Will Apple's fingerprint-based authentication make your iPhone 5s more secure, or will it cause more trouble than it's worth?
5. Biometric Authentication Has So-So Reputation
If more smartphone makers follow Apple's lead, that would represent quite a turn for the fortunes of biometric authentication, which has historically been a technology in search of an application. Britain's biometric residence permits, for example, which store copies of a person's face and fingerprints, were initially pitched to combat both terrorism and welfare fraud. In the face of privacy criticism and information security questions, however, the government backtracked, opting instead to sock the expensive IDs only on immigrants.
6. From Faces To Fingers
Beyond government policy, adapting biometrics for consumer use has faced technological challenges. For example, smartphone fingerprint sensors debuted on Android devices, including the Motorola Atrix in 2011. But users reported that the fingerprint sensor worked infrequently enough to be a hassle.
Going forward, other biometric innovations, such as Face Unlock, a screen-unlocking feature introduced with Android version 4.0 (Ice Cream Sandwich), have reportedly also enjoyed a so-so usability track record. Or as "Dave H." tweeted: "Android face unlock never works so it's 100% secure."
7. No, The NSA Can't Collect Fingerprint Data
Following the iPhone 5s unveiling Tuesday, it took little time for conspiracy theorists to begin decrying Touch ID as a covert attempt by American intelligence agencies to siphon up vast amounts of fingerprint data on foreigners. Just one problem: people visiting the United States -- aside from most Canadians -- are already required to submit to fingerprint scans. In addition, Apple said the fingerprint data will be encrypted, stored in a "secure enclave" in the A7 chip and never backed up to iCloud.
8. Fingertips Don't Leave Classic Fingerprints
A related security observation: The print left by your fingertip pressing on a home button will differ from the type of print collected and stored by border and law enforcement agencies. "That means while hackers may be able to lift your thumbprint from you holding other objects, or from other parts of the phone itself, they probably can't get the tip print needed to do bad things on your iPhone," said Robert David Graham, CEO of Errata Security, in a
blog post. "We cybersec hackes will be discussing how to break this in the near future, so I thought I'd be the first to make this observation."
9. Cue Police Drama Abuse
Touch ID will also no doubt be exploited -- so to speak -- via police procedural dramas. The Hollywood thriller take on the iPhone 5s almost writes itself: Electronic bank heist, double cross, stolen iPhone, missing finger, cut to revenge. Surely a race is already underway between the scriptwriters of the various CSI and NCIS franchises to see who can work in an iPhone 5s angle first.
The fictional implications of phones that can be unlocked using fingertips hasn't been lost on information security watchers. "I see a market for selling fingers to be used with these devices. Hopefully not when the phone's churned on eBay!" tweeted "Lee Beejasas." Call that "phish fingers," security researcher Cluley helpfully tweeted. "I guess we need to start telling people not to use the same finger for all their devices," he said.
But thankfully, Sebastien Taveau, CTO of Validity Systems -- which doesn't work with Apple -- told The Wall Street Journal that modern fingerprint scanners search for signs of vitality when reviewing a fingerprint. In other words, dismembered digits shouldn't do the job.
On that note, Apple fans, happy shopping.
Learn more about mobile device security by attending the Interop conference track on Risk Management and Security in New York from Sept. 30 to Oct. 4.
InformationWeek Elite 100Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
The UC Infrastructure TrapWorries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.