Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Fingerprint sensor in iPhone 5S is no silver bullet, researchers say

Lucian Constantin | Sept. 11, 2013
The fingerprint sensor in Apple's new iPhone 5S has the potential to enhance the security of the device, but the devil will be in the details.

The goal should always be to raise the bar for attackers and, keeping that in mind, if the fingerprint sensor would be used as part of a two-factor authentication system, it would greatly enhance security, Rogers said.

However, Rogers and Pogue had different opinions on how useful this feature will be in enterprise environments.

Rogers thinks that if the feature will be made available to third-party developers, enterprises could use it to secure their internal mobile applications and limit the risks resulting from phishing attacks that target employee access credentials.

He also believes that it increases the physical security of devices and could, in conjunction with other technologies like remote device tracking, discourage mobile phone theft, which has become a serious problem in many countries.

Meanwhile, Pogue thinks that the sensor only marginally improves security because there will likely be bypasses for it, and he doubts that enterprises will take advantage of the technology anytime soon.

The FIDO Alliance, an industry group that wants to reduce reliance on passwords, welcomed Apple's inclusion of a fingerprint sensor, but didn't think it would result in widespread adoption of such technology, because its implementation is proprietary.

"Apple's decision to include authentication with the iPhone is a good dose of rocket fuel for the industry," said Michael Barrett, president of the FIDO Alliance. "Though any authentication technology unsupported by standards may take years, if ever, to achieve widespread market penetration. The marketplace seeks authentication capabilities that span computer, smartphone, and physical access authentication and federated identity applications. Open industry standards, such as FIDO authentication specifications, are required before we can achieve industry-wide adoption of strong authentication across all platforms."

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.