Now that the reviewers are done talking about what was missing from the iPhone 5s, some are taking a closer look at what the smartphone has that none of its competitors can claim: full-blown biometrics.
iPhone 5s introduces Touch ID, a James Bond-like way to securely unlock the device with your finger -- or, more accurately, fingerprint. Touch ID is built into the smartphone's home button and uses a laser cut sapphire crystal, together with the capacitive touch sensor, to take a high-resolution image of your fingerprint. The technology analyzes the fingerprint and promises accurate readings from any angle.
The Touch ID sensor recognizes the touch of a finger so the sensor is only activated when you mean to activate it. That preserves battery life. Addressing privacy concerns, Apple said fingerprint information is encrypted and stored securely in the Secure Enclave inside the A7 chip on the iPhone 5s. The data is never stored on Apple servers or backed up to iCloud. Beyond unlocking the device, Touch ID can also be used as a secure way to approve purchases from the iTunes Store, App Store or iBooks Store. Is this secure enough to be the future of smartphone security?
Reliability and Security
We caught up with Paul Henry, security and forensic analyst at Lumension, to get his take on Touch ID from a security perspective. He told us the fingerprint scanner has a potential to be a real game changer for personal device security -- if it's done right. As he sees it, there are two factors that will determine the real success of this new feature, which has undeniable potential: reliability and security.
"There's a lot riding on the reliability factor. Will it work if I go for a swim and try to use my phone with raisin hands? What if it's cold outside and my fingers have shriveled a bit? Can I use my phone then? he asked. "People aren't going to be happy if they're locked out of their phones because of environmental factors."
If it's not both reliable and convenient, users will turn it off, Henry said. He also questions the longevity. The Guardian posted a rumor that there will be a 500-scan limit, which could be used up in six months. Apple could not immediately be reached for comment, but that seems unlikely.
The Jury Is Out
On the security front, Henry is betting that Apple has erred on the side of usability before considering security. Still, Touch ID has to be more secure than a four-digit password, which could easily be cracked in older iPhones. But, then again, how safe is your fingerprint? Think about it for a minute. We leave our fingerprints everywhere -- and they are certainly all over the phone, Henry noted.
Next, Apple said it's securing the biometric data, but is it really safe? "They say it's encrypted and not shared with other applications, but we'll have to wait and see how it works in practice. We also need to know if it's a single sign-on approach. If a single fingerprint grants access to other services -- particularly iCloud -- that's a frightening prospect if Apple hasn't done a truly expert job at securing that local credential," Henry said. "Naturally, we'll continue to have more questions than answers until we can get our hands on some phones later this month to do some testing."
Henry's conclusion: right now all we have is hype. He's waiting for the facts that will inform him whether or not the iPhone 5s will truly be a game changer.
Teen with crazy mom:
Posted: 2013-09-25 @ 9:28am PT
I am worried about my mom using my finger while I sleep to unlock my phone
Posted: 2013-09-14 @ 12:31pm PT
Jennifer, Henry and a lot of other folks are really missing the point. You said it yourself. #1, it is more secure than the passcode #2, it is highly usable .. Apple has taken relatively old technology that often worked terribly, and has made it so that it works.. will there be cases in which it does not work (e.g. raisin hands from soaking in water?) .. SURE... but guess what, I bet there is some other way to access the phone in that case.. .challenge questions or some other way. I guarantee it. That is why the touch ID *must* be used in conjunction with a passcode. If I were CIO of a company, I would insist that all mobile devices we purchase from now on be iOS devices for two reasons: 1. iOS devices are MUCH MUCH less prone to viruses and malware than Windows, Symbian and of course the virus-laden Android (aka Herpes of the mobile operating systems), and 2. with something like Touch ID, Apple is making real attempts and strides at making our devices MORE SECURE and it is making the devices less desirable to steal. Sounds like an awesome bit of technology to me.