iPhone 5s Fingerprint Scanner: 9 Security Facts

Will Apple's fingerprint-based authentication make your iPhone 5s more secure, or will it cause more trouble than it's worth?
5. Biometric Authentication Has So-So Reputation

If more smartphone makers follow Apple's lead, that would represent quite a turn for the fortunes of biometric authentication, which has historically been a technology in search of an application. Britain's biometric residence permits, for example, which store copies of a person's face and fingerprints, were initially pitched to combat both terrorism and welfare fraud. In the face of privacy criticism and information security questions, however, the government backtracked, opting instead to sock the expensive IDs only on immigrants.

6. From Faces To Fingers

Beyond government policy, adapting biometrics for consumer use has faced technological challenges. For example, smartphone fingerprint sensors debuted on Android devices, including the Motorola Atrix in 2011. But users reported that the fingerprint sensor worked infrequently enough to be a hassle.

Going forward, other biometric innovations, such as Face Unlock, a screen-unlocking feature introduced with Android version 4.0 (Ice Cream Sandwich), have reportedly also enjoyed a so-so usability track record. Or as "Dave H." tweeted: "Android face unlock never works so it's 100% secure."

7. No, The NSA Can't Collect Fingerprint Data

Following the iPhone 5s unveiling Tuesday, it took little time for conspiracy theorists to begin decrying Touch ID as a covert attempt by American intelligence agencies to siphon up vast amounts of fingerprint data on foreigners. Just one problem: people visiting the United States -- aside from most Canadians -- are already required to submit to fingerprint scans. In addition, Apple said the fingerprint data will be encrypted, stored in a "secure enclave" in the A7 chip and never backed up to iCloud.

8. Fingertips Don't Leave Classic Fingerprints

A related security observation: The print left by your fingertip pressing on a home button will differ from the type of print collected and stored by border and law enforcement agencies. "That means while hackers may be able to lift your thumbprint from you holding other objects, or from other parts of the phone itself, they probably can't get the tip print needed to do bad things on your iPhone," said Robert David Graham, CEO of Errata Security, in a blog post. "We cybersec hackes will be discussing how to break this in the near future, so I thought I'd be the first to make this observation."

9. Cue Police Drama Abuse

Touch ID will also no doubt be exploited -- so to speak -- via police procedural dramas. The Hollywood thriller take on the iPhone 5s almost writes itself: Electronic bank heist, double cross, stolen iPhone, missing finger, cut to revenge. Surely a race is already underway between the scriptwriters of the various CSI and NCIS franchises to see who can work in an iPhone 5s angle first.

The fictional implications of phones that can be unlocked using fingertips hasn't been lost on information security watchers. "I see a market for selling fingers to be used with these devices. Hopefully not when the phone's churned on eBay!" tweeted "Lee Beejasas." Call that "phish fingers," security researcher Cluley helpfully tweeted. "I guess we need to start telling people not to use the same finger for all their devices," he said.

But thankfully, Sebastien Taveau, CTO of Validity Systems -- which doesn't work with Apple -- told The Wall Street Journal that modern fingerprint scanners search for signs of vitality when reviewing a fingerprint. In other words, dismembered digits shouldn't do the job.

On that note, Apple fans, happy shopping.

Learn more about mobile device security by attending the Interop conference track on Risk Management and Security in New York from Sept. 30 to Oct. 4.

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing