Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
Neustar, Inc.
Protect your website & network
using real-time information & analysis

www.neustar.biz
Mobile Industry News
Real-time info services with Neustar
Average Rating:
Rate this article:  
How Safe Is Apple
How Safe Is Apple's Touch ID, Really?

By Jennifer LeClaire
September 12, 2013 10:17AM

    Bookmark and Share
Apple has probably erred on the side of usability before considering security when it comes to biometrics. Still, Touch ID has to be more secure than a four-digit password, which could easily be cracked in older iPhones. But, then again, how safe is your fingerprint? asked security analyst Paul Henry.
 



Now that the reviewers are done talking about what was missing from the iPhone 5s, some are taking a closer look at what the smartphone has that none of its competitors can claim: full-blown biometrics.

iPhone 5s introduces Touch ID, a James Bond-like way to securely unlock the device with your finger -- or, more accurately, fingerprint. Touch ID is built into the smartphone's home button and uses a laser cut sapphire crystal, together with the capacitive touch sensor, to take a high-resolution image of your fingerprint. The technology analyzes the fingerprint and promises accurate readings from any angle.

The Touch ID sensor recognizes the touch of a finger so the sensor is only activated when you mean to activate it. That preserves battery life. Addressing privacy concerns, Apple said fingerprint information is encrypted and stored securely in the Secure Enclave inside the A7 chip on the iPhone 5s. The data is never stored on Apple servers or backed up to iCloud. Beyond unlocking the device, Touch ID can also be used as a secure way to approve purchases from the iTunes Store, App Store or iBooks Store. Is this secure enough to be the future of smartphone security?

Reliability and Security

We caught up with Paul Henry, security and forensic analyst at Lumension, to get his take on Touch ID from a security perspective. He told us the fingerprint scanner has a potential to be a real game changer for personal device security -- if it's done right. As he sees it, there are two factors that will determine the real success of this new feature, which has undeniable potential: reliability and security.

"There's a lot riding on the reliability factor. Will it work if I go for a swim and try to use my phone with raisin hands? What if it's cold outside and my fingers have shriveled a bit? Can I use my phone then? he asked. "People aren't going to be happy if they're locked out of their phones because of environmental factors."

If it's not both reliable and convenient, users will turn it off, Henry said. He also questions the longevity. The Guardian posted a rumor that there will be a 500-scan limit, which could be used up in six months. Apple could not immediately be reached for comment, but that seems unlikely.

The Jury Is Out

On the security front, Henry is betting that Apple has erred on the side of usability before considering security. Still, Touch ID has to be more secure than a four-digit password, which could easily be cracked in older iPhones. But, then again, how safe is your fingerprint? Think about it for a minute. We leave our fingerprints everywhere -- and they are certainly all over the phone, Henry noted.

Next, Apple said it's securing the biometric data, but is it really safe? "They say it's encrypted and not shared with other applications, but we'll have to wait and see how it works in practice. We also need to know if it's a single sign-on approach. If a single fingerprint grants access to other services -- particularly iCloud -- that's a frightening prospect if Apple hasn't done a truly expert job at securing that local credential," Henry said. "Naturally, we'll continue to have more questions than answers until we can get our hands on some phones later this month to do some testing."

Henry's conclusion: right now all we have is hype. He's waiting for the facts that will inform him whether or not the iPhone 5s will truly be a game changer.
 

Tell Us What You Think
Comment:

Name:

Teen with crazy mom:

Posted: 2013-09-25 @ 9:28am PT
I am worried about my mom using my finger while I sleep to unlock my phone

Steven James:

Posted: 2013-09-14 @ 12:31pm PT
Jennifer, Henry and a lot of other folks are really missing the point. You said it yourself. #1, it is more secure than the passcode #2, it is highly usable .. Apple has taken relatively old technology that often worked terribly, and has made it so that it works.. will there be cases in which it does not work (e.g. raisin hands from soaking in water?) .. SURE... but guess what, I bet there is some other way to access the phone in that case.. .challenge questions or some other way. I guarantee it. That is why the touch ID *must* be used in conjunction with a passcode. If I were CIO of a company, I would insist that all mobile devices we purchase from now on be iOS devices for two reasons: 1. iOS devices are MUCH MUCH less prone to viruses and malware than Windows, Symbian and of course the virus-laden Android (aka Herpes of the mobile operating systems), and 2. with something like Touch ID, Apple is making real attempts and strides at making our devices MORE SECURE and it is making the devices less desirable to steal. Sounds like an awesome bit of technology to me.



You have the experience and skills, let an ISACA® certification demonstrate your value. Our certifications announce that you have the expertise and insight to speak with authority. ISACA certification is more than a credential; it's a platform that can elevate your career. Register for an Exam Today.


 Mobile Industry News
1.   LG Unrolls a TV Screen That Rolls Up
2.   Samsung Faces Child Labor Claim
3.   PC Shipment Slump Bottoms Out
4.   Silent Circle Offers Roam-Free Plan
5.   Slowing China Sales Hurt Samsung


advertisement
Android SMS Worm on the Loose
Malware lets bad actors cash in.
Average Rating:
LG Unrolls a TV Screen That Rolls Up
Is there a purpose for such flexibility?
Average Rating:
Silent Circle Offers Roam-Free Plan
Takes on Skype, Viber, Google Voice.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Report: Chinese Hackers Hit U.S. Personnel Networks
Hackers from China broke into the computer networks of the U.S. Office of Personnel Management earlier this year with the intention of accessing the files of tens of thousands of federal employees.
 
Charges: Russian Stole Data from U.S. Restaurants, Zoo
A Russian man arrested on bank fraud and other charges hacked into computers at restaurants in Washington, hundreds of other retail businesses, and even the Phoenix Zoo, authorities say.
 
Another Month, Another IE-Focused Patch Tuesday
Microsoft rolled out 59 vulnerabilities for Internet Explorer in June. But the IE-patching party is not over yet. Redmond published six new security bulletins on Tuesday; two, critical; three, important.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | Small Business | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.