Apple’s Thumbscan and Your Security

If Apple allows you to add the thumbscan to the access requirement in conjunction with a passphrase then this is moot and I would say go for it. Yes, there’s no doubt that your biometric data may be compromised. If you can live with that possibility then let’s look at another potential problem. If you use an iOS device when it is locked the contents are encrypted to your passphrase (unlock code). If you don’t unlock it any contents downloaded will be encrypted. Currently law enforcement agencies with a warrant can go to Apple and get the contents decrypted. This in itself means the phone is insecure but barring Apple doing it there’s no way for an average criminal or other organization to gain access to your phones data without your passphrase.

Now, if you tell someone your passphrase whether that be a police officer or other government organization conducting an unconstitutional search or some other person then any misuse is your own fault. Barring torture, if you do not tell them then they will not gain access. Now insert the thumbscan access procedure. Police are already forcibly taking blood and DNA. What is to stop them or anyone else from forcibly unlocking your phone with your thumb?

Now, let me be clear my concern is not an officer with a warrant or valid probable cause, it’s a warrantless search or a criminal. Yes, If your not doing anything wrong why should YOU care? If your not doing anything wrong why do THEY care?

So I say, don’t ever hand your cell phone to someone you don’t explicitly trust. …and if your auto insurance company offers you the option of having your insurance card on your phone and you hand that unlocked phone to an officer don’t be surprised if he takes the phone back to his cruiser to download the contents. If this happens to you don’t use your phone until you completely wipe and restore the contents from your backup. You may be carrying out spyware that allows access to the data at anytime.

If Apple offers dual authentication then great otherwise don’t rely on the thumbscan.

Google asks how far are you from Kevin Bacon?

Google has never been afraid to have a little fun — just try searching “do a barrel roll” or “zerg rush” — and their latest easter egg is no different. Presenting the Bacon number search feature. We all know about the “6 degrees of Kevin Bacon,” the parlor game surrounding one of the most prolific actors of our time. The game is a variation on the “six degrees of separation,” a hypothesis that posits that everyone in the world is no more than six links from anyone else. If you aren’t familiar with the game, the goal is to find the most efficient connection between any actor and Kevin Bacon…

read more

Eavesdropping Antennas Can Steal Your Secrets

“At the RSA computer security conference last week, Gary Kenworthy of Cryptography Research held up an iPod Touch on stage and looked over to a TV antenna three meters away. The signal picked up by the antenna, routed through an amplifier and computer software, revealed the secret key being used by an app running on the device to encrypt data. An attacker with access to this key could use it to perfectly impersonate the device he stole it from—to access e-mail on a company server, for example.

The antenna was detecting radio signals “leaking” from the transistors on the chip inside the phone performing the encryption calculations. Transistors leak those signals when they are active, so the pattern of signals from a chip provides an eavesdropper a representation of the work the chip is doing. When Kenworthy tuned his equipment to look in the right place, a clear, regular pattern of peaks and troughs appeared on his computer screen. They could be seen to come in two varieties, large and small, directly corresponding to the string of digital 1s and 0s that make up the encryption key.”

read more