Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Toshiba Puts Fingerprint Readers on Cell Phones

Posted by samzenpus on Thu Feb 15, 2007 02:46 AM
from the touch-it dept.
Communications Security
An anonymous reader writes "As if it wasn't enough to have fingerprint scanners on laptops, Toshiba has put them on two of its latest smart phones. The Toshiba G500 and G900 feature fingerprint scanners on the back of the handsets, allowing users to access their phone by simply sliding their finger over the scanner. This is supposed to provide a better level of security than using a code of some sort. Of course it also means that someone is more likely to chop your hand off if they desperately want your data."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Toshiba Puts Fingerprint Readers on Cell Phones 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • The Toshiba G500 and G900 feature fingerprint scanners on the back of the handsets, allowing users to access their phone by simply sliding their finger over the scanner.
    ...and that would be the middle one.

    IMHO it's far more complex than necessary, more cool features == more things waiting to fail.

    • Re:I'd slide it a finger allright... (Score:4, Informative)

      by SimonInOz (579741) on Thursday February 15 2007, @06:43AM (#18022064)
      I have one of these Toshibas. The fingerprint scan works mostly - but it doesn't work very well if you are cold (maybe it thinks you are dead ... how would Spike [a vampire - info for those foolish few who don't follow Buffy] operate one of these?)
      Also the software for handling the login process is pretty sucky - it's hard to handle the mail server which tends to come up with different names, etc etc. I eventually disabled it for all except the main login, which works well enough to cope with. I have done better than most - who have given in.

      On a phone, it could be a pain - but at least it has to do only one thing. Entering a six digit password (as I must on my corporate Blackberry) is *very* painful, though, and a fingerprint scan would defintely be better than that.

      • The fingerprint scan works mostly - but it doesn't work very well if you are cold

        Another problem just occurred to me: in winter, people will have to take their gloves off just to make phone calls outdoors!

        I realize that people in the US spend a lot of time driving, but people also make a lot of calls when outdoors waiting for people to meet them, etc.

        Or will global warming soon become so intense that we won't have to worry about outdoor gloves anymore? ^_^;

  • Better security? (Score:5, Insightful)

    by Niten (201835) on Thursday February 15 2007, @03:07AM (#18021220) Homepage

    Of course it also means that someone is more likely to chop your hand off if they desperately want your data.

    More realistically, you'd also have to worry about somebody lifting your fingerprint from, say, the phone itself, then using that to log in. The MythBusters did a segment [youtube.com] showing how easy it is to lift somebody's fingerprint, then use that print to defeat a scanner.

    This thing isn't going to increase security, it's only going to increase convenience.

    • Re:Better security? (Score:5, Insightful)

      by sporkme (983186) * on Thursday February 15 2007, @03:30AM (#18021306) Homepage
      You're absolutely right, but I would argue that it does not really even increase convenience. The last thing I need when my phone is ringing in a meeting, while driving, or at the dinner table is the horrific realization that I have forgotten to unlock the phone, and thus I must now meticulously subject myself to a fingerprint scan. Furthermore, many of us are negligent with proper care and handling of our cellphones. Until now that might result in a cracked outer screen or intermittently functioning button, but never in a total lock-out of an otherwise functional phone. So what happens when the reader is damaged? A hefty repair bill is what, and up to a month without that uber-vital super-secret data that just had to be protected with biometrics.

      I have always felt that fingerprint scanning was ridiculous and cumbersome sci-fi, but real tests against this kind of security have shown that it is a waste of time and money. There is no replacement for properly managed and complicated password systems coupled with strong encryption. I regularly show friends and family how to create passwords that can be remembered but not guessed, and how to manage passwords that are outdated.

      This reminds me of two prior /. stories. Bank employees merrily collected USB flashdrives that were scattered outside and proceeded to plug them [slashdot.org] into their terminals. Old cellphones purchased on eBay reveal secret data. [slashdot.org]

      • Re:Better security? (Score:5, Insightful)

        by jrumney (197329) on Thursday February 15 2007, @04:39AM (#18021594) Homepage

        The last thing I need when my phone is ringing in a meeting, while driving, or at the dinner table is the horrific realization that I have forgotten to unlock the phone

        On every phone I have seen, you can answer incoming calls when the phone is locked. What you can't do is make outgoing calls, or browse through the phonebook, calendar and other personal information on the phone. I don't see any reason why this would change just because the authentication technology changed from a PIN to a fingerprint.

