Sophos Cloud Optix
After months of speculation, Apple has unveiled the latest iteration of its iPhones, with the usual fanfare and drama from Apple, and obsessive queuing from fans.
Catching most headlines have been the usual details of improved camera and battery life, and the availability of an “affordable” model, the 5c, a plastic affair in a wide range of colours. The main metal model will offer only gold, silver or grey.
Of most interest from a security viewpoint is a fingerprint-based authentication system in the top-of-the-line 5s, referred to as “Touch ID”.
The authentication system, based on a new material for the home button and a metal sensor ring around it, has been the subject of numerous rumours and leaked photos and specs already.
Speculation about Apple’s interest in fingerprints goes back at least as far as 2009, resurfaces each time a new version of the iPhone is launched, and has grown steadily ever since Apple’s pricey acquisiton of fingerprint tech firm AuthenTec last summer.
Today’s confirmation at the iPhone 5s/5c launch ceremony makes it all official at last.
According to Apple’s promotional material, the sensor:
uses advanced capacative touch to take, in essence, a high-resolution image of your fingerprint from the sub-epidermal layers of your skin. It then intelligently analyses this information with a remarkable degree of detail and precision.
As well as unlocking the phone, the sensor will be able to approve purchases at the Apple store.
Fingerprint authentication has been a common sight in laptops for some time, with major vendors including Dell, Lenovo and Toshiba pushing their own built-in variations, usually available as an option alongside more traditional login methods.
There are also a range of other implementations available, including many smartphone apps and external readers supported by the Windows Biometric Framework and some leading password managers.
Fingerprints thus probably rank a little above facial recognition as the most widely-deployed biometric authentication technique at the moment.
In the past, however, they have proven rather unreliable, plagued with security worries, although suspected flaws are not always proven. Nevertheless, many fingerprint scanners seem to be open to spoofing.
Fingerprints are not secret: we leave copies of them wherever we go, even if we’re trying hard not to, as cop show afficionados will be well aware.
Once someone devious has got hold of a copy, purely visual sensors can be fooled by photographs, while more sophisticated techniques which measure textures, temperatures and even pulses are still open to cheating using flesh-like materials, or even gelatin snacks.
Just how hard it will be to defeat Apple’s recognition system remains to be seen, but as crypto guru Bruce Schneier has pointed out, there’s a big danger in using fingerprints to access online services: the temptation to store the fingerprint info in a central database.
Unlike passwords, of course, if your fingerprint data is lifted from a hacked database, you can’t simply change it, short of getting mediaeval on your hands with acid, sandpaper or some other hardened-gangster technique.
So, as expected, Apple has opted to keep all information local to the iPhone – indeed, it is apparently kept in a “secure enclave” on the new A7 chip and can only be accessed by the print sensor itself.
Expect this storage area and the connections to it to become the subject of frenzied investigations by hackers of all persuasions.
Of course, Apple is not alone in looking into fingerprints, with arch-rivals Samsung also rumoured to be making moves in that direction. (Samsung was a major customer of AuthenTec before it was acquired.)
In the long term, how similar their approaches are may be a significant issue for all of us, whatever our smartphone affiliation and whether or not we worry much about privacy, and not just thanks to the inevitable legal rumpus.
There are two basic approaches to security: either the way things work is kept proprietary and secret, as far as possible, or it’s made open for general consumption, and more importantly for verification.
A cross-vertical group, the FIDO Alliance, was set up earlier this year to develop open specifications for biometric authentication standards, with members including Google, PayPal, hardware makers like Lenovo and LG, and a raft of biometrics and authentication specialists. Beleaguered phonemaker BlackBerry is the latest big-name inductee.
The alliance’s aim, to create a universal approach to implementing biometrics in combination with existing passwords and two-factor dongles, is a noble goal.
Sadly, given Apple’s history of playing well with others, it’s pretty likely that, as with their connector cables and DRM systems, their fingerprint setup will remain aloof from any attempts to build a truly universal consensus.
Even if a two-culture system prevails, widespread deployment in mass-market handhelds may well be a gamechanger for the adoption of biometric authentication. Touch ID and its inevitable followers could be a major part of all our futures.
Nice approach, however they say they will not provide any API for that, so for authentication of other apps it is not a plus. Hope they will reconsider.
Not forgetting that a certain Jamie Hyneman and Adam Savage had no problems defeating a high tech fingerprint scanner when they had a go at fooling it back in 2006…
I'm stunned by the celebration of mediocrity all over the Internet by this. I had a biometric reader on my Dell notebook (like forever ago) and hated it. I'm sure I'd be the first one to find a way to disable this on my phone. The average Joe will get little use from this, and professionals that want security will be under a false security veil thinking this can stop people who really want in.
Didn't Jack Bauer cut off someone's finger and use it for fingerprint identification on "24"? 😉
It's been done that way in loads of movies – the other more hightech one is sticking a sheet of film over your finger with the target's print on it, which I'm sure I've seen in James Bond or Mission Impossible or something.
Apparently quite easy to do just with wood glue.
