biometric
Latest
The Galaxy S5's fingerprint reader can be fooled by fake digits
It looks like the iPhone 5s isn't the only smartphone whose fingerprint reader can be fooled by fake digits. SR Labs has just posted a video (shown below) showing that Samsung's just-launched Galaxy S5 is susceptible to the same trick: as long as you have a good photo of a latent print (such as one from the touchscreen), you can create a mold that passes for a real finger. The lab also claims that Samsung's approach may ultimately be less secure than Apple's, since you're not forced to enter a passcode under certain conditions (such as a reboot) and can use the fingerprint to make PayPal transactions.
Swedish students cook up a way to pay with your hands
Big companies have been trying to make in-store payments with mobile devices a thing for years, which makes Frederik Leifland's approach awfully refreshing by comparison. There's no smartphone, no NFC chip, no apps involved here -- all you need to pay for your Frosted Flakes and Nutella is the palm of your hand. You see, Leifland (of Sweden's Lund University) has cooked up a way to identify shoppers by the unique branching pattern of veins in their hands.
Apple explains how the iPhone's fingerprint sensor keeps your info secure
If you've ever wanted to know how the iPhone 5s' Touch ID fingerprint security works beyond a basic overview, you'll be glad to hear Apple has just delivered a motherlode of new details. An updated version of its iOS Security white paper (PDF) explains much of what happens to your finger data after you touch the sensor. In short, your information may be more hack-resistant than it seems at first glance. Each A7 chip has a unique secure space that neither the A7 nor Apple can read, and every authentication session is encrypted end-to-end. The company is also offering a deeper explanation of what it does with your fingerprint image, noting that the print only lasts in memory until it's turned into a decryption key. As we've known for a while, there are safeguards that wipe out that key after 48 hours of inactivity, a reboot or five failed login attempts. While the new insights will only have so much usefulness when developers can't use Touch ID for their own apps, they suggest that there's little to no chance of fingerprint theft or a large-scale data breach.
Microsoft joins the FIDO Alliance to put an end to passwords
The FIDO Alliance is on a roll: It already has support from heavyweights like Google and Lenovo in its quest to eliminate password-based sign-ins, and it's now bringing Microsoft into the fold. The software pioneer is taking a seat at the Alliance's board of directors, where it will help shape open authentication standards. Microsoft isn't revealing what it would like to do with FIDO at this early stage, but it's easy to see the company improving both its verification methods and Windows' support for biometric readers. There are still gaps in the Alliance's membership -- Apple and Samsung aren't involved, for instance. Still, Redmond's involvement makes it clearer than ever that the group will have a lot of say over our future digital security.
Samsung is not buying a fingerprint scanning company, 'completely false' release distributed (updated)
Between the iPhone 5s and the forthcoming HTC One Max, it looks as if biometric security will be the next big mobile battleground. Not to be done, of course, Samsung has just splashed out $650 million on Swedish firm Fingerprint Cards AB. The company has already crafted a swipe sensor that works on mobile devices like the Galaxy S 4, and has similar technology working with Windows 8.1 devices. The unit will be turned into a separate division of the Korean behemoth, and the re-named Samsung Fingerprint Cards Division will be run by AB's current CEO, Johan Carlström. Update: Investor relations site Cision tells the Financial Times the press release it sent out confirming the sale was "completely false" and that it's investigating. We've checked with Samsung who confirmed that the report was not true, and that it was not aware of where the news came from. The initial press release as well as a new one from Fingerprint Cards AB can be found after the break. Update 2: Fingerprint Cards added that "what has happened will be reported to the police and to the Swedish Financial Supervisory Authority." There's definitely something fishy going on here.
Synaptics' new acquisition could bring fingerprint readers to most laptops
If you hadn't heard, fingerprint readers are in vogue these days. Synaptics clearly knows it: the company just acquired Validity, a firm that specializes in finger-based authentication. The $92.5 million deal gives Synaptics both access to the biometric market as well as a complement to its existing touch input devices. While the company isn't detailing its plans, it's easy to see the potential impact. When Synaptics makes the majority of laptop trackpads, there's a real chance that fingerprint sign-ins on PCs could become commonplace.