      • Re: (Score:2, Offtopic)

        by Alioth (221270)
        Please turn your phone off in meetings or while at dinner - and especially while driving! The former are merely being polite, the latter is not killing a motorcyclist because you were distracted by your phone. Incidentally, the latter - using a handheld phone wile driving, carries a £1000 fine here.

    • Re:Better security? (Score:4, Insightful)

      by MobileTatsu-NJG (946591) on Thursday February 15 2007, @04:13AM (#18021458)
      "This thing isn't going to increase security, it's only going to increase convenience."

      Easy to defeat != no effect on security. Otherwise nobody'd lock their car doors. Afterall, it only takes a hammer to get in.

      • You're correct in that even this is better than no security at all. However, what I (and the summary) meant by "increase security" was security with respect to the traditional method of locking one's phone, which is with a PIN or a password of some kind. In that sense, this system will not increase security, as fingerprint authentication systems are demonstrably less secure than a well-chosen password.

      • Doors locked < The Club < in the garage < leave some shotgun shells on the dash.
        Fingerprint scanner < lock phone with PIN < lock phone with password < don't put secret data in an easily compromised system.

        When it comes to security, this idea is both neat and worthless. And yes, when I go backpacking I leave some shotgun shells on the dash of my truck. All other things being equal, thieves will take the Prius.

      • Re: (Score:3, Interesting)

        by jrumney (197329)

        When biometric technology was new, it was expensive, and the only customers were military and other high security installations who are always looking for ways to increase the perception of security, if not the actual security. So technology to measure pulse, body temperature etc was built into the scanners from an early stage, to counter the sci-fi movie ideas of cutting off fingers, ripping out eyeballs etc to get around the biometric security.

        More recently though, there has been a drive to cut costs an

  • Nice way to get everyone's finger print on record (Score:4, Insightful)

    by Pizaz (594643) on Thursday February 15 2007, @03:12AM (#18021240)
    I mean really, what's the guarantee that your fingerprint data wont be uploaded through the network and stored in a big database somewhere?
    • Time to put on the tinfoil hats! No, its the fact that in order to do something like your thinking, you need all the proper permission... unless you already think that "The Man" will do what it wants, no matter what.

      • Frighteningly, I don't think there's that great a difference, in terms of technical feasibility, cost of implementation, or legal dubiousness, between the NSA clandestinely spying on the private conversations of U.S. citizens by the aid of AT&T and others; and that same agency, hypothetically, collecting fingerprint data from consumers by the aid of whichever cellular carriers will offer this phone.

        It may seem improbable, but we've already seen equally grievous government intrusions into personal priv

      • unless you already think that "The Man" will do what it wants, no matter what


        Fortunately for democracy in the USA, The Man is strictly limited in what He can do by the Patriot Act.

  • If it works as badly as Lenovo's scanner, fuggedaboutit. I didn't really ask for one, but it came with my Lenovo and I thought it would be interesting to try. Sure enough I could not log in without a successful scan, but it usually took 5 or 6 tries. I disabled it after a couple days.

    As for losing your hand, well, I would think that most criminals would not risk the much higher penalty for doing that, not to mention the much tougher fight most people would put up. I've also heard scanners have an even

    • If it works as badly as Lenovo's scanner, fuggedaboutit. I didn't really ask for one, but it came with my Lenovo and I thought it would be interesting to try. Sure enough I could not log in without a successful scan, but it usually took 5 or 6 tries. I disabled it after a couple days.

      Are you sure you set it up correctly? I'm writing this on a Thinkpad T60, and have absolutely no issues whatsoever with the fingerprint scanner. If it takes me more than one or two tries (which happens VERY rarely), then I re

      • Re:If it works as badly as Lenovo's... (Score:4, Insightful)

        by Dunbal (464142) on Thursday February 15 2007, @04:40AM (#18021600)
        If someone's actually willing to chop of your finger or hand, are you really going to give them a hassle about it?

