Apple

New Fingerprint Scanner for iPhone – The Good and the Bad

Posted on September 16th, 2013 by

Digital fingerprint

Last week, Apple announced a new fingerprint scanner in the upcoming iPhone 5S, which is now available for pre-sale. On the one hand, this can seem a bit excitingly futuristic, but on the other hand, how many of us have had work laptops with a thumb scanner that we used precisely once? Given that this is quite a mixed bag, in which scenarios would this be a good or bad development?

 First – The Good

  • Getting people to use any protection
    There are a lot of folks out there who don’t even use a passcode for protection. If those folks, who can’t be bothered to remember and enter a 4-digit number, can just mash their thumb into their phone, it might incrementally increase the security of people’s phones.
  • Additional authentication factor
    It doesn’t seem that initial implementation of the fingerprint scanner will include the possibility of using both a passcode and a fingerprint. However, a passcode will likely be a used as a backup authentication method for the scanner, so in the future Apple will perhaps allow users to require both. True two factor authentication on your phone? Now that could be cool!

And Now – The Bad

  • Fingerprint scanners can be fooled
    If you watch Mythbusters, you may recall that episode of Mythbusters from 2006 where they fooled fingerprint scanners with three different copies of people’s fingerprints, one of them just a piece of copy paper. Granted, that was 7 years ago and Apple’s technology sounds slightly more sophisticated, so it’s probably not going to be fooled with copy paper. And nobody’s going to “chop off your finger,” as some reports have ludicrously suggested, to make that happen. But it may still be that these scanners can be easily beaten; only time can tell.
  • They can also be finicky
    A friend of mine who worked for a certain popular microchip manufacturer that had one of those laptops with a fingerprint scanner, which was standard company issue at the time, was banned from enabling the function because it was causing too many support calls when it inevitably malfunctioned. Fingertips that are wet or heavily scarred won’t work well, for instance. That pretty much excludes anyone in the rainy Pacific Northwest! It’s likely this will be one of the biggest complaints when people start using the new fingerprint scanner, if people do enable it. Which is a pretty big If.
  • Your fingerprints will be stored
    Those of us that are feeling a bit creeped out by the NSA are probably not going to want to use the new fingerprint scanner. Regardless of whether they store the image locally or in the cloud, a copy of your fingerprint will be saved somewhere. That likely means it can be subpoenaed in some capacity. And will apps have access to this data? That’s a whole lot of potential security breaches waiting to happen. Fingerprints are not like passwords – once they’re leaked, they can never be changed.
  • The Fifth Amendment does not include fingerprints
    As some legally minded folks have pointed out, the Fifth Amendment won’t protect people from being forced to “hand over” their fingerprints. This amendment only deals with having to testify against oneself, which doesn’t include biometric data. That is to say you can be forced to give law enforcement agents a key, which is a physical object, but you can’t be forced to reveal the contents of your mind. When the contents of your mind includes a password, you may be protected (mostly depending on which judge you get), but that area of law is still pretty hotly debated.

All in all, this isn’t exactly a game-changer in terms of either security or privacy. In my opinion, it’s unlikely that the feature is going to be all that widely used, after a little initial curiosity. The upsides are too few, and the downsides (particularly the inconvenience factors) are potentially many.

What are your thoughts on the new fingerprint scanner for iPhone? Do you think you’ll use it or recommend it to others? What do you see as the possible benefits?

  • http://Mac-Security.blogspot.com Derek Currie

    Giving in to users who don’t bother to use authentication on their devices, including the iPhone 5S, is a step BACKWARDS IMHO. The entire point of adding a fingerprint scanner to a device that previously only used passwords, is to provide at long last multi-factor authentication. There shouldn’t be any options. The user should use both a password and a fingerprint and praise the terrific boost it provides in device security.

    But instead Apple is trying to simply get users (aka ‘lusers’) to use any authentication at all. Are we still that incredibly primitive about security? Apparently so. I’m waiting to see if Apple allow (imagine that) two factor authentication on the iPhone 5S. If not, displeasure and use of the term ‘Luddite’ will be my response. Oh, and the phrase ‘for shame!’

    Let’s catch up with the real world please Apple. Too bad if the users find serious security to be ‘inconvenient’.

Sign up For Our Newsletter

Get the latest Mac security news direct to your inbox.

{"url":"\/marketo\/json\/add-to-newsletter","data":"list_name=Blog Roadblock"}