Apple’s print scanning might make us all safer
The introduction coincides with the rise of cybercrime and revelations that the U.S. National Security Agency has intercepted Internet communications and cracked encryption codes on devices including the iPhone.
Apple said that on the new iPhone, information about the fingerprint is stored on the device and not uploaded to company networks - meaning it wouldn’t be in data batches that may be sent to or collected by U.S. intelligence agencies under court orders.
“They’re not building some vast biometric database with your identity associated with your fingerprint that the NSA could then get access to,” Joseph Lorenzo Hall, senior technologist with the Washington-based Center for Democracy & Technology, said in an interview. “That’s a good thing.”
The iPhone 5S uses a sapphire crystal to read a user’s fingerprint to unlock the phone, Apple said Sept. 10 as it unveiled the model that’s to go on sale Sept. 20 in some countries.
Apple’s use gives the technology an endorsement that will probably lead other mobile phone makers such as Samsung Electronics and HTC to include biometrics in their products, said Avivah Litan, a technology analyst at Gartner Inc., the Stamford, Connecticut-based research company.
“This is an inflection point because companies are looking for better ways to authenticate users,” Litan said in an interview. “This is an important milestone.”
Before Apple unveiled the iPhone 5S, stocks of biometric makers were on the rise in anticipation the phone would incorporate fingerprint authentication. Over three weeks, shares of Precise Biometrics AB, a maker of authentication equipment in Lund, Sweden, increased 69 percent and Fingerprint Cards AB, another Swedish maker of biometric security solutions, moved up 52 percent.
Biometric identification systems, including voice and iris scans, usually are harder to defeat than passwords, which can be stolen or deciphered.
Biometrics could be used in mobile applications for banking and online buying in about 18 months, Litan said.
“Banks and e-commerce companies are taking advantage of these technologies and are already experimenting,” she said.
Jennifer Lynch, a staff attorney with the San Francisco- based Electronic Frontier Foundation’s digital rights group, said there aren’t regulations surrounding the collection of biometric data.
If companies don’t adequately safeguard information they may face action by the U.S. Federal Trade Commission, which monitors fair business practices, Lynch said.
Apple, by not pulling fingerprint information into its databases, is making it “extremely difficult” to steal information stored on the device, Anil Jain, a computer scientist at Michigan State University who conducts biometrics research, said in an interview.
A hacker or intelligence agency would have to break into the smartphone, find a way into the secure chip with fingerprint information, download and decrypt the data, and then recreate an image of the print.
“It’s a pretty complicated process,” Jain said, but added that nothing is completely hack-proof. “If you spend enough resources on it, anything is possible.”
The German magazine Der Spiegel on Sept. 7 reported the NSA cracked encryption codes to listen in on the 1.4 billion smartphones in use worldwide, including the iPhone.
“I’m sure that someone with a good enough copy of your fingerprint and some rudimentary materials engineering capability - or maybe just a good enough printer - can authenticate his way into your iPhone,” wrote security researcher Bruce Schneier, in a blog before the iPhone 5S was unveiled. “But, honestly, if some bad guy has your iPhone and your fingerprint, you’ve probably got bigger problems to worry about.”
No two fingerprints are alike, which helps make them a strong security feature, Dan Riccio, Apple senior vice president for hardware engineering, said in a video the company released to explain the technology.
“It’s never available to other software, and it’s never stored on Apple servers or backed up to iCloud,” Apple’s Web- based sharing system, Riccio said.
More in Industry
No dial tone for 2G services on LG U+ starting in June
Ironing out an air corridor took decades
Kia reinvents itself, promising 'movement that inspires'
Hanwha Energy teams up with France's Total in U.S.
Scatter Lab investigated, but not for odd messages