Apple’s announcement of the company’s new iPhone 5S comes equipped with a fingerprint scanner has the potential to be a real game changer for personal device security – if it’s done right. There are two factors that will determine the real success of this new feature, which has undeniable potential. First, reliability and second, security – though as a security researcher, I have to say it should really be security first.
There’s a lot riding on the reliability factor. Will it work if I go for a swim and try to use my phone with raisin hands? What if it’s cold outside and my fingers have shriveled a bit? Can I use my phone then? People aren’t going to be happy if they’re locked out of their phones because of environmental factors. As Apple well knows, if it’s not both reliable and convenient, users will turn it off. Another question is about longevity. The Guardian posted a rumor this morning that there will be a 500-scan limit, which could be used up in six months. What will that do to my phone bill?
On the other side is security. Given Apple’s history, we have to assume they’ve erred on the side of usability before considering security. Remember, this is the same company that just last year mistakenly posted all of our credentials in plaintext within our log files. And, hacking the iPhone 4 was child’s play. It had a lot of issues with the security of its encryption key and could be easily cracked. But the iPhone 5 has a well-secured encryption key that is difficult, if not impossible, to crack. So maybe they have learned their security lesson?
What we need to know is how good a job did Apple actually do securing the biometric data. They say it’s encrypted and not shared with other applications, but we’ll have to wait and see how it works in practice. We also need to know if it’s a single sign on approach. If a single fingerprint grants access to other services (particularly iCloud), that’s a frightening prospect if Apple hasn’t done a truly expert job at securing that local credential. Naturally, we’ll continue to have more questions than answers until we can get our hands on some phones later this month to do some testing.
In reading the news before Apple’s event, there was speculation about how secure a fingerprint really is. After all, we leave them quite literally everywhere and at a minimum, they’re all over the phone. So how secure is it? If I lose my phone, could the person who picks it up use the fingerprints I’ve left behind to gain access? Again, this will depend on implementation, particularly on the quality of the sensor. A good fingerprint reader doesn’t just look at the ridges – it looks at pore, temperature, pulse, and other factors. If it doesn’t, it can be pretty easily cracked. As an example, a few years ago a company developed a mouse with an optical fingerprint scanner. If I breathed on the scanner to fog it up, it would recognize the fingerprint the previous user left behind and authenticate me. Scary to think that would work on a phone.
I also noticed somewhat tongue-in-cheek questions about whether a phone thief would need to take your finger too. While this does seem unlikely and creepy, it’s not unheard of. Check out this (admittedly dated) article, in which the owner of a car protected by a fingerprint recognition system lost his finger as well as his car when thieves came calling.
Right now, all we have is the hype. We need the facts before we will truly know if the iPhone 5S biometric security system will be a game changer. I’ll update this post with what I find.