              You bet.

              What, are you just going to "do what the gun says"? Your best chance is to try to get away. Who says they're not going to kill you, if they're willing to cut your finger off. Why leave a witness alive?
        • Interestingly enough, in nearly all states the penalties for kidnapping equal or exceed the penalties for murder (particularly if it's not first degree). So the same goes for if someone is trying to kidnap you... there's no compelling for them to leave you alive, and in fact there are a lot of compelling reasons for them not to, so you should do your best to escape. Not that that will probably ever be useful information for any of us, but it is somewhat interesting (at least imo).

          Cheers.

  • gummy bears (Score:4, Informative)

    by MillionthMonkey (240664) on Thursday February 15 2007, @03:24AM (#18021284)
    That stuff they make gummy bears out of is great for making fake fingerprints [theregister.co.uk] using someone's latent print, some crazy glue, a digital camera, Photoshop, a transparency sheet, a photo-sensitive PCB, and gummy bear gelatin. You can destroy everything but the gelatin, break into a facility that uses a fingerprint reader for security, and then eat the last bit of evidence.
  • If I'm not mistaken, this technology has already been implemented in some Japanese phones. I recall seeing it advertised on the http://www.nttdocomo.com/ [nttdocomo.com] website more than a year ago. Other features at the time included what equates to our PayPass, except that it was inside your cell phone. Another more widely used feature was the barcode scanners that would allow you to take a picture with your phone's camera of a square-shaped barcode that could be found on many advertisements and products and then fin

  • Backdoor? (Score:5, Insightful)

    by VincenzoRomano (881055) on Thursday February 15 2007, @03:31AM (#18021320) Homepage Journal
    Almost all phones have backdoors that can be used easily without opening the phone itself.
    All of them can be "cracked" by opening the case.
    Both are available for repair centers (and hackers as well).
    So if someone really needs your data, he will get them, with or without your chopped finger!
    • Some phones are starting to encrypt their storage, so breaking into them through the servicing routes is not going to get you much information. Windows Mobile 6 will encrypt any external storage card [zdnet.com] if configured to, for example.
      • Data encryption on a cellphone cannot be too powerful as the computing resources are quite scarce while access speed is important.
        Moreover some algorythms [slashdot.org] have been proven to be breakable.
        I still think finger prints on cell phones is just marketing buzz.

  • Give him a hand? (Score:4, Funny)

    by MarkRose (820682) on Thursday February 15 2007, @03:37AM (#18021346) Homepage
    If someone wants to chop my hand off to use my cell, well, I'll just give him the finger!

  • Nothing new! (Score:4, Interesting)

    by KNicolson (147698) on Thursday February 15 2007, @03:41AM (#18021360) Homepage

    My wife's phone from three years ago had one. It also incorporated a dog game/simulator, and one of the ways to make the dog happy was to get your fingerprint swiped in order to pet the dog.

    Now, what is new and interesting is the 813SH for Biz [gearfuse.com] which has a remote control data destruct option, or even the slightly older P903i which comes with a wireless DES dongle [msn.com] that locks the phone once it gets out of range.

  • What happens if the scanner breaks? (Score:4, Interesting)

    by antifoidulus (807088) on Thursday February 15 2007, @04:07AM (#18021434) Homepage Journal
    I asked this at a research conference once(it was about mobile phone security as well) and the researcher, who had drawn out all these equations showing how wonderful the fingerprint security was couldn't answer me. For a device like a mobile phone that tends to get tossed around and abused a lot, I wouldn't imagine that the scanner breaking would be all that rare of an occurence. However, the researcher just said that if the fingerprint scanning device was broken, then you could use a password instead, of course this was after he spent the first 5 minutes of his presentation telling us how passwords were insecure. Assuming that passwords are insecure, wouldn't the first thing an attacker does when getting the phone be to smash the fingerprint scanner? Then what was the point?
  • as i have previously mentioned in an older post, i used to participate in a reasearch at my uni for a major mobile phone company (sony ericsson) for the implementation of fingerprint recognition on cell phones and other mobile devices (PDAs,notebooks,etc). Personally i preffer the fingerprint sollution rather than the RFID one because the phone's security is up to you and not as "hollow" as RFID can be by the use of reverse engineering. It's simple, if your phone is stolen the perp needs to have your thumb
    • Not sure about that. It's been repeatedly shown that fingerprint readers aren't secure and can be broken trivially. Not only this but they are unreliable with plenty of false-negatives. The biggest practical problem though is that you're moving the danger from something mostly harmless to lose (your phone) to something stupidly horrific to lose (your finger or even your hand). You need to think of what you're protecting here - I'd rather have the phone in danger than a finger.

