IBM Introduces Biometric Thinkpad 195
An anonymous reader writes "IBM has added biometric security to its thinkpad notebooks. The next generation of T series thinkpads will have an integrated fingerprint scanner for added security. The latest machines will also include some pretty cool encryption software, that will keep your hard disk safe, but still let you backup and restore images. This guy managed to get his hands on an early prototype T42 with the new security features integrated."
swipe scan (Score:5, Interesting)
That is a great idea. Such an elegant solution to what could have been a big problem.
Remember your friends (Score:3, Interesting)
But... (Score:5, Interesting)
Safe... but from whom? (Score:5, Interesting)
If they designed it in such a way that the LEA backdoor is secure (say, it's got an LEA public key on it, and the private key is kept in the forensics labs), I'll buy one tomorrow. I don't have a need to defend against .gov adversaries - I just want to know that the data on my drives remains secure even after someone steals 'em to get his or her crack fix.
If, however, they designed it in such a way that the backdoor is not secure (say, a default password stored in cleartext on a serial EEPROM), that's another story. I'll download the crack when it comes out next week, and my soldering iron and I will have an endless supply of cheap entertainment when the machines start showing up at the surplus stores in 2009.
Notebook Nirvana... (Score:3, Interesting)
Every time someone asks me about a notebook I recommend IBM. They go out to Best Buy and get some other brand with 20 other options they don't need and then get mad when it breaks or isn't stable. Thanks IBM!
I feel sorry for someone who loses a finger. (Score:4, Interesting)
I'm a little disappointed that the encryption stuff may not transfer well to non-Windows OSs.
Now what happens when someones finger is damaged to due fire, electrical shock, or blunt trauma? I had this problem with an old Compaq laptop that had a system password at the BIOS level. It made the laptop permanently mine since I didn't want to disclose my password to anyone else.
I know there's room for 21 different fingerprints, but I wonder how many end users are going to think to register more than one of their fingers...just in case.
Re:A bit of false security. (Score:3, Interesting)
I'd give up my PGP private key to someone who put a gun to my head - that doesn't mean that PGP itself is insecure.
Re:swipe scan (Score:3, Interesting)
(I always wondered why this was not common on laptops when it has been common on my PDA for so long...)
Re:swipe scan (Score:3, Interesting)
Or maybe not - what is wrong with a lock and key to open the laptop?
Not only would it protect the data, it would prevent the HD and DVD combo from being stolen from the laptop while its sitting on the desk (happened to two colleagues lately).
And stop the keyboard from being damaged by children and small animals.
Given that the T series have titanium cases, a lot of force would be needed to open them and they would probably be wrecked if forced open (assuming a suitably strong lock.) This is the feature I want most next time I buy a T series (I have an IPaq with fingerprint recognition, and its great, but I would still prefer a lock and key for the laptop (I have a T series - they are great too).
Student's Thesis makes this feature useless! (Score:3, Interesting)
I didn't RTFA, admittedly, but did IBM take her results into consideration before designing/implementing this feature?
But but but... what about the Leenooks! (Score:2, Interesting)
Encrypting a Windows machine prior to login is nice, but in the rest of the world, the GUI is the last thing we run, not the first.
In Windows, you run the GUI, and execute the shell.
In Linux (and most Unixes), you run the shell, and execute the GUI. Its a very different paradigm.
You need to encrypt the data (AND swap!) at the bootloader level, otherwise the whole point of it is irrelevant.
Integration with Windows? (Score:1, Interesting)
We've been using Safeguard Easy on Thinkpad laptops in our office for some years now, and it really doesn't seem to affect performance much... certainly not for office use anyway. Takes a hell of a long time to initially encrypt though.
Limited Credential Revocation (Score:3, Interesting)
If your RSA key is compromised, you can just generate another. You can do this as often as necessary. However, if you fingerprint is compromised, all you can do is switch fingers. Nine compromises later, you're SOL.
Now for ordinary folks who just use this to keep others from messing with their laptops, this isn't an issue. However, if security is critical, biometrics just won't cut it.
And, yes it's fairly easy to fool a finger print scanner. All it takes is some Krazy glue and a Gummi bear [theregister.co.uk].
copycat (Score:3, Interesting)
How is this different than apples FileVault [apple.com] feature in OSX which uses 128bit AES encription on your home directory?
I have a powerbook and I must say that the FileVault works beautifully (and seamlessly)
It used to be Microsoft copying Apple, but I guess IBM can do it to. Granted my powerbook doesn't use a fingerprint as the encryption key.. but still.
A funny story about this... (Score:3, Interesting)
There was an interview in Business 2.0 a couple years ago with an individual who claimed she had had a very similar problem: she had just finished a presentation for a conference; the weekend before the conference she had a mishap in the kitchen and burned her finger, so she couldn't use the biometric authentication mechanism on her laptop. Her solution? She got on a plane and went to see her twin sister in Florida. She actually claimed in the article that "twins have identical fingerprints" and her sister was able to log in to her laptop for her and save the day.
The huge, glaring flaw in this scenario is that even identical twins will have fingerprints that look as much alike as the fingerprints of two random strangers on the street. The interview was good for a laugh, but sadly it does not appear to be available on the Business 2.0 site any more.
The individual was Bondra Bchneider, where B==S. She also referred to binary 1010 as "ten-ten"...
Re:I'm sorry, but you're an idiot. (Score:2, Interesting)
Insecure? (Score:3, Interesting)
Are we looking at a new, better generation of readers today or are they still as insecure as they used to be?