Given the privacy concerns swirling around
much of our digital activity these days, the idea of
handing over one's fingerprints to Apple via its new
iPhone 5S has some people nervous.
The phone, which goes on sale September 20, will
feature a fingerprint sensor in its Home button for
added security. Users must "register" their print with
the device, after which they can unlock the phone by
placing a finger or thumb on the button. The idea is
that fingerprints, being unique to each person, augment
users' passcodes to offer an additional safeguard
against hackers or thieves.
But can we trust Apple or its partners with our
fingerprints? And couldn't hackers, those resourceful
and relentless probers of digital firewalls, find new ways
to trick the phone's sensor?
The answers, experts say, appear to be: 1) Probably, at
least for now, and 2) Yes, although that's unlikely.
"There should always be some concern with new
technologies or functionality that has such a large base
of users," says Joe Schumacher, a consultant for
security firm Neohapsis, in an e-mail to CNN. "The
fingerprint reader is more of a sales tactic than a strong
security enhancement.
"What still needs to be researched is how
this digital fingerprint can be used once it
is leaked, hacked or opened up to iCloud."
Prints in the cloud?
Some observers have wondered aloud on
Twitter and elsewhere whether Apple,
armed with a potential database of
millions of thumbprints, might turn over
some customers' prints to the National
Security Agency (NSA) if ordered to by the
government. After all, Apple was reported
to have been a partner in the NSA's PRISM
surveillance program and has
acknowledged it hands over user data
when mandated by the government.
But Apple has said users' fingerprint
information will be encrypted and stored
securely inside the phone's new A7
processor chip instead of on Apple's
servers or backed up to iCloud, the
company's Web-based storage service.
Apple also has said it's not allowing third-
party applications to access the scanner --
at least not yet.
That's good news for users' privacy,
experts say -- even amid news reports that
the NSA can spy on smartphones.
"Your iPhone knows who you call. It
knows where you are. And in the newest
versions, it will know your thumbprint.
Given revelations about how the NSA can access Apple
devices, should you be worried about it having that
biometric data? No. No no no no no no. Come on. No,"
writes Philip Bump in The Atlantic .
"Your fingerprint ... isn't traveling anywhere. Is it
possible that the NSA could ask Apple to upload a
user's fingerprint from the phone so that it can be
transmitted to the agency? Sure. But that likely
wouldn't be a request that comes through PRISM; it
would probably require a separate warrant. Not
impossible, but, given the burden of demonstrating
need for a warrant, not as easy as a few keystrokes."
CNNMoney: iPhone fingerprint scanner will start
security revolution
Fingerprint hacks
Then there's the question of hackers replicating
fingerprints to break into phones.
"Fingerprints are not private, you leave them lying
around everywhere, and if someone has enough
incentive -- and the resources available to them -- they
may try to defeat any security system that you trust
your fingerprint to unlock," writes noted security
researcher Graham Cluley on his blog.
"One thing is for sure. With the launch of the iPhone
5S, more people will be using fingerprint sensors as
part of their daily security than ever before -- and the
hackers will be certainly intrigued to see how they
might circumvent it," Cluley adds.
Dino Dai Zovi, co-author of "The iOS Hacker's
Handbook," told CNNMoney that if he were trying to
hack an iPhone 5S, he would first try to lift prints from
elsewhere on the device "and figure out how to replay
those to the sensor to log in to the person's phone."
This is not as hard as it might sound. A decade ago, a
Japanese cryptographer demonstrated how to fool
fingerprint-recognition systems by transferring latent
prints to a "finger" made from gelatin, the ingredient
found in Jell-O and other sweets. It was informally
known as the "Gummi bear hack."
But Apple's new Touch ID technology is presumably
more sophisticated than those old systems.
In addition, latent prints may not provide enough of an
overlapping match to unlock a phone, says digital-
security expert Robert Graham.
"You use a different part of your finger to touch the
iPhone sensor than what you use to touch other
things," writes Graham on the Errata Security blog.
"That means while hackers may be able to lift your
thumbprint from you holding other objects, or from
other parts of the phone itself, they probably can't get
the tip print needed to do bad things on your iPhone.
"This means the fingerprint databases held by the NSA,
FBI, and border security are largely useless at unlocking
your phone: they don't cover the same parts of your
fingers," Graham adds.
But there is another potential vulnerability in the
iPhone 5S's fingerprint scans. The Touch ID system also
can be used as a secure way to approve purchases from
iTunes or the App Store, which makes some security
experts uncomfortable.
"If Apple is right that fingerprints never leave the
device, that means the new iPhones will be sending
some sort of authentication token to Apple servers to
verify that the end user has produced a valid print,"
writes Dan Goodin in Ars Technica, a CNN.com content
partner.
"If attackers figure out a way to capture and replay
users' valid tokens, it could lead to new ways for
criminals to hijack user accounts."
Comments
Post a Comment