Fingerprint Reader Security: Real Protection for Tempting Apples?

In September 2013, Apple announced its Touch ID system, available with the iPhone 5s. Instead of requiring users to input a four-digit pin to unlock their phone or authorize iTunes purchases, the technology relies on a small fingerprint sensor underneath the home button. Users have been told this fingerprint reader security makes their device less likely to be hacked, but is the hype accurate? Are Touch ID-protected iPhones really more secure?

Leitordedigitais-iphone5s

Touch and Go

The Touch ID system relies on a sub-epidermal fingerprint reader which scans the finger of your choice and then stores it as a mathematical representation on your iPhone’s A7 processor. This data cannot be reverse engineered to produce an accurate representation of your print, nor is it stored in the cloud. In addition, each Touch ID sensor is tied to a specific A7 chip. This means taking one out of an iPhone 5s and swapping it for another will prompt an error message, even if both have never been used.

To use Touch ID, iPhone 5s owners choose the finger they want to use, have it scanned, and then place it over the home button for recognition. According to CNET, if the scanner fails after three attempts, you reboot your phone, or don’t use it for more than 48 hours, the system will go back to asking for your passcode. And any data you have stored in iCloud can’t be accessed via fingerprint scanning — you’ll still need to provide a password. By all accounts, Apple’s fingerprint reader security works almost flawlessly to recognize legitimate users.

Illegitimate Access

A recent Ars Technica article talks about efforts to hack Apple’s Touch ID — efforts which were successful after just 48 hours. Using a laser printer and camera with higher resolution than that of the iPhone 5s produced a cloned fingerprint, which was able to easily fool the fingerprint reader security and allow access. Some experts called the technique “too difficult” for everyday hackers to attempt, while others said that the materials were readily available and amount of time required was not substantial for anyone — a private detective, technology-obsessed teenager, or the FBI — with the motivation to break into your iPhone. It’s also worth noting that Touch ID doesn’t function as a form of two-factor authentication, which would also increase its security. In a two-factor model, just getting to the reader itself would require a password.

According to Apple, however, less than half of all iPhone users actually enable the four-digit passcode lock, leaving their phones entirely open to public scrutiny if lost or stolen. The fingerprint scanner doesn’t require owners to remember anything or carry any kind of special access device —instead, just touching the home button is enough to verify their identity while simultaneously protecting their privacy. The result? Simplicity should lead to greater adoption.

Bottom line? Touch ID isn’t entirely secure. Motivated hackers or interested third-parties can gain access to your iPhone 5s if they’re determined, but that doesn’t mean this form of fingerprint reader security has no value. Thanks to ease of use, more owners should enable the technology, and for day-to-day use, Touch ID helps better protect your phone.

Photo credit: Wikimedia Commons