AliveCor ECG comes to Android, transmits your palpitations to Instagram
If you've been gazing longingly at the AliveCor Heart Monitor but an Android affinity has kept you out in the cold, its developer has good news. Starting today, AliveCor's clinical-quality (and now FDA-approved) ECG is compatible with the Samsung Galaxy S III, S4 and the HTC One. The device itself is available as a standalone accessory, but users of select handsets can pick up a case with it built in. What's more, the unit is on sale today for $199 through the developer's website, in case you need to keep an eye on your ticker at all times. If your heart really does beat faster when you hold your loved ones, you can now share that on Instagram too; the University of Southern California has created BioGram, an app that pairs with AliveCor's tech to do slap your heart's BPM over the top of your sepia-tinged photos. Awww.
Android phones with FIDO-based fingerprint readers to arrive in early 2014
The FIDO Alliance hinted that mobile fingerprint readers would play a part in its passcode-free strategy, and it turns out that we'll see those readers quite soon. Group president Michael Barrett tells USA Today that Android smartphones with FIDO-based fingerprint readers should be available in about six months, or early 2014. While the Alliance isn't saying which companies are launching those devices, we'd expect FIDO members like Lenovo and LG to embrace the technology first. As for other platforms? Barrett believes that Apple's Touch ID could work with FIDO, but we wouldn't count on it when Apple is still hesitant to embrace third-party developers.
iPhone 5s fingerprint reader has a timed safeguard, dislikes sweaty digits
Beyond the basics, Apple has said little of how the iPhone 5s Touch ID fingerprint reader works -- we mostly know that it's inaccessible to the outside world. Thankfully, the company has shed further light on Touch ID through statements to the Wall Street Journal. To start, iPhone owners will have to unlock with a passcode if they either reboot or haven't unlocked within 48 hours. The safeguard prevents hackers from simply biding their time while they look for a workaround, Apple says. Legitimate users will also want to keep their hands dry, as the reader doesn't work well with fingers covered in sweat and other liquids. You won't want to try unlocking immediately after running, then, but it's evident that Apple already knows many of Touch ID's real-world limitations.
iPhone 5s fingerprint reader authentication isn't open to developers for time being
So, you know fancy new fingerprint reading home button Apple showed off for the iPhone 5s at today's event? The company demonstrated functionality for unlocking and buying stuff through iTunes. Cool, but what about third-party apps? We can imagine all sorts of neat uses not limited to buying stuff. For the time being, however, the authentication functionality is off-limits. Apple exec Phil Schiller told All Things D that the hardware won't be opened to developers initially. As to whether that functionality will be arriving in the future, Apple's not ready to say just yet.
Nymi bracelet uses biometric heart data to unlock digital and physical doors (video)
Unlike faces and fingerprints, a heart's electrical activity is difficult to fake -- it's a unique and potentially ideal security tool. Bionym is taking advantage of this trustworthiness in its upcoming Nymi bracelet. The wristwear authenticates users through a combination of electrocardiograms and Bluetooth proximity detection; if Nymi recognizes your heart rhythm, it automatically logs you into nearby devices. The bracelet also recognizes gesture commands, and a future developer kit should extend the gadget's usefulness beyond basic security for PCs and smartphones. It could unlock doors or make retail payments, for example. Nymi won't ship until early 2014, but it's already available for pre-order at a $79 early bird price.
