GS6 Fingerprint Security-how does it work?

jcp007 · Mar 8, 2015

My concern which is shared by others is fingerprint security on the GS6 and how it works. I passed on the GS5 because of identity theft and privacy concerns because the tech was just being introduced on GS5 in response to Apple. It was new and I decided to wait. Now that I am possibly on the verge of using it when I get my GS6, what measures have been taken to secure something so personal from unauthorized use via theft, loss or hacking? I don't need a deep dive explanation but one detailed enough to concisely answer. Thanks in advance.

jcp007 · Mar 8, 2015

Is encryption enabled in the Settings? If it is stored as vector references, how many are necessary to reconstruct the fingerprint to authorize payment?

jcp007 · Mar 8, 2015

Are the manufacturer and carrier indemnified against liability in case the fingerprint is obtained illegally ?

jcp007 · Mar 8, 2015

Smartphone and Tablet Encryption and Security - CUMC IT

Still want to know how it works. This link talks about how to set it up

jcp007 · Mar 8, 2015

What is Biometrics - How does a Fingerprint Scanner Work - Easy Clocking

Explanation of biometrics but not how it is secured from unauthorized use.

jcp007 · Mar 8, 2015

After reading the article, it seems that the image but the algorithm picks out a number of distinct and unique points but stores a digital copy of this information. Beyond encrypting the device, is there a way to secure the digital version. Doesn't law enforcement only need a specific number of points to verify identity?

npaladin-2000 · Mar 9, 2015

I can't get into the law enforcement stuff, I'm not law enforcement. But I am (among other things) an IT security guy, so I can tell you that, if you're going to use your phone (any phone mind you) for payments, encrypt the sucker and protect it, I'm talking serious security. When the phone comes out I'll probably do a step-by-step and ask the mods to sticky it, but the bottom line is that it is possible to reasonably protect your payment and biometric data from being compromised, even if your phone is stolen. You just have to follow some simple guidelines.

1. Enable full device encryption on your phone. This encrypts all the data on the storage, so no one can read the data directly off of the memory chips.
2. Set USB to "Charge Only" or "Prompt." I think Samsung offers those options. This way no one can just plug the powered on phone into a PC and read the data off of it with the screen locked.
3. Set unlock security on your phone (required with encryption). There's several options here. Biometrics (face recognition, fingerprint) are hard to duplicate, but can be compelled by a judge in the US, while no one can force you to give up your PIN or password (protected under the First Amendment). This matters to some people. Regardless, this way no one can unlock the phone unless they have your PIN/Password/Biometric already.

Now, it's important to emphasize that none of these options is 100% perfect security. Given enough time, any of them can be cracked. They're not designed to be perfect, they're designed to protect your data long enough so you can do this:

4. Make use of Android Device Manager (or alternatives) to initiate a remote wipe of your missing device the second you discover it's missing. The minute the thing goes online, it'll factory reset itself, getting rid of your payment info and biometric data (along with all those kitten photos you didn't want anyone to know you have).

Oh, I almost forgot Item Number 5, but as fair warning, this is in fact taking a sharp stick and whacking it around the middle of the beehive.

5. Do not use removable storage! Any data stored on it will be saved from a remote wipe when they remove the card from the phone, and then they can take their sweet time cracking the encryption on it. If there is any, since people probably didn't encrypt it so they could move their 90,000 songs and 500 movies to their new device every 6 months instead of actually managing their mobile library and deleting what they don't use. Besides, given how slow SD cards are to begin with, encrypting them would basically make them unusable anyway.</rant>

jcp007 · Mar 9, 2015

npaladin-2000 said:
I can't get into the law enforcement stuff, I'm not law enforcement. But I am (among other things) an IT security guy, so I can tell you that, if you're going to use your phone (any phone mind you) for payments, encrypt the sucker and protect it, I'm talking serious security. When the phone comes out I'll probably do a step-by-step and ask the mods to sticky it, but the bottom line is that it is possible to reasonably protect your payment and biometric data from being compromised, even if your phone is stolen. You just have to follow some simple guidelines.

