Tactical Advice

iPhone 5s Touch ID Thrusts Biometric Security into the Spotlight

Since Apple unveiled its fingerprint scanning authentication method in the new iPhone, biometric security is on everyone's mind.
iPhone 5s Touch ID Thrusts Biometric Security into the Spotlight
Credit: Apple

Since the release of the iPhone 5s and its built-in fingerprint scanner, Touch ID, biometric security has been a topic of discussion on social media, in the news and around the water cooler. Everyone is wondering whether Apple’s decision to bring biometric security to the smartphone could make the technology as ubiquitous as the PINs for ATM transactions.

Although Apple is not the first company to use fingerprint scanning as an authentication method, it is responsible for one of the most high-profile biometric security initiatives in recent times.

Security vs. Convenience

Using your fingerprint may be easier than punching in a passcode, but many security professionals wonder whether the convenience is worth the security risks. A fingerprint is just one type of biometric technology that can be used to verify one’s identity. Unfortunately, prints are left on pretty much any surface touched.

The Chaos Computer Club went to great lengths to hack the Touch ID system, and although the hackers were successful, the operation proved to be quite complex. The group outlined its process as follows:

First, the residual fingerprint from the phone is either photographed or scanned with a flatbed scanner at 2400 dpi. Then the image is converted to black & white, inverted and mirrored. This image is then printed onto transparent sheet at 1200 dpi. To create the mold, the mask is then used to expose the fingerprint structure on photo-sensitive PCB material.

The PCB material is then developed, etched and cleaned. After this process, the mold is ready. A thin coat of graphite spray is applied to ensure an improved capacitive response. This also makes it easier to remove the fake fingerprint. Finally a thin film of white wood glue is smeared into the mold. After the glue cures the new fake fingerprint is ready for use.

Discussions about security and convenience are often directed at the user, but those features are of interest to the hacker as well. The above process might be successful, but the resources involved in securing a high-resolution copy of someone’s fingerprint (without his or her knowledge) and assembling all of the necessary material to reproduce the fingerprint make this type of breach an unattractive option for most hackers.

How Secure Is Touch ID?

Some say Touch ID is “more secure than a short code” because everyone has a unique set of fingerprints. According to Apple, after five failed attempts with the wrong print, Touch ID will not work; instead, a passcode will be needed to gain access to the device. Also, despite concerns that smartphone thieves would go on a finger-snatching spree, the user must present the fingerprint from the correct live finger in order to access the device, so pictures of prints will not work on the sensor, according to a report from Mashable.

On the other hand, there is a possibility that cyberhackers could use sinister iPhone apps to obtain the print from the chip. Little discussion about this potential breach has taken place, but the opportunity for the hack is present, according to a report from ZDNet.

If worrying about these scenarios sounds paranoid, consider the fact that our lives are increasingly becoming digital. Losing a phone is no longer about just the device; it’s also about the personal data the phone carries.

So while there’s no doubting the cool factor of fingerprint authentication, there’s also no doubting the appetite for fingerprint fiascos.

Sign up for our e-newsletter

About the Author

Alexis Davis

Alexis is an avid fan of all-things news, business, technology, social media and digital. Follow her on Twitter and Google+.

Security

Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.