Apple’s iPhone 5S Risks “FingerprintGate”

The fingerprint scanner on the iPhone 5S.

Apple’s iPhone 5S features a fingerprint scanner embedded in the home button, a new feature that plays on growing concerns about the security of passcodes.

Of course, fingerprint-scanning technology isn’t new: Bloomberg Terminals feature a built-in fingerprint reader to authenticate users, for example, and various manufacturers have experimented with laptops and smartphones that require a thumb to login. But the technology has failed to become ubiquitous in the consumer realm, and it remains to be seen whether the new iPhone—which is all but guaranteed to sell millions of units—can popularize something that consumers don’t seem to want, or at least know they want.

In Apple’s version of the technology, the steel ring around the sapphire home button detects the user’s finger; the underlying sensor takes a high-resolution image of the fingerprint from the sub-epidermal layer of skin. Fingerprint information is encrypted and stored on the device’s A7 chip, accessible only by the sensor, and—Apple claims—never uploaded to iCloud or Apple’s servers.

It sounds foolproof, but security experts seem to be adopting a wait-and-see attitude with regard to Apple’s newest trick. “I’d caution right away, let’s see how it tests and what people come up with to break it,” Brent Kennedy, an analyst with the U.S. Computer Emergency and Readiness Team, told Forbes. “I wouldn’t rely on it solely, just as I wouldn’t with any new technology right off the bat.”

Other security researchers have echoed that sentiment. “Apple has on a number of occasions released flawed versions of its passcode lock implementation which allows attackers to bypass lock screen protections,” Dirk Sigurdson, director of engineering at security-software firm Rapid7, wrote in an email. “With the added complexity of biometric authentication it’s likely that we’ll continue to see vulnerabilities related to these features.”

And over at Wired, technologist Bruce Schneier suggested that biometric authentication could be hacked like anything else. “I’m sure that someone with a good enough copy of your fingerprint and some rudimentary materials engineering capability — or maybe just a good enough printer — can authenticate his way into your iPhone,” he wrote. “But, honestly, if some bad guy has your iPhone and your fingerprint, you’ve probably got bigger problems to worry about.”

So Apple faces two big hurdles when the iPhone 5S rolls out Sept. 20 (alongside the plastic-bodied iPhone 5C): it needs to demonstrate that the technology can work with virtually flawless precision in all sorts of real-world scenarios, or else customers will abandon it for inputting passcodes; and it needs to show that its version of fingerprint scanning is secure from a variety of security threats. If the company fails on either of those fronts, it risks the same sort of embarrassing criticism that greeted the iPhone 4’s antenna issues.

 

Image: Apple

Related