do you think they'll choose, fingerprint or PIN?
As for the OnePlus 6T's validity as a trustzone security method, that's not related but I do think that optical fingerprint authentication is inferior to capacitive. However, it's the only way to embed it under a screen. So given the bezelless direction in which the industry is heading, I'm afraid that it's here to stay. -
@Condor the ultrasonic one Qualcomm is working on is significantly better from what I've heard, but there's a chance Google will no longer approve new optical implementations for Trustzone.
-
@plttn who knows, right ¯\_(γ)_/¯ but again, regardless of the method used, I feel like fingerprints (the artwork on your finger, not so much the method used to detect it) is an excellent way of authentication. Other than the fact that you've only got 10 of them (so they'll better not be leaked), it's a pretty darn good authentication method. It's fast, easy, and secure. What else do you need? And there's a bazillion ones of them so good luck bruteforcing it.
-
@plttn I highly recommend you read further into Google's fingerprint authentication process. It's comparable in a sense to TPM modules in that the processing of the fingerprint is done on a dedicated processor, inaccessible to the system, i.e. it probably won't be able to leave it. It's been one of my main concerns on fingerprint authentication as well, but after some research on my end has been negated.
-
@Condor I'm not saying it's bad (I've also read the compatibility definition document), I'm just saying I'd much prefer a situation where a fingerprint sits above a secure PIN, rather than the fingerprint being the only security measure.
-
@plttn let's put it in a different perspective if you're willing to. Let a friend of yours change all the authentication parts of your phone (fingerprint, and whatever you've chosen as its fallback), then try to regain access to your phone. However, you're not allowed to reflash it or factory reset it. You want your (or in a hacker's mind) the victim's data back. Now attempt to crack your now unknown authentication codes, and assess what are your attack vectors.
This will make you think as a hacker and train you on an asset you own (thus completely legal). It's a very important skill to have, so be sure to give it a shot. -
@Condor I'm confident in my PIN, as well as having nothing only exist in one place that lives on my phone. While I'd be out the money, if my phone were lost or stolen and not recovered, I'm confident having a PIN that is meaningless is plenty.
-
@plttn it's only 10k attempts, so be sure to test it and see if it stands up!
-
@Condor Mine is currently 6 digits. At 5 attempts/30 secs that's a solid 55 hours of trying to get into my phone.
-
@plttn it's not just the classical PIN code interface that can be used (and fun fact - is never used for cracking). There's files for cracking that can be retrieved, similar to how database cracking works. You get the file, don't need whatever source you got it from anymore afterwards, and start cracking from the comfort of a well-specced cracking machine.
For more info on password cracking, check out https://youtu.be/7U-RbOKanYs. It provides good insight into why I don't think that 10k attempts is in any way sufficient.
(Edit: or 1M attempts in your case, given brute force which also is a last resort.. the speed in which cracking occurs is pretty hard to grasp, but the status quo is real.) -
@plttn essentially, think of this PIN code as any old password, but with a number limitation on it (i.e. 10^6 in your case). That's a crackable number, if a malicious hacker can get a hold of the file that's storing the hash that's backing it. Even in passwords with a 36+^6 alphanumeric character set, it's too easy. PIN codes just like keys keep out the honest people, but not crooks.
Currently the acceptable password complexity is in about 10 pseudorandom characters, while I'd recommend at least 16 to stand a few years of possible abuse. PIN codes are definitely not among those. In banks they've mitigated it by allowing only 3 PIN attempts and then swallowing your card, which is good. But that method doesn't stand up very well on the internet, especially in cases where someone can get the hash file and can get cracking on their own machine, without any internet connection being needed. Hence why PIN auth is a bit of a problem. It was useful back in the days predating biometric authentication, but nowadays I think it's been succeeded by fingerprint authentication. -
I do however think that asymmetric key files are the most secure authentication method (especially in conjunction with biometric) because a key can be so easily swapped out, and it's something you have rather than something you are as is the case with biometric. And the mind is fallible so it's far more robust than something you know. Hence why I prefer keys anywhere I can make them.. although on smartphones that might be a bit unwieldy.
-
@plttn that's the encryption backing it and doesn't have much to do with the authentication mechanisms. But say that I can't access any file on your device and I'm willing to wait 55 hours to get your PIN code in the very much last-resort method of actually going through the regular authentication scheme. Would I (as a hacker) pick the fingerprint or the PIN code?
Keep in mind that this is not much an argument of whether this or that is secure, but more so one of which one would be more secure against attackers, and initially came out of whether having both PIN and fingerprint authentication available to an attacker in an OR manner is a good idea. -
@plttn as for the TEE, it's a great thing to have. Limited access to higher trust ring resources has proven itself very effective in the Linux kernel and sysfs for example. However, PIN codes are backed by files, especially so on devices without biometric hardware onboard.
Apple, I usually enjoy your products, but REALLY?!?! Why didnβt you design a mouse to be used while itβs c...
So I Bought this bio metric pad lock for my daughter. She excitedly tried to set it up without following the directions( they actually have good directions on line) first thing you do is set the "master print" she buggered that up setting her print. So when I got home I was thinking, no problem I'll just do a reset and then we cant start again.
NOPE !!! you only have one chance to set the master print! after that if you want to reset the thing you need to use the master print along with a physical key that comes with it.
What sort if Moron designs hardware / software that is unable to be reset. Imagine how much fun it would be if once you set your router admin password it was permanent unless you can long back in to change it. Yea nobody has ever forgotten a password.
Well they are about to learn a valuable financial lesson about how user friendly design will influence your bottom line. people (me) will just return the lock to the store where they bought it, and it will have to be shipped back to the factory and will be very expensive for them paying for all of the shipping to and from and resetting and repackaging of the locks and finally shipping again to another store. Meanwhile I'll keep getting new locks until at no cost until she gets it right.
poor design
rant
bad for business
poor design
benjilock