zlacker

> Natanson said she does not use biometrics for her devices, but after investigators told her to try, “when she applied her index finger to the fingerprint reader, the laptop unlocked.”

Curious.

>>macint+(OP)
Probably enabled it at some point and forgot. Perhaps even during setup when the computer was new.

>>macint+(OP)
Very much so, because the question is... did she set it up in the past?

How did it know the print even?

>>macint+(OP)
She has to have set it up before. There is no way to divine a fingerprint any other way. I guess the only other way would be a faulty fingerprint sensor but that should default to a non-entry.

>>macint+(OP)
Why is this curious?

>>dyausp+k9
Could be a parallel construction type thing. They already have access but they need to document a legal action by which they could have acquired it so it doesn't get thrown out of court.

I think this is pretty unlikely here but it's within the realm of possibility.

>>giraff+sg
Seems like it would be hard to fake. The was she tells it she put her finger on the pad and the OS unlocked the account. Sounds very difficult to do

>>tsol+ch
I think they mean if they already have her fingerprint from somewhere else, and a secret backdoor into the laptop. Then they could login, setup biometrics and pretend they had first access when she unlocked it. All without revealing their backdoor.

>>dyausp+k9
> faulty fingerprint sensor

The fingerprint sensor does not make access control decisions, so the fault would have to be somewhere else (e.g. the software code branch structure that decides what to do with the response from the secure enclave).

>>Quantu+W
I want to say that is generous of her, but one thing that is weird is if I didn’t want someone to go into my laptop and they tried to force me to use my fingerprint to unlock it, I definitely wouldn’t use the finger I use to unlock it on the first try. Hopefully, Apple locks it out and forces a password if you use the wrong finger “accidentally” a couple of times.

>>ezfe+ub
There appear to be a relatively few possibilities.

* The reporter lied.

* The reporter forgot.

* Apple devices share fingerprint matching details and another device had her details (this is supposed to be impossible, and I have no reason to believe it isn't).

* The government hacked the computer such that it would unlock this way (probably impossible as well).

* The fingerprint security is much worse than years of evidence suggests.

Mainly it was buried at the very end of the article, and I thought it worth mentioning here in case people missed it.

>>NewsaH+hn
Correct. That’s why my Touch ID isn’t configured to use the obvious finger.

>>Quantu+W
My recollection is the computers do by default ask the user to set up biometrics

>>macint+Tr
The reporter lying or forgetting seems to be the clear answer, there's really no reason to believe it's not one of those. And the distinction between the two isn't really important from a technical perspective.

Fingerprint security being poor is also unlikely, because that would only apply if a different finger had been registered.

>>macint+Tr
My opinion is that she set it up, it didn't work at first, she didn't use it, forgot that it existed, and here we are.

> Apple devices share fingerprint matching details and another device had her details

I looked into it quite seriously for windows thinkpads, unless Apple do it differently, you cannot share fingerprint, they're in a local chip and never move.

>>orwin+iV
So how does TouchID on an external keyboard work without having to re-set up fingerprints?

>>fragme+5b1
Presumably the fingerprint data is stored in the Mac's Secure Enclave, and the external keyboard is just a reader

>>queser+Vl
If you're interested in this in more detail, check this out:

https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/

>>altair+oz
Honestly, that's clever.

>>macint+(OP)
My read on this is that she tried to bluff, even though the odds were astronomically high that they'd call her on it. She didn't have anything to lose by trying a little white lie. It's what I would have done in the same situation, anyway.

>>d1sxey+Vs1
This is a great read, but note that it's specific to Windows and Dell/Lenovo/Microsoft.

Apple does it different(ly), and I'd argue more securely. Being able to specify the full chain of hardware, firmware, and software always has its advantages.

Apple's fingerprint readers do not perform authentication locally -- instead the data read from the sensor (or derivatives thereof) is compared to a reference which is stored in the secure enclave in the Apple silicon (Ax Tx or Mx) of the Mac or iOS device itself.