If you haven’t heard, Apple unveiled two new iterations of the iPhone at one of the Cupertino company’s typically grandiose product events yesterday. As usual, there was plenty of hype to go around, but the biggest change as far as security is concerned is the addition of a fingerprint scanner on the high-end new iPhone 5S.
Biometric authentication as a replacement for passwords has been the talk of the town for years, mainly because good passwords are hard to remember, so people just create bad ones (or just one bad one) that are easy to guess. No biometric form factor is more well-known and widely deployed than the fingerprint scanner. Apple is by no means the first computer company to put a fingerprint reader on a device. Laptop makers dabbled with the idea here and there throughout the 2000s. The practice never really caught on, but the popularity of the iPhone promises to bring the fingerprint reader to the public like never before.
Assuming it works, the real question is this: Will fingerprint-based verification be more secure than passwords? The answer appears to be a wholly unsatisfying maybe.
In a Wired op-ed yesterday, famed cryptographer Bruce Schneier said that “fingerprint authentication is a good balance between convenience and security for a mobile device.” However, he pointed out that the devices have a long history of vulnerabilities. A solid photocopy is enough to trick some of these things, he wrote, while better scanners will examine fingerprint ridges, pores, heat, and pulses and are therefore more reliable. In the end, Schneier reasons that an attacker could reasonably compromise the fingerprint scanner on an iPhone. He also expressed concern about the possibility that Apple may maintain a centralized database of fingerprints, though most of the reporting on this seems to indicate that the fingerprint storage will take place locally, in an encrypted format inside a hidden file on the iPhone itself.
In an NPR report yesterday, Charlie Miller, a well-known Apple hacker and security researcher who has found several iOS bugs, seemed pretty underwhelmed by the security implications of Apple’s new fingerprint scanner. He said it would be possible to reverse-engineer the encrypted fingerprint hash in order to ascertain a plain-text copy of the fingerprint and suggested that the scanner may make iPhones even easier to break into.
“They are not going to do away with the pass code entirely,” Miller told NPR security and privacy reporter, Steve Henn. “So, really, by creating another way to unlock the phone they have created another access point for a hacker to try and exploit.”
As is generally the case with Apple products, the detractors and the proponents are in equal supply. Rich Mogull, a security analyst and the CEO of Securosis, explained in a Macworld article yesterday that there are two types of fingerprint readers: optical readers that merely take a picture of you fingerprint and capacitance readers that actually measure the electrical conductivity of the ridges on your fingers and use those measurements in order to create an image of the user’s fingerprint. The iPhone 5S uses the latter.
Ultimately, Mogull acknowledges (as did Schneier for that matter) that fingerprints are somewhat inherently insecure because – unlike a cryptographic key or password – they are unchangeable. Once a fingerprint is stolen, it is stolen forever. Despite this, Mogull argues that the fingerprint is a vast improvement on the four-digit passcode, and claims it could have serious implications as mobile devices are increasingly used as tokens to access other services and devices.
Phil Dunkelberger, the CEO of Nok Nok Labs, a firm that specializes in authentication (and is also a founding member of the FIDO Alliance), penned a blog on the Nok Nok Labs website yesterday singing praises to Apple for bringing simple but strong security to the masses.
“Apple now has an embedded Fingerprint Sensor (FPS) that it can use to bind a user and a device, reducing the risk of fraud and improving the customer experience within the Apple walled ecosystem,” he wrote.
It remains to be seen how secure the iPhone 5S fingerprint scanner will be, but the good news is that a user’s fingerprint will only be good to access the iPhone itself. In order to access iCloud, App Store, and other Apple services that are reachable from multiple devices that don’t have such scanners, users must still enter a password or phrase.
Apple primed itself to implement new authentication measures into its products when it acquired the biometric authentication company AuthenTec last year.