      Biometrics have never be
    • "You cannot reverse engineer a fingerprint simply because you cannot have a clue on how the actual fingerpint is shaped" - unless of course you have a handy source of copies of the owner's fingerprints ALL OVER THE PHONE CASING ALREADY!

  • May I be about the only person here to say that this sounds like a good idea. Fair enough it's not secure enough to protect your uber secret data but realistically how many of use are carrying information that is that vital in our mobile phone? What most of use want the password for is to make our phone virtually worthless if stolen. If you are carrying around data that is very important then I would suggest so other form of encryption.

  • my hands are dirty?

  • ... the fingerprint scanner also doubles up as a touch-sensitive scroll interface that lets you scroll down emails, menus or Web sites simply by sliding your finger over it. While it may seem strange to have the scanner on the back, it's actually quite well placed because your fingers are on the back of the phone when you're holding it.

    This sounds a more sensible use and kudos if they didn't patent [slashdot.org] it.


  • I don't know that people would need to chop your hand off to get your data. I mean, all they'd need would be your fingerprint. But where would they find that? Oh, wait, they already have your LOVELY SHINY PLASTIC PHONE THAT YOU TOUCH WITH YOUR FINGERS AND THAT HAS FINGERPRINTS ALL OVER IT.

    So I'm a little skeptical. Another thing that makes me skeptical is that I've worked with lots of devices that require fingerprint scans, and honestly for the tiny amount of security they add the inconvenience is so hu
  • ...when they pry it from my cold, dead hand.

    Oh wait.

    • Re: (Score:3, Insightful)

      by DrSkwid (118965)
      > The need for security is actually higher for a mobile handset than for a laptop, as they get lost far more often.

      So why carry unencrypted sensitive data on them ?

      • ...on a work mobile, the contacts in your phone book may be, and probably are, sensitive. Have a look at your own - have you got direct dial numbers, names, departments etc that could be used by a social engineer?
        • I still don't understand why you think my phone needs more security than my laptop per se. If I think I'm going to lose something often then I should assume I am going to lose it at any moment ergo I should make sure it's notionally disposable. Even my ancient Pentium III T23 laptop would cost me more to replace than my brand new Nokia so why does it need a biometric. It's not a Lawgiver!

        • yeah (Score:2, Informative)

          by DrSkwid (118965)
          *surely* there's only *one* binary

          congratulations, you're number 3 (0100) not 2 (0011) or 1 (0001)

          to feel the need to correct me
    • Groan. Here we go again..

      I think Toshiba is breaking new ground with this phone and its release is likely to start a trend.

      I most certainly hope not, for reasons stated below.

      The need for security is actually higher for a mobile handset than for a laptop, as they get lost far more often.

      The need for protecting an asset has little to do with the frequency or potential for loss, more with the information that would be lost or compromised (different facets with different ratings) and that is a very p
      • You can either choose to buy a SIM and then a phone separately or you can go for a contract and get a phone that is cheaper than you would normally pay. However, the downside to the lock-in is that you may have features disabled (of course if you own a Motorola, you can use FLEX editing to enable the features again :)
      • Yeah and they'd argue that it is impossible for someone to have used your phone, despite it being quite possible to copy a fingerprint. I believe insurance companies did that regarding some "unbreakable" security systems/locks in cars (ie: we're not paying because despite you claiming your car was stolen we claim such an act is impossible so go stfu).
    • Warm the finger up by, say, holding it in your hand for a while.

      I very much doubt a scanner can tell the difference between a warmed up finger and a living one.

      Heck, they can't tell the difference between a finger and a gummy bear at the moment...

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.