iPhone 5S Fingerprint Reader: A 'Game Changer' but Still Hackable Say Security Experts
The new iPhone 5S's fingerprint reader is a new way of keeping your phone safe and is tipped to become a "gamechanger" for the security of consumer technology, but security experts suggest users exercise caution as the technology can still be hacked.
Instead of entering a PIN or password to unlock the phone, users can now press their thumb against the Home button, which will unlock the phone if one of up to five saved fingerprints is recognised - and the reader can also be used to authenticate purchases from the iTunes Store.
Although praising Apple for preventing the use of the reader and its Touch ID system by third party developers, computer security expert Graham Cluley claims the fact that such systems can still be hacked serves as "an important reminder to everyone that fingerprints are not private.
"You leave them lying around everywhere, and if someone has enough incentive - and the resources available to them - they may try to defeat any security system that you trust your fingerprint to unlock."
Cluley initially told IBTimes UK he had dismissed the idea of an iPhone fingerprint reader as "a gimmick", but later added in a blog post: "One thing is for sure. With the launch of the iPhone 5S, more people will be using fingerprint sensors as part of their daily security than ever before - and the hackers will be certainly intrigued to see how they might circumvent it."
Developers
Quashing security fears associated with rogue developers gaining access to users' fingerprints, Apple senior vice president Phil Schiller told AllThingsD after the iPhone 5S was announced that app developers will not get access to use the reader as a means of authentication; however, he declined to comment if Apple would change this in the future.
Suggesting that uses for Touch ID will extend beyond unlocking the device and paying for iTunes content, Apple CEO Tim Cook also told the technology website: "You can probably imagine a lot of [other] uses."
Sci-fi future
In a statement sent to IBTimes UK shortly before the heavily rumoured feature was announced, security researcher Thomas Bostrøm Jørgensen, who is CEO of authentication company Encap, said the iPhone 5S's reader may "allow us to feel as though we are in a Blade Runner-like sci-fi future," but warns that such readers "are not on their own the best way to authenticate people."
Speaking generally about fingerprint readers, Jørgensen added: "Their strength is also their biggest flaw - while a password or PIN can be changed, fingerprints are not easily switched if they are hacked."
Hacking a fingerprint may sound like a gruesome and unlikely event, but Jørgensen warns: "it is very possible to steal fingerprints through more social methods - lifting a print from a discarded coffee cup is no more science fiction than the fingerprint scanner itself."
Marc Rogers, head researcher for Lookout, agrees, saying: "It is already possible to lift and duplicate fingerprints and this technology is only going to improve with time. As such its suggested that fingerprints should not be used as the sole credential in a high security scenario unless enhanced through the use of a PIN code or other secondary factor of authentication."
Secure enclave
Apple says Touch ID will be dealt with through a "secure enclave" of the iPhone's A7 processor which can only be accessed by the print sensor itself. "Expect this storage area and the connections to it to become the subject of frenzied investigations by hackers of all persuasions,"John Hawes of security company Sophos blogged, adding that, so long as such systems are kept secure and regulated, widespread deployment of biometric security at the consumer level "may well be a game changer...Touch ID and its inevitable followers could be a major part of all our futures."
Also looking to the future, Cluley concludes: "It's inconceivable that malicious hackers and data thieves won't try to subvert Apple's Touch ID fingerprint scanning technology. How capable they will be at doing that, remains to be seen. But expect hackers to start looking at the system as soon as they can get their hands on one of the new iPhone 5S smartphones."
© Copyright IBTimes 2024. All rights reserved.