TL;DR: a repair shop owner from Germany managed to create a tool to calibrate the display angle sensor (used to trigger sleeping on Macs when the lid is closed)

  • lazyvar@programming.dev
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 year ago

    There are a couple of concerns with biometrics.

    The big one is, as you already mentioned, spoofing biometrics.

    The FaceID or TouchID sensor essentially saying “I got that face/fingerprint that you have in your Secure Enclave”. Granted it is a sophisticated attack, but nevertheless one you’d want to prevent if only because it’s good practice to maintain a secure chain in which the individual links can trust each other.

    For similar reasons the lockdown mode exists, which is mainly useful in limited scenarios (e.g. journalists, dissidents, etc).

    On the other hand, if ever there was a potential attacker, it would be a government because they unlimited funds in theory and it isn’t hard to imagine the FBI trying to utilize this in the San Bernardino case if it was available.

    A different risk, which would make the above quite a bit easier to accomplish, would be an altered biometrics scanner that, in addition to working the way it’s supposed to work, stores and sends off your biometrics or simply facilitates a replay attack.