Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

iPhone 5s fingerprint scanner could be mobile security game changer

Tony Bradley | Sept. 20, 2013
Apple isn't the first to introduce fingerprint authentication on a mobile device, but it could be the one to make it mainstream.

On Friday the iPhone 5s will be out on the street, and with it, Apple's fingerprint scanning technology. There are still some concerns about how Apple is implementing and managing fingerprint authentication, but as long as the iPhone 5s doesn't fumble completely, the new smartphone could finally spur mainstream adoption of the technology.

As Apple revealed a couple of weeks ago, the home button on the new iPhone 5s is also a fingerprint scanner. Rather than using a passcode, you can now unlock the device just by holding your finger on the home button.

The iPhone 5s isn't the first mobile device with a fingerprint scanner. The Motorola Atrix included fingerprint authentication back in 2011. Apparently, even Motorola forgot about the Atrix, though, because it had the audacity to send out a tweet slamming the idea of using a fingerprint with a mobile device.

Paul Henry, security and forensic analyst at Lumension believes that the iPhone 5s fingerprint authentication could prove to be a game changer. "There are two factors that will determine the real success of this new feature, which has undeniable potential," he says. "First, reliability and second, security—though as a security researcher, I have to say it should really be security first."

Is it secure?
There are questions about how Apple is scanning and storing the fingerprint data. If someone guesses or compromises your passcode, you can just change it to a new one. But, you can't change your fingerprints. Some worry that a thief can simply use an image or picture of your fingerprint gain access to a user's iPhone, the same way Android's facial recognition authentication can be fooled with a picture of the device owner. It wouldn't be hard to get your fingerprint—your iPhone will likely be covered with dozens of samples.

Macworld contributor Rich Mogull does an excellent job explaining why that probably isn't an issue. In a nutshell, Apple is using capacitive scanning that looks at more than just the image of your fingerprint, and it's most likely not storing the actual fingerprint anywhere on the iPhone where it might be compromised.

Mogull hypothesizes that Apple is probably analyzing the fingerprint and using unique data from it to generate a mathematical representation or template. By this logic, when you touch the home button, your fingerprint is run through the algorithm again, and the results are compared to the template to ensure they match. These are educated guesses, though, and the actual implementation may work differently.

"What we need to know is how good a job did Apple actually do securing the biometric data," Henry says. "They say it's encrypted and not shared with other applications, but we'll have to wait and see how it works in practice."

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.