Current Weather
The Spy FM

Key To Unlocking Your Phone? Give It The Finger(print)

Filed by KOSU News in Business.
September 10, 2013

The first note I sent out after Apple announced it was including a fingerprint scanner in the new iPhone 5s was to Charlie Miller.

Miller, who learned how to hack at the National Security Agency and now works in security for Twitter, has hacked connected cars, wireless connections and NFC devices. But what he’s best known for — what he seems to enjoy more than almost anything else — is hacking into Apple.

So I was curious. If Apple is rolling out a fingerprint scanner as a way to replace passwords, exactly how long would it be until Miller got to work trying to figure out how to exploit the system?

It is undeniable that passwords are only a half-effective form of security. They are a pain. Apple says roughly half of iPhone users don’t even bother to set them up. Your password could be guessed, broken with brute force or stolen.

No one will mourn the end of the password, which no doubt is why Apple is pinning its hopes for the 5s to a fingerprint scanning system, called Touch ID, that could make passwords obsolete.

Apple spent more than $350 million to buy AuthenTec last year. AuthenTec owned a number of security patents, including some covering fingerprint scans.

But Apple isn’t the first smartphone manufacturer to try this — and fingerprint scanning isn’t foolproof.

In 2011 Motorola release a phone with a scanner. Joshua Topolsky, then writing for Engadget, had this to say:

“As far as truly unique hardware goes, the fingerprint scanner seems fairly novel — but in practice it’s a little frustrating. It does work as advertised, but being told to re-swipe your finger if it doesn’t take when you’re trying to get into the phone quickly can be a little bothersome. Unless you really need the high security, a standard passcode will suffice for most people.”

A key test for Apple will be whether its version of this technology just works.

But now, with a fingerprint scanner built into the iPhone 5s’ home button, biometrics are taking a big step into a much bigger ecosystem. And the scan won’t just be used to start the phone. Apple says you’ll also be able to confirm purchases in the App Store using a print instead of your Apple ID password. But — for now at least — don’t expect to pay for anything outside of Apple’s ecosystem with your finger. App developers will not have access to the scan.

Apple did do its best to assure consumers that the fingerprint data it collects from users will be kept safe and private. The scanned print won’t be uploaded to Apple’s iCloud. Instead, it will be stored in a secure “enclave” on the iPhone, and Apple says the data will be encrypted.

“I don’t think the encryption will be a big hurdle for a hacker,” Miller said. “Apple is going to have to compare that encrypted data with a new scan before they unlock the phone. So they are going to have to decrypt it at that point. You could re-engineer that process.”

“Of course, doing any of this is difficult,” Miller added. “You have to remember you are starting with a phone that’s locked and you can’t get past the pass screen.”

Nonetheless Miller said, in terms in terms of overall security, adding fingerprint scanning is only likely to make iPhones easier to break into.

“They are not going to do away with the pass code entirely,” he explained. “So, really, by creating another way to unlock the phone they have created another access point for a hacker to try and exploit.”

If the 5s sells as well as its predecessors it’s conceivable that 100 million people could be using fingerprint scanning with the year. And that has already raised some privacy questions.

If you are worried about someone, like the police, getting a copy of your prints, there are probably easier ways than hacking your phone. After all, if the authorities have your smartphone they could probably lift a print from the glass screen the old-fashioned way — by dusting for one. [Copyright 2013 NPR]

Leave a Reply

9PM to 5AM The Spy

The Spy

An eclectic mix of the Spy's library of more than 10,000 songs curated by Ferris O'Brien.

Listen Live Now!

5AM to 9AM Morning Edition

Morning Edition

For more than two decades, NPR's Morning Edition has prepared listeners for the day ahead with two hours of up-to-the-minute news, background analysis, commentary, and coverage of arts and sports.

View the program guide!

9AM to 10AM The Takeaway

The Takeaway

A fresh alternative in morning news, "The Takeaway" provides a breadth and depth of world, national and regional news coverage that is unprecedented in public media.

View the program guide!

Upcoming Events in your area (Submit your event today!)

Streaming audio and podcasts

Stream KOSU on your smartphone

Phone Streaming

SmartPhone listening options on this page are intended for many iPhones, Blackberries, etc. with low-cost software applications available to listen to our full-time web streams, both News on KOSU-1 and Classical on KOSU-2.

Learn more about our complete range of streaming services

We're perfecting the patient experience - Stillwater Medical Center