1. jcp007's Avatar
    My concern which is shared by others is fingerprint security on the GS6 and how it works. I passed on the GS5 because of identity theft and privacy concerns because the tech was just being introduced on GS5 in response to Apple. It was new and I decided to wait. Now that I am possibly on the verge of using it when I get my GS6, what measures have been taken to secure something so personal from unauthorized use via theft, loss or hacking? I don't need a deep dive explanation but one detailed enough to concisely answer. Thanks in advance.
    03-08-2015 12:04 PM
  2. jcp007's Avatar
    Is encryption enabled in the Settings? If it is stored as vector references, how many are necessary to reconstruct the fingerprint to authorize payment?
    03-08-2015 12:41 PM
  3. jcp007's Avatar
    Are the manufacturer and carrier indemnified against liability in case the fingerprint is obtained illegally ?
    03-08-2015 12:54 PM
  4. jcp007's Avatar
    Smartphone and Tablet Encryption and Security - CUMC IT

    Still want to know how it works. This link talks about how to set it up
    03-08-2015 04:43 PM
  5. jcp007's Avatar
    What is Biometrics - How does a Fingerprint Scanner Work - Easy Clocking

    Explanation of biometrics but not how it is secured from unauthorized use.
    03-08-2015 04:48 PM
  6. jcp007's Avatar
    After reading the article, it seems that the image but the algorithm picks out a number of distinct and unique points but stores a digital copy of this information. Beyond encrypting the device, is there a way to secure the digital version. Doesn't law enforcement only need a specific number of points to verify identity?
    03-08-2015 05:43 PM
  7. npaladin-2000's Avatar
    I can't get into the law enforcement stuff, I'm not law enforcement. But I am (among other things) an IT security guy, so I can tell you that, if you're going to use your phone (any phone mind you) for payments, encrypt the sucker and protect it, I'm talking serious security. When the phone comes out I'll probably do a step-by-step and ask the mods to sticky it, but the bottom line is that it is possible to reasonably protect your payment and biometric data from being compromised, even if your phone is stolen. You just have to follow some simple guidelines.

    1. Enable full device encryption on your phone. This encrypts all the data on the storage, so no one can read the data directly off of the memory chips.
    2. Set USB to "Charge Only" or "Prompt." I think Samsung offers those options. This way no one can just plug the powered on phone into a PC and read the data off of it with the screen locked.
    3. Set unlock security on your phone (required with encryption). There's several options here. Biometrics (face recognition, fingerprint) are hard to duplicate, but can be compelled by a judge in the US, while no one can force you to give up your PIN or password (protected under the First Amendment). This matters to some people. Regardless, this way no one can unlock the phone unless they have your PIN/Password/Biometric already.

    Now, it's important to emphasize that none of these options is 100% perfect security. Given enough time, any of them can be cracked. They're not designed to be perfect, they're designed to protect your data long enough so you can do this:

    4. Make use of Android Device Manager (or alternatives) to initiate a remote wipe of your missing device the second you discover it's missing. The minute the thing goes online, it'll factory reset itself, getting rid of your payment info and biometric data (along with all those kitten photos you didn't want anyone to know you have).

    Oh, I almost forgot Item Number 5, but as fair warning, this is in fact taking a sharp stick and whacking it around the middle of the beehive.

    5. Do not use removable storage! Any data stored on it will be saved from a remote wipe when they remove the card from the phone, and then they can take their sweet time cracking the encryption on it. If there is any, since people probably didn't encrypt it so they could move their 90,000 songs and 500 movies to their new device every 6 months instead of actually managing their mobile library and deleting what they don't use. Besides, given how slow SD cards are to begin with, encrypting them would basically make them unusable anyway.</rant>
    STEVESKI07 likes this.
    03-08-2015 10:59 PM
  8. jcp007's Avatar
    I can't get into the law enforcement stuff, I'm not law enforcement. But I am (among other things) an IT security guy, so I can tell you that, if you're going to use your phone (any phone mind you) for payments, encrypt the sucker and protect it, I'm talking serious security. When the phone comes out I'll probably do a step-by-step and ask the mods to sticky it, but the bottom line is that it is possible to reasonably protect your payment and biometric data from being compromised, even if your phone is stolen. You just have to follow some simple guidelines.

    1. Enable full device encryption on your phone. This encrypts all the data on the storage, so no one can read the data directly off of the memory chips.
    2. Set USB to "Charge Only" or "Prompt." I think Samsung offers those options. This way no one can just plug the powered on phone into a PC and read the data off of it with the screen locked.
    3. Set unlock security on your phone (required with encryption). There's several options here. Biometrics (face recognition, fingerprint) are hard to duplicate, but can be compelled by a judge in the US, while no one can force you to give up your PIN or password (protected under the First Amendment). This matters to some people. Regardless, this way no one can unlock the phone unless they have your PIN/Password/Biometric already.

