Larger Attack Surface on User’s Device

I today take up this The Register report - “Client-side content scanning as an unworkable, insecure disaster for democracy”   https://www.theregister.com/2021/10/15/clientside_side_scanning/

Glancing over this worrying report, I found this paragraph especially eye-catching; “It goes on to look at all the potential problems with CSS systems. These include the possibility of abuse by authorized and unauthorized parties, as well as local adversaries – a user's partner, ex-partner, other family member, or rival who has access to the user's device.”
 
This kind of threat is supposed to be mitigated by a secure login. In this aspect, we know that Apple is shooting itself in the foot by increasing the attack surface (=increasing the vulnerability) of the login security as the result of adding a probabilistic back door of biometrics login such as TouchID and FaceID on top of the deterministic front door of a default pincode/password.
 
If there is nothing particularly wrong in using two authenticators in a ‘two-entrance’ deployment for convenience's sake, it is absolutely wrong to lead the consumers to wrongly believe that the security has been improved.
 
Actually, it has brought down identity security, spreading a false sense of security among consumers.
 
Well, as for the security effect of deploying two authenticators in ‘multi-entrance’ deployment (as against ‘multi-layer’ deployment), you might well be interested in these posts -
 
“Biometrics is to Password what Back door is to Front door” 
 
“Step-by-Step Analysis of Why and How Biometrics Brings Down Security” 
 
“Get graphs to talk the nature of probabilistic biometrics” 

False Acceptance Rates and False Rejection Rates



10

10%

10°




38 (Equa ror Rates)

procucts
(more accurate)






00 100 ar 100 10
FAR (Fale Accegtarce Rates)Worry about a backdoor?">