1. Enable full device encryption on your phone. This encrypts all the data on the storage, so no one can read the data directly off of the memory chips.
2. Set USB to "Charge Only" or "Prompt." I think Samsung offers those options. This way no one can just plug the powered on phone into a PC and read the data off of it with the screen locked.
3. Set unlock security on your phone (required with encryption). There's several options here. Biometrics (face recognition, fingerprint) are hard to duplicate, but can be compelled by a judge in the US, while no one can force you to give up your PIN or password (protected under the First Amendment). This matters to some people. Regardless, this way no one can unlock the phone unless they have your PIN/Password/Biometric already.

Now, it's important to emphasize that none of these options is 100% perfect security. Given enough time, any of them can be cracked. They're not designed to be perfect, they're designed to protect your data long enough so you can do this:

4. Make use of Android Device Manager (or alternatives) to initiate a remote wipe of your missing device the second you discover it's missing. The minute the thing goes online, it'll factory reset itself, getting rid of your payment info and biometric data (along with all those kitten photos you didn't want anyone to know you have).

Oh, I almost forgot Item Number 5, but as fair warning, this is in fact taking a sharp stick and whacking it around the middle of the beehive.

5. Do not use removable storage! Any data stored on it will be saved from a remote wipe when they remove the card from the phone, and then they can take their sweet time cracking the encryption on it. If there is any, since people probably didn't encrypt it so they could move their 90,000 songs and 500 movies to their new device every 6 months instead of actually managing their mobile library and deleting what they don't use. Besides, given how slow SD cards are to begin with, encrypting them would basically make them unusable anyway.</rant>

Thanks. Finally, someone answered some of my questions. You should have a sticky on encrypting our devices before or shortly after it's released. That would really be great.

jcp007 · Mar 9, 2015

jcp007 said:
Is encryption enabled in the Settings? If it is stored as vector references, how many are necessary to reconstruct the fingerprint to authorize payment?

Is there some agreed upon standard for mobile payments in terms of how many unique identifier on the fingerprint are stored digitally?

mountainman · Mar 9, 2015

Oh yeah baby..... http://bgr.com/2015/03/09/galaxy-s6-tips-and-tricks/

chezm · Mar 9, 2015

the_stig#WN said:
Oh yeah baby..... Galaxy S6 tips and tricks: Log into websites with fingerprint scanner | BGR

Using the finger print scanner to login to websites with passwords is an awesome feature

jcp007 · Mar 22, 2015

Thought we might revisit this topic. How many fingerprints can be used on the GS6? Why would you want more than your own fingerprint on the device?

unashamedgeek · Mar 23, 2015

jcp007 said:
Thought we might revisit this topic. How many fingerprints can be used on the GS6? Why would you want more than your own fingerprint on the device?

I want both my thumbs and index fingers. I'd also like to have at least one for my wife. So at least 5 stored would be ideal for me.

Frenzytom · Mar 23, 2015

I remember from another video where you can do up to 4 fingerprints.

Tapatalk on Droid Turbo

jcp007 · Mar 25, 2015

Frenzytom said:
I remember from another video where you can do up to 4 fingerprints.

Tapatalk on Droid Turbo

Here's another one or two..are the fingerprints backed up anywhere? When you do a factory reset, I would also want to be sure that they got wiped as well?

STEVESKI07 · Mar 25, 2015

jcp007 said:
Here's another one or two..are the fingerprints backed up anywhere? When you do a factory reset, I would also want to be sure that they got wiped as well?

As far as I know, a factory reset is a factory reset. They would have to purposely back up the fingerprints if they wanted to, which is obvious they wouldn't want that.

Not trying to play detective here, but you seem awfully concerned about your fingerprint security.

I personally love the fingerprint technology and it will make my device and my wife's devices actually secure for the first time. I don't use password or any security to unlock currently. I've never lost a phone and I never leave it out in public places, etc. It's not worth the hassle of having to type in a password every time I check my phone, which is often. The fingerprint is great. My device will be secure and it doesn't take any extra time to unlock the device.

Forgot to add, awesome post npaladin-2000! Some great tips there. I never thought of changing the USB setting to "prompt" for security reasons.

Search

GS6 Fingerprint Security-how does it work?

jcp007

jcp007

jcp007

jcp007

jcp007

jcp007

npaladin-2000

Well-known member

jcp007

jcp007

mountainman

Well-known member

chezm

jcp007

unashamedgeek

Well-known member

Frenzytom

Well-known member

jcp007

STEVESKI07

Well-known member

Similar threads

Latest posts

Members online

Trending Posts

Forum statistics

Share this page