In case you missed it, the new iPhone 5S features a fingerprint scanner that will be used to unlock the phone and to make purchases from iTunes on the device. The sensor is protected by sapphire crystal, “one of the clearest, hardest materials available” in the words of Senior VP for Hardware Engineering Dan Riccio. The crystal also focuses the “image” of your fingerprint onto the sensor.
Speculation has been rife that this technology would make an appearance since Apple purchased a mobile security company that had developed fingerprint sensor chips in July 2012 for $356 million. Many people thought that Apple would introduce a fingerprint scanner with the release of the iPhone 5 in September 2012, but the Cupertino-based company has taken its time to integrate the hardware and software.
This is a wise decision. If the fingerprint scanner was released and didn’t work particularly well it would spell a disaster for the company. Anyone who has ever used Apple’s much-heralded Siri — a voice-controlled assistant on the phone — will know that technology, no matter how effective in the Keynote demos, can deliver an indifferent experience to the user at times. But Siri is a nice-to-have: It doesn’t do anything that the phone can’t do anyway, it just does it under the control of your voice.
Apple’s Touch ID, however, has to work. If users are unable to unlock their phone because the sensor is playing up then the whole function of the phone could become inaccessible — although presumably Apple will allow users to enter a password to unlock as well. The company is already defending Touch ID before the critics have their chance to attack it. Apple’s Jony Ive:
“It’s not just rampant technology for technology’s sake,” he says. Every component has to enhance the user’s experience, otherwise it has no place in the device.
Steven Hope, from authentication company Winfrasoft, has his doubts about the device:
The iPhone fingerprint (Touch ID) feature is obviously very new and unproven implementation. Typically the quality of the biometric hardware in mass market devices such as this is very low to keep costs down and have historically been very easy to thwart — keep an eye out for an iPhone 5s hack soon!
But this is Apple. One thing no one could accuse Apple of is producing cheap devices. Remember, this technology cost them a humungous $356 million; surely for that much it has to work, doesn’t it? Time will tell.
The next question is one of what happens to the sensitive fingerprint data. Again, Apple has already pre-empted these questions. Riccio explains:
All fingerprint information is encrypted and stored inside the secure enclave in our new A7 chip. Here it’s locked away from everything else; accessible only by the Touch ID sensor. It’s never available to other software, and it’s never stored on Apple servers or backed up to iCloud.
However, Apple has slightly missed a trick here for me as it had an opportunity to further allay the fears of how biometric technology fundamentally works. As Ingersoll Rand’s Dave Bulless explained to us last year, the image of an individual’s finger or hand is passed through a unique algorithm that converts the data into an encrypted number. If Apple had been able to convey the fact that no “images” of a fingerprint are actually stored, then it might have been able to quash that biometric myth.
But assuming that the technology works, and assuming that the public trust Apple’s ability to keep their data secure, could this be the beginning of a golden age for biometrics? A viable, high-profile biometric solution could be the thing that finally instils belief and trust in biometric devices. Editor of Planet Biometrics Mark Lockie told the BBC that “the industry has been waiting for a moment like this.” Well, it won’t have to wait much longer. The new iPhone is available on September 20.
Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.
Sign up now!
“The iPhone fingerprint (Touch ID) feature is obviously very new and unproven implementation. Typically the quality of the biometric hardware in mass market devices such as this is very low to keep costs down and have historically been very easy to thwart — keep an eye out for an iPhone 5s hack soon!” This is what I though of first when I heard about the fingerprint scanner. I imagine someone will come up with a way to lift prints off the lens and then use them to unlock the phone. Aside from that since the very first time I… Read more »
Interesting post Rob, however if the British tabloids are too be believed we should all be worried about a spike in brutal ‘Finger chopping’ thieves! rather then technology for technologies sake!
http://www.mirror.co.uk/news/uk-news/iphone-5s-owners-could-fingers-2266088
I dread to think how the Daily Mail is going to spin this one!
What it may do is get more people in the business asking for biometrics as it will become part of normal, everyday security practices. So instead of it being something security have to push and try and justify additional expense, it will be expected.
Or there’s this pretty simple way to get in:
(This was hosted on Reddit)
Yes, this is what I think to a degree. In the same way that consumer expectation of crystal clear images on their TVs has led to an increase in demands on surveillance equipment, this could have a similar effect.
Yeah, that doesn’t seem likely does it? Maybe people have had their ‘fingers chopped off’ to access secure locations, but for an iPhone? I would hope that ‘security expert’ was taken out of context, and suspect he was.
I doubt that this will cause a boom in businesses rolling out biometric security. The more people you have touching a reader the worse it performs. On top of that it’s a lot more hassle getting someone setup with a set of finger prints than it is to hand them a pre-programmed badge. The iPhone is far from the first phone to do fingerprint scanning for security, maybe it will be the catalyst that makes it catch on for mobile devices but I doubt it, the technology sounds much cooler than it turns out to be in practice.