Dual-SIM HTC One Max for China Unicom leaked, may pack a fingerprint reader
Much like HTC itself, leaksters have also been hard at work to help promote this company. Courtesy of ePrice, the latest spy shots feature the upcoming 5.9-inch One Max, and specifically, this is a dual-SIM model destined for China Unicom. Like the One Dual (or better known as 802w, 802t or 802d in China), this much bigger device sports a removable metallic back cover for access to the dual SIM slots, along with what appears to be a microSD slot at the top right corner. There are also a set of docking pins towards the bottom right on the back, so chances are we'll see official dock accessories for this bad boy.
iOS 7 beta 4 hints at upcoming iPhone fingerprint sensor
Ever since Apple's purchase of biometric sensor company AuthenTec last year the rumor mill has been abuzz with predictions that a future iteration of the iPhone would employ built-in fingerprint authorization. Now, as 9to5Mac reports, Twitter user Hamza Sood has discovered a folder in the newly released iOS 7 beta 4 that references a biometric user interface, complete with descriptions of a setup process that includes images of a color-changing fingerprint and a person holding an iPhone with their thumb on the Home button. Earlier this month Apple was granted a patent for an in-display fingerprint sensor which would allow for biometric functionality while negating the need for a separate sensor panel. This new evidence certainly isn't a confirmation of such a feature being included in the next iPhone -- rumored to be called the iPhone 5S -- but it's definitely more validation than we normally see regarding rumors of this magnitude. [Image credit: Hamza Sood]
Valve measures sweat during Left 4 Dead play
Valve tinkers with a lot of things – whatever it feels like, mostly – but has a particular interest in biometrics and direct player feedback within games. At the Neurogaming Conference last week, Valve Experimental Psychologist (seriously, whatever if feels like) Mike Ambinder described a few tests he'd recently run, as reported by Venture Beat. In one test, Valve measured how much players sweat while playing Left 4 Dead, as correlated to their levels of arousal – just as Valve boss Gabe Newell specified back in March, concerning biometrics in the Steam Box. Another experiment gave players four minutes to shoot 100 enemies, and the game would move more quickly as the player showed signs of nervousness. Valve also created a successful version of Portal 2 controlled with players' eyeballs, but it was necessary to separate aiming and viewpoint – where your eyes are looking and where your head is facing – for that to work properly. The Steam Box will host some sort of biometric scheme, Newell said in that March interview. "What we've found is you can directly measure player state and it turns out to be very useful," Newell said. "You need to be able to directly measure how aroused the player is, what their heart rate is, things like that, in order to continue to offer them a new experience each time they play."
Paytouch lets your fingerprints make purchases, hopes to expand into Europe and America next year
The business of commerce is alive and well, and while there's far too much noise for anyone to stand on the mobile side, Paytouch is hoping to add a new wrinkle on the conventional end. The Barcelona-based outfit was on hand here at The Next Web Conference, showcasing its biometric payment terminal and setting the stage for what's to come. For those unfamiliar, the Paytouch terminal is currently being used at Ushuaïa Ibiza Beach Hotel -- users with a Paytouch account simply link their credit card to their fingerprints, and a two-finger press is all it takes to order another glass of sangria. The benefits are fairly obvious for all parties involved. For the consumer, there's no longer a need to carry a credit card that can be skimmed, lost or stolen; for the retailer, it's able to encourage impulse buying in an entirely new way; for Paytouch, there's a commission paid on each purchase.
AOptix Stratus lets iPhone users check ID through eyes, faces, fingers and voices
The many attempts at weaving biometric identification into mobile devices have usually focused on only one aspect at a time, whether it's fingerprints or voices, and often for access to just the device itself. AOptix isn't quite so narrowly focused. Its new Stratus system combines an app with a custom iPhone 4 / 4S case (the Stratus MX) to verify faces, irises, fingerprints and voices for grander purposes, whether it's office workers checking in or entire national ID programs. The bundle should be more portable than most such alternatives, as well as more intuitive through its familiar interface. Odds are that you won't be buying a Stratus kit to scan friends and family at home, though. Apart from the bundle's lack of support for the iPhone 5 or any non-iOS platform, the Stratus software in the App Store isn't an impulse purchase at $199 -- and an emphasis on quotation-based case sales likely means you'll be the scanner's target, not its owner.
