Does it really make a practical difference if a compromised OS is required to get another fingerprint input? Even if it can't replay an old input, it seems relative easy to throw up a fake lock screen and use the input from there (or intercept the touch event on a real lock screen).
In practice I would expect that the only protection this provides is requiring the user to interact with the machine at least once after it was compromised.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
How meaningful are the replay protections?
Date: 2022-12-11 07:57 pm (UTC)In practice I would expect that the only protection this provides is requiring the user to interact with the machine at least once after it was compromised.