The internet is abuzz with whispers that Apple’s iPhone 5, rumored to be launched this week, will come with a fingerprint scanner to secure the device. If true, this could be a big step forward in Apple’s quest to make the iPhone a digital wallet.
Here’s what we know: Apple will release the iPhone 5 on Wednesday, September 12 at a company-sponsored event. Actually, we don’t know that. What we do know is that the company has sent out invitations to members of the media for an event in San Francisco dated September 12 that is widely expected to be the launch of the phone.
As for the rumors about a biometric fingerprint scanner as one of the new features of the iPhone 5 – they’re mainly informed speculation, based on an announcement in late July from security device maker AuthenTec Inc.
AuthenTec had entered into an agreement that had Apple buying it for $8.00 a share, or around $356 million in cash.
AuthenTec, you might recall, makes a wide range of security technology for mobile devices and corporate networks. (Actually, Naked Security wrote just last week about a dire security warning from the Russian firm Elcomsoft, which accused AuthenTec of storing Windows passwords insecurely in management software that is installed with the UPEK scanners. AuthenTec vigorously denied the allegation, and Elcomsoft, to date, hasn’t produced any proof to back up their claims.)
Whatever the case, stories like these are likely to get more airplay if AuthenTec becomes the official security hardware provider for Apple, following the Florida-based company’s shareholders’ vote to approve the acquisition at a meeting set for October 4.
As for the scanner itself, it would most likely be AuthenTec’s AES2750 ‘made for mobile commerce’ smart sensor. That’s a 192×8 pixel fingerprint sensor array with support for AES256, and RSA2048 encryption, SHA-2HMAC hashing and DSA160 signing, among other security features. It can do on-chip encryption of fingerprint scans and corresponding user credentials and can be mounted either on the edge of a device or on the back. It supports OAuth for authorization as well as the NFC and OTP protocols.
In terms of looks, AuthenTec has already done deals with handset maker Fujitsu, whose REGZA T-01D phone comes outfitted with AuthenTec’s AES1750 Smart Sensor fingerprint scanners.
You can’t get them outside of Japan, though, where they’re offered by NTT Docomo, but check out this (Japanese language) promotional video, which shows how the scanner looks and works on the REGZA phone. (The bit about using the SmartSensor scanner comes at the 1:27 mark)
There’s also a home-baked version of the same demo here – if you can stand the elevator music playing in the background, the demo of the finger scanner comes at around 4:25 mark.
Of course, there’s no guarantee that AuthenTec’s scanner will make it into the iPhone 5. However, Apple’s acquisition of the company almost certainly means that the biometric devices are coming to iPhones, iPads and Macbooks at some point in the near future – if not on September 12.
What does this mean for security on mobile devices? We actually have a pretty good idea based on a long running trial called “the mobile pc market.” After all, fingerprint scanners have been available for laptops for many years.
The thing is, most consumers consider them an expensive and unnecessary add-on, and rarely use them when they come as standard. In fact, their use has been limited to security-conscious corporations and governments.
Coupling a biometric scanner to a mega-popular device like the iPhone would be – hands down – the biggest and highest profile consumer biometric deployment the world has ever seen, but that doesn’t mean the technology would be widely adopted.
Without a doubt, biometric scanners with encrypted finger scan and passwords would harden the devices against tampering and make them somewhat less attractive to thieves, though it’s unclear if wiping a device would circumvent the biometric protection. If so, the sensors are good for data protection, but might do little to stem the tide of iPhone-focused crime.
My bet is that, for Apple, having a biometric scanner is much more about boosting iPhone’s capabilities as a mobile wallet than it is about device security.
Mobile payments is on its way to becoming a huge market, and a revolution in commerce. But, thus far, Apple has kept a low profile on the issue. It still hasn’t indicated whether iPhone 5 will be NFC (Near Field Communications), with some iPhone watchers suggesting it won’t.
You can’t blame the company for keeping its powder dry: the market is fragmented among competing technology platforms (Google, PayPal, Visa, MasterCard), handset makers, carriers and payments firms and retailers.
Want to guess who currently heads up the biggest retail mobile payments platform in the U.S.? Visa? MasterCard? eBay/PayPal? Square? Nope. It’s apparently Starbucks. Yes, _that_ Starbucks. You can hardly blame Apple for wanting to remain above the fray.
AuthenTec may just be a piece in a longer term plan to put its weight behind a secure and non-refutable mobile payments technology that couples biometrics with best-of-breed mobile wallet technology, whether that be Google Wallet or an alternative of its own making.
But will iPhone users actually take advantage of the tougher sign-on security? I think that, when you watch this guy fiddling with the feature on his new Fujitsu phone, you’ve really got to wonder.
Phones are bright and sexy and filled with cool features, no wonder this guy spends about three times as much effort choosing his wallpaper scheme than in vetting the fingerprint scanner that secures the device.
In short: if iPhone users need to swipe their finger to complete a purchase, they most certainly will – and they may even appreciate the extra security. But it’s doubtful that the presence – or absence – of a finger scanner will make one bit of difference in the iPhone 5’s sales figures when it comes out later this month.