Insert Coin: PIPA Touch fingerprint reader lets phone owners authenticate most anything
In Insert Coin, we look at an exciting new tech project that requires funding before it can hit production. If you'd like to pitch a project, please send us a tip with "Insert Coin" as the subject line. Mobile security beyond PIN codes and passwords is usually a tentative affair. There's fingerprint readers, but they're often specific to the device or the platform, and sometimes limited to just a handful of tasks. Team PIPA wants to raise funds for a more universal solution. Its PIPA Touch scanner can add biometric authentication to phones' lock screens, websites and other tasks through a developer kit, and a modular design lets it slip into cases for the Android, iOS and Windows Phone devices that should receive support. Security goes beyond most fingerprint readers, as well: while a basic swipe-and-done scan is an option, the truly cautious can require a multi-scan sequence that fends off just about any intruder.
iPhone appealing as BYOD smartphone thanks to security warning
When it comes to mobile devices in enterprises, Apple's iOS platform leads the way. But according to an opinion post by Computerworld's Jonny Evans, iOS may become even more dominant in enterprise computing thanks to a security warning about Android devices that came from the Internet Crime Complaint Center (IC3), a Federal task force that includes the Federal Bureau of Investigation (FBI), the National White Collar Crime Center and the Bureau of Justice Assistance. That security scare, dealing with Android malware, isn't the only reason why corporate IT departments are welcoming iPhones into companies as "bring your own device" (or BYOD) equipment. As Evans notes, a new system from HID Global brings government-level biometric security to the iPhone, and the next iPhone could feature built-in identification technology from Microlatch and Apple-owned AuthenTec. Evans lists six reasons why Apple provides the most secure BYOD smartphones on the market: Apple's iOS is inherently more secure than Android for a host of reasons, not least device fragmentation and the availability of security updates. Apple's App Store is more secure because it is curated. The FBI and others note the frequency of malware attacks on poorly protected Android devices. BYOD means enterprises are looking to standardize around a set of secure devices, but need to make those decisions sooner, not later. Solutions are already available that allow an iPhone to meet government agency-level security requirements, including secure monitoring of communications sent using that device. With the Lightning data transfer protocol, Apple is already laying the ground for future device security improvements. In conclusion, Evans notes that "the platform's current position as the world's most secure mass market mobile OS makes it the best platform for enterprise deployments." It's a good read for anyone in corporate IT or who is attempting to persuade their employer to allow iOS devices in a BYOD situation.
Sony patents player recognition on sci-fi scale
A patent Sony filed in May 2012 was recently uncovered, indicating the company has interest in knowing exactly who the users of its products are. The patent, titled "Process and Apparatus for Automatically Identifying User of Consumer Electronics," describes the inclusion of fingerprint sensors that would read biometric data of its users on products such as phones, keyboards and gaming controllers.The patent's abstract reads, "A user of a device may be uniquely identified using a metric that is contingent upon the user using the device for its intended purpose without the user having to perform a separate step, function or operation for the express purpose of identifying the user." The document continues to elaborate on context-sensitive content that would be automatically generated for users upon identification.Biometric data has mingled with gaming before, most notably when Nintendo introduced (but did not release) the Vitality Sensor device.
FBI to roll out $1 billion public facial recognition system in 2014, will be on to your evildoing everywhere
They're watching you -- or at least will be in a couple of years. That's when the FBI is gearing up for a nationwide launch of a $1 billion project designed to identify people of interest, according to the New Scientist. Dubbed the Next Generation Identification (NGI) program, the high-tech endeavor uses biometric data such as DNA analysis, iris scans and voice identification to track down folks with a criminal history. The FBI also plans to take NGI on the road literally by using public cameras to pick faces from the crowd and cross check them with its national repository of images. Let's just say this facial technology isn't going to be used for lighthearted Japanese vocaloid hijinks or unlocking your electronic device. The use and scope of NGI, which kicked off a pilot program in February, will likely be questioned not just by black helicopter watchers but privacy advocates as well. Facial recognition has certainly been a touchy issue in privacy circles -- something Facebook learned firsthand in Germany. Meanwhile, the Electronic Frontier Foundation is already raising concerns about innocent civilians being mixed up or included in the database. Naturally, the FBI claims that the NGI program is in compliance with the U.S. Privacy Act. On the positive side, at least they didn't name it the Genetic Lifeform and Disk Operating System.
