The new iPhone 5s fingerprint reader… is it safe?
Apple’s “Touch ID” iPhone 5s fingerprint reader is here, but how long until hackers get their fingers on it?
Fingerprint scanning technology isn’t anything new, but it’s about to become a lot more mainstream. Thanks to the debut of the iPhone 5s at Apple’s fall event, fingerprint scanning has been brought to the masses. For many users, this offers an improved basic level of security. In a world full of smartphone theft, that sounds like a good thing. Apple itself has said that many users don’t even enable the simple four-digit passcode lock on their phones, seeing it as too cumbersome. The iPhone 5s’ fingerprint reader is designed to take the friction out of everyday security by making unlocking the phone as simple as the touch of a finger. But can we have simplicity and security? Let’s take a closer look at how the technology works to find an answer.
Fingerprint sensors aren’t new, but until now haven’t been ubiquitous.
Fingerprint sensors have been around for a number years now, but they’ve so far failed to capture the hearts and minds of most consumers. This is largely due to not enough devices supporting them, and those devices that do feature them don’t always work as consistently as they could. Apple recruited some of the best minds in biometrics to create (they claim) a reliable fingerprint sensor that will accurately recognize a print at any orientation. Meaning, no matter which way you hold your device the iPhone 5s fingerprint reader should recognize the print and can match it to it’s own record of your fingerprint, allowing the phone to unlock.
Where does Apple keep your fingerprint?
Ah, but there’s the thing… at some point the fingerprint, your fingerprint, has to be stored on the phone in order for it to know who to trust to begin with. So, where does is that information stored?
According to Apple, the information is stored in a special enclave of the A7 processor (made by rival Samsung). This enclave is not backed up to iCloud, nor is any fingerprint information sent over the internet. So, yeah, it certainly sounds secure
Yeah… but is it actually secure?
Keep in mind that no single-factor authentication method will never be as secure as dual-factor authentication. Fingerprint sensing is nice, but would be more secure if there was a second password involved. In fact, groups have already “hacked” the TouchID technology… but to what end? Let’s slow down… we might be making a mountain out of a molehill here.
The circumstances surrounding the hacking of a TouchID are a bit ridiculous. Essentially someone would have to either kidnap you or lift your prints off of a glass or something, recreate it using some elaborate method involving laser-printers and glue, then somehow get your phone and place the scanned image on the sensor in order to unlock the phone. Sounds a bit involved, doesn’t it?
What happens if someone does hack my phone via TouchID?
To date, the fingerprint sensor can only be used to unlock the phone or to enter your iTunes password. Meaning, unless someone has access to your thumb and wants to rob you by purchasing a bunch of music… to your phone… for some reason… then… uh… see where the worries about security begin to fall apart? I suppose one could make the argument that they could be looking for access to your email, notes or other data, but the NSA has already shown us there are far easier ways to get access to that information, so why bother?
So what’s really going on here?
Apple bought a biometrics company and got a fingerprint scanner. But surely the biometrics people, and therefore Apple, know this stuff isn’t completely secure. So what’s really going on?
The goal is probably to get everyday users to think more about security and hopefully implement some kind of password, be it fingerprint, 4-digit passcode, longer passcodes and so on. The thought is probably, some security is better than no security. But it really comes down to theft prevention, most likely. When you combine TouchID with Find My iPhone’s remote wipe feature and the new Activation Lock, iPhones might look less lucrative to would-be thieves.
But what do you think? Are fears about TouchID hacks worth the hubbub? Or are they overblown?