Thursday, 12 September 2013

Touch ID - security concerns and flaws


Apple’s Keynote on Tuesday did not bring too many surprises. Although, the company did not reveal as many new products as expected, the most important ones, such as the iOS7 and two new iPhones, got a fair share of stage time. While most people are admiring the new colours, the slightly changed looks or the simplicity of iOS7, IT pros and tech fans are concerned about mobile security issues brought by the Touch ID.

What it is

Touch ID is the name of Apple’s new pride, a fingerprint sensor in the iPhone 5S’ home button, that unlocks the device through biometrics.  Although, the Motorola Atrix had a fingerprint scanner two years before the new iPhone, ‘innovations’ sound more exciting to many, when presented by Apple. But let’s put trends and the craze aside, and see the potential flaws and risks of the revamped home button.

Concerns and flaws

According to the Cupertino-based firm, Touch ID will store the encrypted fingerprint data on the device’s A7 ARM chip and it won’t be sent to iCloud or any of Apple’s servers. Moreover, the company also reiterated that third-party applications won’t be able to make use of the fingerprint scanner, for now. But what will happen when the day comes? What will happen when apps can somehow access the encrypted data? If Touch ID could be extracted by an exploit, you'd be facing a much bigger problem, than a simple breach. Your fingerprint would be given away, instead of your password. And let’s be honest, passwords are easier to change than fingerprints. But that's not all, as fingerprints are not only used to your new iPhone. Think of biometric passports, or entering facilities where fingerprint authentication is required.

Besides the aforementioned potential security issues, future users of the iPhone 5S may encounter further annoying flaws, such as the strictness of the fingerprint sensor. Imagine you have just moisturised your hands or scarred your finger in a kitchen accident and suddenly you are unable to access your phone. Although, the four digit passcode and password options will remain available, it surely is frustrating not to be able to use one of the top features of your new handset. 

Many will have a go at it

Until the smartphone is officially out, we can only speculate about how Touch ID will perform in everyday life, but one thing is certain: many of us will try to fool it, one way or another. However, the more concerning fact is that so will hackers. 

About the Author:       
Peter writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself.