She has to have set it up before. There is no way to divine a fingerprint any other way. I guess the only other way would be a faulty fingerprint sensor but that should default to a non-entry.
She has to have set it up before. There is no way to divine a fingerprint any other way. I guess the only other way would be a faulty fingerprint sensor but that should default to a non-entry.
> faulty fingerprint sensor
The fingerprint sensor does not make access control decisions, so the fault would have to be somewhere else (e.g. the software code branch structure that decides what to do with the response from the secure enclave).
If you're interested in this in more detail, check this out:
https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/
This is a great read, but note that it's specific to Windows and Dell/Lenovo/Microsoft.
Apple does it different(ly), and I'd argue more securely. Being able to specify the full chain of hardware, firmware, and software always has its advantages.
Apple's fingerprint readers do not perform authentication locally -- instead the data read from the sensor (or derivatives thereof) is compared to a reference which is stored in the secure enclave in the Apple silicon (Ax Tx or Mx) of the Mac or iOS device itself.
Could be a parallel construction type thing. They already have access but they need to document a legal action by which they could have acquired it so it doesn't get thrown out of court.
I think this is pretty unlikely here but it's within the realm of possibility.
Seems like it would be hard to fake. The was she tells it she put her finger on the pad and the OS unlocked the account. Sounds very difficult to do
I think they mean if they already have her fingerprint from somewhere else, and a secret backdoor into the laptop. Then they could login, setup biometrics and pretend they had first access when she unlocked it. All without revealing their backdoor.