Mobile
News
9/11/2013
11:50 AM
Connect Directly
RSS
E-Mail
50%
50%

iPhone 5s Fingerprint Scanner: 9 Security Facts

Will Apple's fingerprint-based authentication make your iPhone 5s more secure, or will it cause more trouble than it's worth?

5. Biometric Authentication Has So-So Reputation

If more smartphone makers follow Apple's lead, that would represent quite a turn for the fortunes of biometric authentication, which has historically been a technology in search of an application. Britain's biometric residence permits, for example, which store copies of a person's face and fingerprints, were initially pitched to combat both terrorism and welfare fraud. In the face of privacy criticism and information security questions, however, the government backtracked, opting instead to sock the expensive IDs only on immigrants.

6. From Faces To Fingers

Beyond government policy, adapting biometrics for consumer use has faced technological challenges. For example, smartphone fingerprint sensors debuted on Android devices, including the Motorola Atrix in 2011. But users reported that the fingerprint sensor worked infrequently enough to be a hassle.

Going forward, other biometric innovations, such as Face Unlock, a screen-unlocking feature introduced with Android version 4.0 (Ice Cream Sandwich), have reportedly also enjoyed a so-so usability track record. Or as "Dave H." tweeted: "Android face unlock never works so it's 100% secure."

7. No, The NSA Can't Collect Fingerprint Data

Following the iPhone 5s unveiling Tuesday, it took little time for conspiracy theorists to begin decrying Touch ID as a covert attempt by American intelligence agencies to siphon up vast amounts of fingerprint data on foreigners. Just one problem: people visiting the United States -- aside from most Canadians -- are already required to submit to fingerprint scans. In addition, Apple said the fingerprint data will be encrypted, stored in a "secure enclave" in the A7 chip and never backed up to iCloud.

8. Fingertips Don't Leave Classic Fingerprints

A related security observation: The print left by your fingertip pressing on a home button will differ from the type of print collected and stored by border and law enforcement agencies. "That means while hackers may be able to lift your thumbprint from you holding other objects, or from other parts of the phone itself, they probably can't get the tip print needed to do bad things on your iPhone," said Robert David Graham, CEO of Errata Security, in a blog post. "We cybersec hackes will be discussing how to break this in the near future, so I thought I'd be the first to make this observation."

9. Cue Police Drama Abuse

Touch ID will also no doubt be exploited -- so to speak -- via police procedural dramas. The Hollywood thriller take on the iPhone 5s almost writes itself: Electronic bank heist, double cross, stolen iPhone, missing finger, cut to revenge. Surely a race is already underway between the scriptwriters of the various CSI and NCIS franchises to see who can work in an iPhone 5s angle first.

The fictional implications of phones that can be unlocked using fingertips hasn't been lost on information security watchers. "I see a market for selling fingers to be used with these devices. Hopefully not when the phone's churned on eBay!" tweeted "Lee Beejasas." Call that "phish fingers," security researcher Cluley helpfully tweeted. "I guess we need to start telling people not to use the same finger for all their devices," he said.

But thankfully, Sebastien Taveau, CTO of Validity Systems -- which doesn't work with Apple -- told The Wall Street Journal that modern fingerprint scanners search for signs of vitality when reviewing a fingerprint. In other words, dismembered digits shouldn't do the job.

On that note, Apple fans, happy shopping.

Learn more about mobile device security by attending the Interop conference track on Risk Management and Security in New York from Sept. 30 to Oct. 4.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Mathew
50%
50%
Mathew,
User Rank: Moderator
9/19/2013 | 3:20:29 PM
re: iPhone 5s Fingerprint Scanner: 9 Security Facts
Latest info: 5 people can store scans of up to 5 fingertips (each)
Mathew
50%
50%
Mathew,
User Rank: Moderator
9/19/2013 | 3:19:58 PM
re: iPhone 5s Fingerprint Scanner: 9 Security Facts
Cara, I think that would require a wholesale rewrite of related fingerprint collection and tracking software. In short, I don't think it would be easily compatible with existing approaches.
Mathew
50%
50%
Mathew,
User Rank: Moderator
9/19/2013 | 3:19:05 PM
re: iPhone 5s Fingerprint Scanner: 9 Security Facts
As convenience features go, I think this will be quite useful. Also, even if hackers do find a way to breach this, they'd still need physical access to the device. Your typical "apple picking" mugger probably isn't going to be well-versed in the latest iPhone 5s biometric fingerprint evasion tactics.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
9/12/2013 | 8:56:52 PM
re: iPhone 5s Fingerprint Scanner: 9 Security Facts
I'm going to wait and see whether the hacking community can do anything with fingerprint scanner before I consider an iPhone 5s. My sense is that the fingerprint scanner is more of a convenience feature than a security feature.
Cara Latham
50%
50%
Cara Latham,
User Rank: Apprentice
9/12/2013 | 5:53:53 PM
re: iPhone 5s Fingerprint Scanner: 9 Security Facts
While the fingertip is different from an actual fingerprint, what is to prevent law enforcement from simply switching to collect fingerprint data and using that method as part of its investigations?
Chris McVey
50%
50%
Chris McVey,
User Rank: Apprentice
9/12/2013 | 4:03:52 AM
re: iPhone 5s Fingerprint Scanner: 9 Security Facts
So now the NSA will not only have your phone calls, texts and emails but you will willingly give up your fingerprints! Rock on, idjits.
Shane M. O'Neill
50%
50%
Shane M. O'Neill,
User Rank: Author
9/11/2013 | 8:40:22 PM
re: iPhone 5s Fingerprint Scanner: 9 Security Facts
So either would work. Makes sense. Thanks Mathew!
Mathew
50%
50%
Mathew,
User Rank: Moderator
9/11/2013 | 8:33:13 PM
re: iPhone 5s Fingerprint Scanner: 9 Security Facts
Shane, you should be able to store a profile for both on an iPhone 5S.
Shane M. O'Neill
50%
50%
Shane M. O'Neill,
User Rank: Author
9/11/2013 | 8:21:16 PM
re: iPhone 5s Fingerprint Scanner: 9 Security Facts
I switch off a lot between using my thumb and index finger. I guess people will have to pick one.
Cara Latham
50%
50%
Cara Latham,
User Rank: Apprentice
9/11/2013 | 7:54:35 PM
re: iPhone 5s Fingerprint Scanner: 9 Security Facts
I agree. For those who are looking to upgrade after a longtime with one model, this one seems to be a good option. But this offers nothing to someone who has the current model.
Page 1 / 2   >   >>
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 20, 2014
CIOs need people who know the ins and outs of cloud software stacks and security, and, most of all, can break through cultural resistance.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.