Ask / Submit
20

Saving your fingerprint to a networked mobile device has to be a bad idea [answered]

asked 2018-06-01 12:01:24 +0200

bocephus gravatar image

updated 2018-06-01 14:42:04 +0200

jiit gravatar image

Of course Android users don't care, but you just know that as soon as they have scanned their fingerprint with their device, Google and NSA will have it in their databases within 5 minutes.

How does this now work in Sailfish X? Where and how is the fingerprint data saved, and how vulnerable is it to attack? Could it feasibly be extracted from the device by someone not in physical or in physical control of it?

edit retag flag offensive reopen delete

The question has been closed for the following reason "the question is answered, an answer was accepted" by bocephus
close date 2018-06-11 15:04:57.773668

Comments

5

It's stored in the cloud in US, on the same server where classified docs about vaccination conspiracy are.

pisarz1958 ( 2018-06-01 12:07:25 +0200 )edit
6

@pisarz1958 Your comment is not relevant and not helpful. I think it is a very good question and would like to know how and where it is stored. I don't know the truth of the statement that "Google and NSA" will have Android user's fingerprints "within 5 minutes". I guess this is not based on facts. Nevertheless, the actual question is not to be ridiculed.

johanh ( 2018-06-01 12:16:45 +0200 )edit
2

The implementation here is going to be hooked into the android hal, so i'm not sure even jolla can answer this question...

r0kk3rz ( 2018-06-01 12:20:10 +0200 )edit
8

If nobody can answer that, it sounds like a possible violation against GDPR.

johanh ( 2018-06-01 12:28:03 +0200 )edit

Maybe it saved to TrustZone,

BirdZhang ( 2018-06-01 12:32:26 +0200 )edit

2 Answers

Sort by » oldest newest most voted
11

answered 2018-06-11 10:49:16 +0200

spiiroin gravatar image

Fingerprint handling in Sailfish OS is roughly put: Leverage already existing Android fingerprint HAL via libhybris. This should then match the requirements set for Android devices as applicable for Sailfish OS. For more details about Android fingerprint HAL, see for example https://source.android.com/security/authentication/fingerprint-hal.

The Sailfish side fingerprint software handles only fingerprint template identification numbers. No attempt is even made to read/access the actual template data - apart from removing them under some circumstances.

In case of Xperia X this should mean: All raw fingerprint data processing is done within TrustZone - the same way as it is done when Xperia X is running Android. The template data is stored locally (and only locally) on the device filesystem, but in encrypted form. The encrypted files can be used for authentication purposes only on the same device where they were created on.

edit flag offensive delete publish link more

Comments

2

Thank you for explanation!

What partition the data is stored on? How does one check if the partition is full? Some Android users have had issues with that said partition being full... Or perhaps just not being able to write to?

Direc ( 2018-06-11 11:07:33 +0200 )edit
2

Currently in rootfs, under /var/lib/sailfish-fpd/templates directory. Details might vary between device types, but generally with as tight access limits as android hal allows/requires. Also, once file system encryption things get implemented and stable enough, it would be desirable to have the (already encrypted) fingerprint data reside in encrypted partition.

spiiroin ( 2018-06-11 11:48:21 +0200 )edit
2

Thanks you for sharing that information. I really appreciate the openness of the company and the level of detail we are able to get!

I have had a really bad time with my fingerprint reader, and utilising this answer, I was able to get it to work - once again, at least for a while. Could you please have a look at my question and the latest answer(s)? Thanks again!

Direc ( 2018-06-11 14:09:46 +0200 )edit

@spiiroin Thank you for your quite satisfactory answer.

bocephus ( 2018-06-11 15:04:08 +0200 )edit
3

answered 2018-06-01 13:27:39 +0200

naytsyrhc gravatar image

updated 2018-06-01 13:31:36 +0200

My answer is: no it doesn't necessarily have to.

I really don't know how it is done. But if I would implement it, I would create some sort of key from the scanned fingerprint and would use a one-way cryptographic algorithm to encrypt this key and store that as password (exactly the same way a password is stored for a user on unix systems). On using the fingerprint sensor, the system generates the key from fingerprint data and encrypts it with the same algorithm and then compares that result with the stored data. If it matches, the system will unlock. This way no fingerprint is stored anywhere and it shoudln't matter if Google or the NSA gets the encrypted representation of my fingerprint.

edit flag offensive delete publish link more

Comments

3

Your idea is good and it sounds great if implemented this way, but speculation is not a real answer on the question.

johanh ( 2018-06-01 13:48:02 +0200 )edit

I'm pretty sure, it works this way, like @naytsyrhc say. I use Fingerprint on my Lenovo ThinkPad Notebook under Debian, and fprintd works the same way.

ExPLIT ( 2018-06-01 14:00:19 +0200 )edit

Yeah, I would expect they store some data that can be used to verify the presented fingerprint is yours, which could be something like a few randomly selected key points on your finger or something else more complicated.

That would be enough to verify it's you to reasonable degree, but at the same time can't in itself be used to authenticate as you if stolen.

On the other hand, it could be used to match with your fingerprint to see if it is you if stolen. So some three letter agency could travl their supposedly huge fingerprint database and find which ones are yours by comparing with the stolen data. This would both unmask all your nefarious activities but also make them able to steal your identity by using the identified fingerprint images from their database to authenticate as you. :)

And I don't think there is anything that can be done about this concrete scenario other than verifyably storing the data in some local HSM only (as already suggested in one of the comments above).

MartinK ( 2018-06-01 15:18:23 +0200 )edit

Question tools

Follow
6 followers

Stats

Asked: 2018-06-01 12:01:24 +0200

Seen: 1,092 times

Last updated: Jun 11 '18