    Now, it's important to emphasize that none of these options is 100% perfect security. Given enough time, any of them can be cracked. They're not designed to be perfect, they're designed to protect your data long enough so you can do this:

    4. Make use of Android Device Manager (or alternatives) to initiate a remote wipe of your missing device the second you discover it's missing. The minute the thing goes online, it'll factory reset itself, getting rid of your payment info and biometric data (along with all those kitten photos you didn't want anyone to know you have).

    Oh, I almost forgot Item Number 5, but as fair warning, this is in fact taking a sharp stick and whacking it around the middle of the beehive.

    5. Do not use removable storage! Any data stored on it will be saved from a remote wipe when they remove the card from the phone, and then they can take their sweet time cracking the encryption on it. If there is any, since people probably didn't encrypt it so they could move their 90,000 songs and 500 movies to their new device every 6 months instead of actually managing their mobile library and deleting what they don't use. Besides, given how slow SD cards are to begin with, encrypting them would basically make them unusable anyway.</rant>
    Thanks. Finally, someone answered some of my questions. You should have a sticky on encrypting our devices before or shortly after it's released. That would really be great.
    03-08-2015 11:32 PM
  9. jcp007's Avatar
    Is encryption enabled in the Settings? If it is stored as vector references, how many are necessary to reconstruct the fingerprint to authorize payment?
    Is there some agreed upon standard for mobile payments in terms of how many unique identifier on the fingerprint are stored digitally?
    03-08-2015 11:44 PM
  10. mountainman's Avatar
    03-09-2015 09:29 AM
  11. chezm's Avatar
    Using the finger print scanner to login to websites with passwords is an awesome feature
    03-09-2015 02:13 PM
  12. jcp007's Avatar
    Thought we might revisit this topic. How many fingerprints can be used on the GS6? Why would you want more than your own fingerprint on the device?
    03-22-2015 06:47 PM
  13. unashamedgeek's Avatar
    Thought we might revisit this topic. How many fingerprints can be used on the GS6? Why would you want more than your own fingerprint on the device?
    I want both my thumbs and index fingers. I'd also like to have at least one for my wife. So at least 5 stored would be ideal for me.
    03-22-2015 09:57 PM
  14. Frenzytom's Avatar
    I remember from another video where you can do up to 4 fingerprints.

    Tapatalk on Droid Turbo
    03-22-2015 10:18 PM
  15. jcp007's Avatar
    I remember from another video where you can do up to 4 fingerprints.

    Tapatalk on Droid Turbo
    Here's another one or two..are the fingerprints backed up anywhere? When you do a factory reset, I would also want to be sure that they got wiped as well?
    03-25-2015 06:30 AM
  16. STEVESKI07's Avatar
    Here's another one or two..are the fingerprints backed up anywhere? When you do a factory reset, I would also want to be sure that they got wiped as well?
    As far as I know, a factory reset is a factory reset. They would have to purposely back up the fingerprints if they wanted to, which is obvious they wouldn't want that.

    Not trying to play detective here, but you seem awfully concerned about your fingerprint security.

    I personally love the fingerprint technology and it will make my device and my wife's devices actually secure for the first time. I don't use password or any security to unlock currently. I've never lost a phone and I never leave it out in public places, etc. It's not worth the hassle of having to type in a password every time I check my phone, which is often. The fingerprint is great. My device will be secure and it doesn't take any extra time to unlock the device.

    Forgot to add, awesome post npaladin-2000! Some great tips there. I never thought of changing the USB setting to "prompt" for security reasons.
    03-25-2015 07:11 AM

Similar Threads

  1. How do I clean up Dialer Storage on Samsung Galaxy S5?
    By AC Question in forum Ask a Question
    Replies: 4
    Last Post: 01-08-2016, 08:33 PM
  2. Replies: 1
    Last Post: 03-08-2015, 10:28 PM
  3. How to make the battery lasts longer?
    By plasticman99 in forum General Help and How To
    Replies: 4
    Last Post: 03-08-2015, 09:35 PM
  4. Why won't my gallery/ camera work properly?
    By AC Question in forum Ask a Question
    Replies: 1
    Last Post: 03-08-2015, 11:51 AM
  5. Replies: 0
    Last Post: 03-08-2015, 11:28 AM
LINK TO POST COPIED TO CLIPBOARD