Pointing fingers at iPhone biometrics paranoia

01 Oct 2013

As featured on TM Forum's the Insider blog.

Who would have thought fingers could become so newsworthy. Sure, they were very important to archers in medieval wars especially if they were captured and had them cut off to prevent them using a bow.

Then there’s reigning F1 world champion, Sebastian Vettel, raising one finger skyward to emphasise his number one status after each race but showing the back his hand indicating to many societies his disdain for them. It shows fingers can be very important.

Now the company that introduced humanity to the concept that the finger is its most accessible tool is being criticized for going one step further and making it a security device for its new iPhone 5S.
Apple, it seems, had the ‘audacity’ to introduce fingerprint identification as an ‘added security feature’ to its device to encourage people to use an easier form of security and allow them speedy access instead of having to enter a PIN.

Criticism for this remarkable new security breakthrough (OK, I’m being a bit sarcastic here) immediately flowed from the strangest of sources and drew the attention of hackers keen to claim the prize for being the first to break it.

“If hackers get a hold of your thumbprint, they could use it to identify and impersonate you for the rest of your life,” Senator Al Franken, a Minnesota Democrat, is reported to have said in a letter yesterday to Apple CEO Tim Cook. Indeed, but would it stop the National Security Agency.

Franken asked many more delving questions like “is it possible to extract fingerprint data from an iPhone, and whether Apple could assure users it would never share their fingerprint files with any government, including the US.” Perhaps Apple should ask if the government could guarantee its agencies would not demand that information.

It’s quite remarkable that for over 100 years, fingerprint identification, or dactyloscopy, had been used as the most secure means of identifying people and to track down criminals and murderers, many of whom met their fate at the hands of juries and executioners based heavily on fingerprint evidence.

The Chaos Computer Club hacker group claimed its moment of glory by ‘easily’ creating a ‘fake finger’ to hack Apple’s new baby. It was done by photographing a fingerprint on the iPhone (must have been plenty to choose from) with 2400 dpi resolution, then cleaned up, inverted and laser printed with 1200 dpi onto a transparent sheet with a thick toner setting and mixed with pink latex milk or white wood glue then lightly moistened by human breath, before being placed onto the sensor to unlock the phone.

Yes, that’s all so easy, but wouldn’t it be easier to just cut off the owner’s finger and use the real thing instead, like they do in the movies. Or, better still, use the hijack method so popular with ATM bandits by holding a gun at the victim’s head forcing them to stick their finger on the phone or give over the PIN.

Anyway, if you are really frightened to use the fingerprint scanner after all this you can always revert to the old ‘really secure’ PIN entry method. Oh yes, the experts tell us that is also easy to break because we don’t clean our screens often enough and the most used numbers on the keypad have finger gunk left on them making the task much easier for crims.

Really, what is all the fuss about? There are so many other ways to protect the data on a stolen handset, including ‘Find My Phone’ that can lock and scramble data remotely. It seems whatever you do PRISM will still be able to get your data. If you are still paranoid, don’t store anything on your iPhone in the first place or, better still, don’t use any device whatsoever!

Related content

No Comments Yet! Be the first to share what you think!