- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
Network World - When Apple announced its new iPhone 5s last week, the fingerprint scanning technology, called Touch ID, stood out as one of the most notable additions. The benefits are easy enough to identify – iPhone users will no longer need to repeatedly type in an annoying security PIN code to unlock their phones or download apps or media from iTunes.
Even better, those who have tried the technology first-hand seem to be largely satisfied. However, before designating the iPhone’s new security feature a win, a few issues need to be considered.
Just over a year ago, a report published on Elcomsoft’s blog cracking passwords highlighted “a huge security hole” with fingerprint reader security in laptops sold by 16 companies, including Acer, ASUS, Dell, IBM and Samsung. The fingerprint-reading software that came preinstalled on these laptops stored the Windows user passwords in plain text, according to the report. This violated a pretty basic security policy, which Microsoft itself advises its users to adopt – don’t store Windows passwords on the PC.
Of course, this is just one example, and it’s since been resolved. Still, at the time, the vulnerability was considered “extremely broad” by the researchers who found it, as it somehow made it past Microsoft and the 16 manufacturers that shipped the laptops.
Worse still, the software responsible for the flaw was owned by Authentec, the biometric company that Apple bought for $356 million last year so it could develop fingerprint sensor technology for the iPhone 5s. Small world.
In an opinion piece at Wired, security technologist and author Bruce Schneier declared that Apple’s fingerprint authentication technology “almost certainly” can be hacked. Although he hadn’t used the technology himself, Schneier deduced that it would be difficult for Apple to create a biometric system that was entirely protected.
Schneier points to the complexity of biometric security, namely the fact that fingerprints are not that difficult to find. How exactly the iPhone 5s fingerprint sensor can be hacked is still unclear, but Schneier seriously doubts that it will be entirely secure.
“I’m sure that someone with a good enough copy of your fingerprint and some rudimentary materials engineering capability — or maybe just a good enough printer — can authenticate his way into your iPhone,” Schneier wrote.
More important than security, though, is reliability. Schneier mentioned the typical technology user’s tendency to ditch new technology that doesn’t immediately work as well as they’d hoped. Apple is no stranger to this phenomenon, having already seen Siri become something of a laughing stock. If users hit similar snags with the new fingerprint sensor, they will simply default to the PIN-based authentication system they’re all used to.
“If it’s true that Apple’s new iPhone will have biometric security, the designers have presumably erred on the side of ensuring that the user can always get in,” Schneier wrote. “Failures will be more common in cold weather, when your shriveled fingers just got out of the shower, and so on. But there will certainly still be the traditional PIN system to fall back on.”