It should be easy for the scanning device to detect the flow of blood. A cut-off finger shouldn't be recognised as valid by any decent fingerprint authentication device.
If you cut your finger, will you be able to unlock your phone? If there's some way to bypass the security in case of ruined real-life fingerprint, then that's as good as not having it at all.
The answer is usually somewhere in the middle; fingerprint scanners actually take multiple "points of interest" and then use selections of them to form multiple hashes. You then have to match a certain number of those hashes to be considered the right fit.
So if you sanded off your finger/burned it in acid/etc, the scanner would fail and you'd have to enter your backup password. But if you've just cut it or sanded off the tip, there should still be enough unique information available to let you pass.
If I understand correctly, the Apple version seems to be using capacitive differential (how easily electricity flows through your skin) across many points, generating many many hashes to compare. This means that it isn't really looking at your print at all, but at the subsurface layer of your skin, and how the resistance to electricity differs over the various parts. This means that messing with your actual fingerprint probably won't make much of a difference (including cuts), but having dry hands, or being one of those people who can't use an electric heart rate monitor pad may cause it to fail.
My Lenovo laptop has a fingerprint scanner, and that allows you to store multiple fingers – having both index fingers is handy for reaching across the desk while I'm eating, as well as backup, although in that case you can still choose to just type in the password.
Isn't biometrics old news (like really old)? I have an old Dell laptop within arm's reach that has a thumb scanner on it that I've used a grand total of zero times. The best security – KEEP YOUR PHONE WITH YOU!! I've seen lots of people wander up to the counter at Starbucks and assume their laptop, phone (and a few times – a wallet) are safe because they are in Starbucks? Those people are just asking to become a theft-victim statistic. Sure the thief won't be able to unlock your phone, but either will you when it's in a dumpster somewhere. The biometric scanner – lame. Apple's creative innovation – fail. I expected LOTS more from Apple than this.
If you want to give your phone to your child temporarily to use, how does that work? One would *hope* this new shiny feature comes with an opt-out switch.
If you want it really temporary, you use Apple's existing privacy (log in first, set up the apps that your child can use, block out any buttons/etc they shouldn't be allowed to use) and give the phone to them. Password/thumbprint required to enter/leave this mode.
If you're loaning it to them for the day, you set a new password for them or set their fingerprint. Revert it when they give it back to you.
The thumbprint is a "quick entry" mechanism — you can still enter your (long and secure) password instead to change thumbprints or access your device.
Although what I'd really like is the ability to store multiple sets of prints, with each set having its own sandboxed user profile. So you can give the device to your child, and they have their own subset of apps viewable and their own locked-down and limited set of actions available. Back to you, and your print will open up the expanded set of options.
Maybe we'll see this with iOS 7.
More information available at http://tidbits.com/article/14089 — it appears Apple supports multiple fingerprints.
Maybe it’s a good time to NOT give your phone to a child as it’s not a toy. As far as fingerprint ID’s go, being a retired Law Enforcement officer I have some experience in that art. Most of what is said is pretty much correct, our courts rely on at least 10 points of ID of a fingerprint, so you would have to do a major job of destroying you skin to make a difference and any part of your skin pattern is as unique as a fingerprint. So you should be able to stick it to your nose and get an authentication from the device. A good backup would be use a different finger, toe or nose print as another authorization as I understand they allow multiple entries.
Also contrary to public belief it is about impossible to destroy a fingerprint, as you would have to burn it off down below any reproduction level, and then that print would be IDable. Also as I stated any part of the body should be printable for ID, feet, toes, palms, heels, checks etc… Also, I’ve seen people try to copy fingerprints via copy techniques and have never seen it work as it did in “Bourne” movies. They have tried all kinds of different materials and all have resulted in failure. Lets hope this keeps up as one of the perfect (aside from DNA) ways to ID yourself or someone else is by a skin ID. If it was easily repeatable, it wouldn’t be usable in court, as it is today.
Working with inductance or capacitance is not one I have really seen, as it is used in polygraph equipment (lie detectors) as the skin resistance change very quickly and also it’s capacitance. Polygraph detectors are only allowed in court in the state of Delaware, I believe, as it really is a useless apparatus. If you doubt me, try one and squeeze your sphincter, that will change your blood pressure, respiration and skin resistance very quickly, and it doesn’t mean you are lying. The failure with it is it’s read by an operator (read human) and they can be fooled, especially by someone who cares nothing about lying, killing or any crime. All multiple murders (such as Bundy) have passed polygraphs with flying colors. You must have a conscience to be effectively polygraphed.
It will be interesting to see when someone ID’s the API and its call structure, which will happen, can’t keep it secret. And how the hardware itself works, I guess its wait and see…
Jack
Have you ever heard of Citibank Japan and the ATM PIN + Fingerprint scan to access your account …
If cut off .. won't work !
So now when someone steals my iPhone I get my finger chopped off too. Nice thought.
I like the idea but just a novelty for me. I don't use pass code anyway…
Does anyone know how many unique points the scanner is using? Law enforcement relies on 12-16 unique points for identification; one would hope this phones uses a similar level of accuracy.