iPhone 5S fingerprint scanner: A security researcher’s perspective

(The Philippine Star)
-

MANILA, Philippines - The new iPhone 5S packs a lot of new specs, but the star of the show from a security researcher’s perspective is undoubtedly the biometric fingerprint scanner, Touch ID.

While the API for the scanner is not currently open, the implications of the technology could be huge for the adoption of two-factor authentication beyond the enterprise.

As mentioned in FortiGuard’s Midyear Threat Report, two-factor authentication (2FA) is expected to replace the single password sign on security model. While the adoption of 2FA has seen some mainstream usage in applications like Twitter, Dropbox, Evernote, and Facebook, it has yet to fully replace the convenience of single factor.

After Apple’s announcement, FortiGuard asked its threat research team what they thought of this biometric introduction:

Guillaume Lovet, senior manager of FortiGuard Threat Response, had this to say: “From the point of view of a cybercriminal who has trojanized your phone, there is little difference between a fingerprint and a password. If the device is compromised, it can intercept and reuse the digital form of both (say, to complete a money transfer), which boils down to a series of 0s and 1s.”

While Apple claims there will be a dedicated stronghold within the new A7 processor where this data will be stored, a breach into that secure layer would usher the biometric authentication method completely useless.

Guillaume added: “From a security point of view, it would be interesting to check if fingerprints carry enough information bits to be used more like a private key (likely protected by a password), that you cannot lose, don’t have to generate and is kind of universal.”

While the fingerprint scanner packs quite a punch at 170 micron thin 500 ppi resolution and the ability to scan sub-epidermal skin layers, if the information is stolen, the possibility of using the data like a private key would be moot.

Axelle Apvrille, FortiGuard’s resident cryptology expert and mobile researcher has explored the pitfalls of 2FA here: Zitmo Hits Android.

Richard Henderson, a security strategist for FortiGuard Labs, voiced some advice on the topic: “The reality here is that, while Apple is the first to implement a biometric method of authentication on such a wide scale, this is being sold and used strictly as a convenience — not as an additional layer of security.”

See more at http://blog.fortinet.com/iPhone-5s-Fingerprint-Scanner--A-Security-Researcher---s-Perspective/#sthash.LNB7XWKH.dpuf.

SPONSORED ARTICLES

Getting a home loan is easy when you're prepared (3 basics you need to know)

Banking

3 simple hacks to unlock tasty and balanced meals

Food and Leisure

Converge unlocks next-level hospitality with 'Concierge with SkyTV'

Technology

Unilab Foundation explores academic partnership with Philippine Women’s University

Health And Family

Get rid of photobombs in 1 tap! Honor flagship phone now features AI eraser

Gadgets

Notice of Special Meeting of Stockholders

Biz Memos

Why ‘Swipe Coupons’ should be your habit before hitting SM Malls – plus the latest deals!

Shopping Guide

Belo Medical Group celebrates 34 years of excellence with launch of flagship clinic Nexa

Health And Family

Watsons celebrates big wins at Marketing Excellence Awards Philippines 2024

On the Radar
Show comments