Let’s start with a little Biometrics 101 before we analyse Apple's offering.
Biometrics is the identification of humans by their characteristics or traits - most often used for access control or surveillance tracking.
Biometric identifiers are physiological or behavioural characteristics, or a combination.
Physiological characteristics include body shape, fingerprint, face recognition, DNA, palm print, hand geometry, iris recognition, retina, and odour/scent. If you believe Hollywood, these characteristics have the greatest potential for fraud. A 3D printer can replicate a fingerprint - or a whole hand or microthin glove - or render a realistic facemask as thin and lifelike as to fool even infrared imaging.
Behavioural characteristics include the pattern of behaviour of a person, like typing rhythm, gait, and voice. As these are harder to copy, attempts to use recorded or edited utterances are rejected. See iTWire article for more on voice biometrics.
Simple summary – Fingerprints can be copied. The question is why Apple embarked on this course instead of using Siri - Voice biometrics is almost impossible to copy.
Why Apple added fingerprint authentication and what are the issues.
We now know that the Apple A7, 64-bit chip is based on an ARM v8 processor core. A feature of the v8 is that it supports cryptographic acceleration that speeds up authentication, therefore fingerprint recognition is a no brainer, and all ARM 64-bit smartphones will eventually have it. So, there was relatively little complexity in adding a sensor and an app to drive it.
In the short term, it provides a level of security not found in other smartphones, particularly for those people who do not PIN protect their phone. Analysts, however, see this purely as focusing on the ‘apparently trivial problem of entering a password instead of the greater issue of secure authentication for e-commerce’.
Security expert Bruce Schneier says fingerprint technology can be easily subverted: “Your fingerprint is not a secret; you leave it everywhere you touch. Failures will be more common in cold weather, when your shrivelled fingers just got out to the shower, and so on.”
Schneier’s article is here, published without him having seen the 5S, so please take it as an academic essay. Only time will tell if the 5S can be hacked. A summary follows:
- Fingerprint readers have a long history of vulnerabilities. Some can be fooled with a good ‘photocopy’ – the better ones have pulse and finger temperature measurement as a safeguard - the 5S does not.
- A fingerprint reader only authenticates that the enrolled (on record) fingerprint matches the scanned fingerprint. It does not verify to whom the print belongs.
- The fingerprint system has a vulnerable PIN failover system - once logged in fingerprint recognition can be disabled.
- Fingerprint authentication can be hacked especially with the advent of low cost, high detail 3D scanning, and printing. If someone goes to all this trouble, the iPhone owner probably has greater security issues at stake.
- Apple has apparently decided to store the fingerprint on the phone instead of in the cloud that would be an enormous security risk. Storing in the phone limits the useability of the authentication and it could be dangerous to use it as the sole authentication for e-commerce transactions.
Commentary ranges from old wives tales about people who have had fingers chopped off to circumvent fingerprint security systems to the NSA having access to hundreds of millions of iPhone 5S user’s fingerprints and personal details. In the latter case, NSA et al will likely have some backdoor access, but as the authentication is not cloud-based then they cannot do much on a phone-by-phone basis.
Another thread is about loaning the phone to family members. Yes, it does support multiple fingerprints but unfortunately not multiple user profiles.
The most common thread is that fingerprint authentication is really intended for the majority of people who do not lock the phone at all! Fingerprint authentication will not stop a determined adversary.
Until the crooks have had time to work out hacks, I applaud Apple for including fingerprint Touch ID in the 5S, and therefore popularising this technology and the need for more security.
Sadly, I think Siri voice recognition and conjoint facial recognition is the answer but that would put a processing load - and potentially unnecessarily long login time - onto the phone so that won’t be popular.
On the e-commerce front, it will be limited to use as a secure way to approve purchases from the iTunes Store, App Store, or iBooks Store. I really hope that it does not become the standard for all e-commerce, as it is too easy to circumvent.
Fingerprint readers can indeed be useful at the convenience end of the access control spectrum.
A little bit of humour
On a phone, fingerprints can be very useful for selective access control. Given "locked screen" state:
- Left middle finger / "Salute to authority": Immediately shuts down device and rerases everything (and good luck with the NSA backdoor key).
- Right index finger / "Nothing to see here, officer": Unlocks vanilla applications only.
- Right middle finger / "Salute to authority with cherry on top": Same as "nothing to see here,” but also sets up video and audio stream to American Civil Liberties Union servers.
- Left pinky, if applied during secret time window after screen activation / "Dr Evil mode": Unlocks all apps.
- No Finger – NSA does not need one