upvote

points

by macintux9 hours ago |
comments
upvoteby QuantumNomad_9 hours ago|
next
[-]
Probably enabled it at some point and forgot. Perhaps even during setup when the computer was new.
reply
upvoteby intrasight6 hours ago|
parent|
next
[-]
My recollection is the computers do by default ask the user to set up biometrics
reply
upvoteby NewsaHackO8 hours ago|
parent|
prev|
[-]
I want to say that is generous of her, but one thing that is weird is if I didn’t want someone to go into my laptop and they tried to force me to use my fingerprint to unlock it, I definitely wouldn’t use the finger I use to unlock it on the first try. Hopefully, Apple locks it out and forces a password if you use the wrong finger “accidentally” a couple of times.
reply
upvoteby altairprime7 hours ago|
parent|
[-]
Correct. That’s why my Touch ID isn’t configured to use the obvious finger.
reply
upvoteby throwawayq342310 minutes ago|
parent|
[-]
Honestly, that's clever.
reply
upvoteby b1129 hours ago|
prev|
next
[-]
Very much so, because the question is... did she set it up in the past?

How did it know the print even?

reply
upvoteby ezfe8 hours ago|
prev|
next
[-]
Why is this curious?
reply
upvoteby macintux7 hours ago|
parent|
[-]
There appear to be a relatively few possibilities.

* The reporter lied.

* The reporter forgot.

* Apple devices share fingerprint matching details and another device had her details (this is supposed to be impossible, and I have no reason to believe it isn't).

* The government hacked the computer such that it would unlock this way (probably impossible as well).

* The fingerprint security is much worse than years of evidence suggests.

Mainly it was buried at the very end of the article, and I thought it worth mentioning here in case people missed it.

reply
upvoteby orwin5 hours ago|
parent|
next
[-]
My opinion is that she set it up, it didn't work at first, she didn't use it, forgot that it existed, and here we are.

> Apple devices share fingerprint matching details and another device had her details

I looked into it quite seriously for windows thinkpads, unless Apple do it differently, you cannot share fingerprint, they're in a local chip and never move.

reply
upvoteby fragmede4 hours ago|
parent|
[-]
So how does TouchID on an external keyboard work without having to re-set up fingerprints?
reply
upvoteby piperswe3 hours ago|
parent|
[-]
Presumably the fingerprint data is stored in the Mac's Secure Enclave, and the external keyboard is just a reader
reply
upvoteby ezfe6 hours ago|
parent|
prev|
[-]
The reporter lying or forgetting seems to be the clear answer, there's really no reason to believe it's not one of those. And the distinction between the two isn't really important from a technical perspective.

Fingerprint security being poor is also unlikely, because that would only apply if a different finger had been registered.

reply
upvoteby dyauspitr9 hours ago|
prev|
[-]
She has to have set it up before. There is no way to divine a fingerprint any other way. I guess the only other way would be a faulty fingerprint sensor but that should default to a non-entry.
reply
upvoteby quesera8 hours ago|
parent|
next
[-]
> faulty fingerprint sensor

The fingerprint sensor does not make access control decisions, so the fault would have to be somewhere else (e.g. the software code branch structure that decides what to do with the response from the secure enclave).

reply
upvoteby d1sxeyes3 hours ago|
parent|
[-]
If you're interested in this in more detail, check this out:

https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/

reply
upvoteby giraffe_lady8 hours ago|
parent|
prev|
[-]
Could be a parallel construction type thing. They already have access but they need to document a legal action by which they could have acquired it so it doesn't get thrown out of court.

I think this is pretty unlikely here but it's within the realm of possibility.

reply
upvoteby tsol8 hours ago|
parent|
[-]
Seems like it would be hard to fake. The was she tells it she put her finger on the pad and the OS unlocked the account. Sounds very difficult to do
reply
upvoteby operator-name8 hours ago|
parent|
[-]
I think they mean if they already have her fingerprint from somewhere else, and a secret backdoor into the laptop. Then they could login, setup biometrics and pretend they had first access when she unlocked it. All without revealing their backdoor.
reply