I’m sure we’ve all been subject to execs deciding they like the sound of some “next big thing” and believing it as a “solve all” solution. The number of times years ago, I was simply told to install CCTV, post incident (even when it would be useless and a waste of money) because senior management liked the sound of it! Fingerprint readers have never impressed me much, so hopefully this won’t happen.
I am with safeNsane, I think for some people it will be a novelty that will wear off after a couple of weeks and then be disabled. I think that the people that really need it will use it but even to them it will be an annoyance. I wonder how accurate a read it gets on the first try. I had some users implement biometrics on a series of laptops and they regular problems with the finger print readers working on the first try I know this is a little different but if it takes me three to four… Read more »
I’m sure someone will disagree with me but my experience with biometrics for security purposes has bordered on horrible since about 1996 when I first took a crack at it. We’ve all seen movies where biometrics work flawlessly, everyone treats them like it’s just second nature and you never see a failure. Every time I’ve played with any type of biometrics the story has been very different. My first try was a “free” voice print ID system that a telephony vendor just happened to have laying around and asked me if I wanted it. It didn’t take long to figure… Read more »
I do think it could go the way of Siri. Slightly amusing gimmick
I do agree, but as per the title of the article, I just wonder with Apple being Apple will they get it right this time? However, they have made mistakes before (remember the drama around signal drop out, and honestly, how many times have I heard Siri say ‘I’m sorry Robert, I didn’t catch that….’?)
Apple is leading the smart phone development and with new touch ID which will drive samsumg and others to develop some new for the smart phone
It was nice to see that Apple didn’t just blindly follow Samsung into the smart watch market. I wonder if we might be seeing a point at which they start to diverge?
Interesting to note some of the stories that are leaking out now the iphone is available. Ignoring the stories of different body parts that are being used to open iphones, the concerns of a US senator caught my eye:http://www.bbc.co.uk/news/technology-24177851
@ Rob Ratcliff, All these concerns of US Senator in the BBC link are real. It will be very interesting indeed to see how Apple responds to these concerns. We could find answer to the first concern, but transmission of diagnostic information back to Apple and the exact legal status of fingerprint data are valid concerns and need proper answers.
Apple has spent $ 356 million on it which shows they are well prepared for introducing fingerprint recognition in the next iPhone. I know people are skeptical about such thing because of their previous experiences with clumsy biometrics, but there has to be a breakthrough in biometrics at last. Apple may provide us with just that, who knows?
I’m not going to get into the I told you so mode but finger print scanners all tend to have similar problems. I’ve even seen a little video clip where a finger print is lifted from the iPhone screen, a fake finger tip is made and it unlocks the phone. There isn’t much being done with the iPhone that is revolutionary when it comes to biometrics but I guess we will see how people react to it and if they start to accept it.
For anyone else $356m could be called betting the family silver on this. But for Apple, it’s a relative drop in the ocean. Still, it’s a lot of money and it shows they’re serious about this working.
Are they, or has he slightly misunderstood the technology? As I understand it no image of a fingerprint is scanned. Without the encryption model, the data stored on that chip is useless to hackers. In effect they have the pieces of the key, but no way to construct it and make it fit the lock.
That’s key isn’t it. Do people like it, do they become used to it? If so, it could impact on its use generally, albeit perhaps more securely in future….. dual authentication is better…
Apple is trying to sell phones, not change the world. So if it works well enough or if people want it badly enough, it has met its’ goal. As far as it working in the security industry, I suspect the bar is a lot higher, and the tolerence for imperfection is a lot lower. That notwithstanding, I want it to work. And I want my car to strart using my fingertip as a key. And the front door of my home. And I want to get paid each week without doing any work. Sadly, I suspect all of those things… Read more »
… any technology that discriminates against persons with disability ( whether by intention ; or otherwise ) must be challenged ; because , in a biometric context , security ( quite literally ) does not go ` hand in hand ` with disability … particularly , if you are a bilateral hand amputee attempting to use a mobile phone with fingerprint activated access control !
Don’t you think having an alternative method of authentication would be sufficient? We certainly don’t want to make life any more difficult for those in such situations, but at the same time we do want to make life easier for those of us fortunate enough not to have such limitations.
… in a word NO ; because , this is not simply about alternative methods of device security ! The bottom line is that Biometrics favour the able bodied ; and , unless and until designers of device security realise that the downside of a Biometric based security system is potential discrimination , then those with disability risk further marginalisation !
I do not think that biometrics is the most effective way for authenticating access control
But by that logic, one should never build a set of stairs because they would marginalise someone in a wheelchair?
Not the most efficeint, perhaps, but is it more secure?