At Tech Crunch Disrupt in San Francisco yesterday, Yahoo’s CEO Marissa Mayer confessed that she doesn’t use a passcode on her smartphone.
Not everyone blamed her. Jeremiah Grossman, CTO and co-founder of WhiteHat Security says: “Perhaps she feels the personal slowdown is more costly than it would be if someone stole her phone and got whatever data was on it. So, that’s the risk tradeoff. Given her role, I’m not sure she is wrong either.”
Mayer’s revelation came only the day after Apple revealed it has enabled fingerprint recognition on its latest iPhone. The home button of the new iPhone 5s is now also a Touch ID fingerprint sensor that allows users to unlock their phone with their fingerprint.
The Touch ID sensor is made of made of laser-cut sapphire crystal and is surrounded by a stainless steel detection ring, that using capacitive technology scans sub-epidermal skin layers. This 360 degree readability should allow users to present their finger any old how to make iTunes purchases without typing their Apple ID password.
Apple’s announcement looks set to be the tipping point the biometrics industry has been waiting for to really push the tech into the mainstream. “The addition of a fingerprint sensor on the iPhone 5S will have a galvanizing affect on the gap that once existed between consumers and the daily utilization of biometric technology. Additionally, Apple has confirmed that the fingerprint will be the universal authentication solution for mobile devices moving forward,” says Scott Mahnken, VP marketing, BIO-key.
He adds, “Yesterday’s announcement will certainly inspire Apple competitors such as Samsung, LG, HTC and alike to expedite the launch of their devices offering fingerprint authentication. Here at BIO-key we anticipated this years ago as our YouTube videos will validate. Some might say we need to brace for an authentication revolution; as traditional authentication methods are superseded by their more secure and more convenient counterpart, biometric technology.”
Others were less convinced. “This is not a new feature on mobile devices, but it might inspire other OEMs to add it to their phones,” says Joe Schumacher, security consultant at Neohapsis, a security and risk management consulting company specialising in mobile and cloud security services. “And while it’s not a security breakthrough, it may result in more people locking their phones as unlocking is easier with the fingerprint reader.
He adds, “Fingerprint biometrics is nice, but not a perfect solution as fingerprints can be dirty or slightly changed to not be recognized. There have been proofs of concept about lifting fingerprints to make copies and unlocking biometric control, but that’s a dedicated attack and the typical user should not worry. I don’t see fingerprint readers replacing passwords. TouchID is cool and convenient, but ultimately a sales tactic more than a security breakthrough.”
It looks likely that the tech on the iPhone 5s will circumvent many security fears as the capacitive sub dermal technology should do much to guard against the type of spoofing Schumacher describes. Apple was also quick to point out that all fingerprint data is encrypted and locked into the phone’s new A7 chip. The data is never directly accessible by software, is not stored on Apple’s servers and is never backed up to iCloud.
The proof will be in the pudding. If the fingerprint recognition ‘just works’ then perhaps even Marissa Mayer will use it.
Fingerprint unlocking seems quite vulnerable to social engineering. You’d better trust anyone you fall asleep next to with all your contacts, personal info etc protected only by the fingerprint of your sleeping hand. I’m sure there will also be instances of people getting drugged, their phones unlocked, and the accounts emptied.