[skewart]

> Unless you're securing State Secrets or occupy rarefied enough heights that you have a Swiss bank account I don't really see anyone bothering.

You're vastly underestimating how valuable access to a person's phone can be. It's not just about quickly wiring money or stealing state secrets but also about building blocks for social engineering campaigns, ad/app fraud, extorsion and all sorts of different things.

And the petty thief who steals your phone doesn't need to have the tools to spoof the biometrics. There just needs to be some criminal organization that does and that's willing to pay petty thieves for stolen phones.

[naravara]

>And the petty thief who steals your phone doesn't need to have the tools to spoof the biometrics. There just needs to be some criminal organization that does and that's willing to pay petty thieves for stolen phones.

And have a pipeline that can buy and move stolen phones fast enough to crack them before the owners can remotely wipe them.

Amazon would kill for that kind of logistical capacity.

[jakelazaroff]

I get that all of this is valid in theory, but has there been even one single case of a thief, criminal or law enforcement organization actually using biometric data to unlock a phone?

Obviously past events are no guarantee of future, but still — most advisories like this frankly come across as fearmongering.