When you are king of the mountain, everyone lines up to take a shot at you, and the iPhone is no exception. In this particular case, security analysts were taking bets on how long it would take for someone to defeat the brand-new iPhone 5s fingerprint scanner. They didn’t have to wait long, as it seems a German hacking group known as the Chaos Computer Club was first to publish a technique they claim will defeat Touch ID’s technology. Though the claim has yet to be independently verified, it has the same trappings as the infamous “gummi bear hack” that poisoned public perception of biometric security measures over a decade ago. In a nutshell, the hack requires a high-resolution scan of the target’s fingerprint, which is then used to create a fake finger from a laser printer and a thin layer of latex.
What this means for you:
According to the Chaos Computer Club, their intent behind publishing the findings was to demonstrate to the public the weakness of fingerprint-based security, pointing out two very obvious weaknesses: (1) we can’t change our fingerprints if they happened to get compromised, and (2) we leave them everywhere we go. Whether or not CCC’s technique proves replicable, it is only a matter of time before other techniques are published, and their points still stand. Multi-factor authentication methods can surmount this particular problem, as can biometric patterns that aren’t so easily replicable (such as your cardiac signature), but the fact remains that the easiest method to gain access to your phone is for someone to gain access to one that isn’t protected at all, either by fingerprint, pin or password. Unless the only thing you use for smartphone for is games, you should always have some form of protection on your phone, and doubly so if you use it to conduct work.
Anyone who’s watched a Hollywood thriller in the past three decades is familiar with biometric scanners, and along with it, the various means movie villains have used to subvert these systems, including methods that would be horrifying to consider when applied in real life. Now that the new iPhone 5s has a fingerprint scanner, those of us with more vivid imaginations have envisioned a new rash of thefts paired with bodily mutilations. Fortunately for everyone, the manufacturers of the fingerprint scanner on the new iPhone have stated quite clearly that the only way the scanner will register a proper fingerprint is if the finger is still attached to its living owner.
What this means for you:
It’s too soon to tell whether or not the technology in Apple’s latest smartphone is subject to the same hacks that rendered earlier incarnations useless for serious authentication. There are also concerns that Apple, or even the NSA could be gathering fingerprints for their super-surveillance database. Given all the attention the NSA has already been given regarding its privacy invasions, it’s a safe bet that they are going to steer clear of this particular minefield (at least for the time being) and Apple is also savvy enough to avoid alienating its passionate fanbase with such a heavy-handed misuse of their personal privacy.
Frankly, if the convenience of the fingerprint authentication gets you to secure your iPhone where before you did not, then I’m already a fan. For you Android users out there jealous of Apple’s spy gadget tech, have a look at Nymi, and watch for other biometric gadgets to arrive, especially now that Apple is trying to make them sexy again. You should always secure your mobile devices, especially if you use them to access email or work data. As we can all attest, passwords and pins are a big hassle, especially when you are on the go, but you should never let your phone out of the house without one.
Image courtesy of thawats / FreeDigitalPhotos.net