Last week, Apple took the wraps off its latest iPhone models — the 5S and 5C. The 5C is a budget model with a plastic case; the 5S is the upgrade with a faster processor, some improvements to the camera, and better battery life.
The “oh, wow,” feature, or what the late Steve Jobs would have introduced with “There’s just one more thing…” at the end of his talk, is a fingerprint sensor. Behind the familiar “home” button is a scanner that allows users to unlock the phone with their fingertip, without entering a passcode. Laptop and some desktop computers have had fingerprint readers for years. This is the first one on a smartphone.
Securing an iPhone
iPhones and other smartphones can be secured with a passcode, but most people don’t use them. The passcode has to be entered every time the phone is turned on, and people get tired of doing that. Most of the people who do use the passcode feature have it set to accept the minimum four characters. A thief can often determine the passcode by holding the display up to the light at an angle and seeing what portions have the most wear or smudges.
Cops’ phones are especially vulnerable, if for no other reason than there are more people who would like to mess with your life than might be the case for the typical private citizen. The thief who gets your smartphone has many of the keys to your kingdom. Depending on how you use the phone and what you have installed on it, he has your contacts list, your Facebook and Twitter accounts, your calendar, your website history, your text messages, your family photos — the list goes on.
The improved security of fingerprint identification is nice, but some privacy advocates are claiming that this technology provides Apple, and whomever Apple decides to share with, all their users’ fingerprints. It could be the first step in creation of a truly universal fingerprint database.
The concerns are probably unfounded, even given Apple’s history of collecting information about their customers that the customers didn’t necessarily want to give them. A few years back, an application developer found that iPads and iPhones stored a file called consolidated.db that contained the location data of everywhere that device had been, and when it had been there, for at least ten months.
The data got transmitted to Apple every 12 hours if there were a Wi-Fi connection available. Apple said it was encrypted and anonymized so that the data couldn’t be connected with specific users. Not everyone bought that last part.
Not a Fingerprint Registry
Apple says that the fingerprint pattern data used for the passcode feature is stored only on the device, and not transmitted to Apple or anywhere else. Further, it does not store the entire fingerprint image, but only the image of the tip of the finger, where the user would typically touch the sensor to operate the phone.
This makes sense, given the way most fingerprint scanners used for security access function. When the user “enrolls” a finger into the passcode database, only fairly coarse data about the fingerprint pattern is recorded. Extraction of this data and an attempt to reverse-engineer a standard fingerprint image out of it might give you enough data to exclude someone as the owner of that print, but not enough to positively identify the person it belonged to.
Fingerprint scanners of this type are relatively easy to circumvent, although it takes a little time and effort. If the interloper can get a clear print of the enrolled finger, he can use silicone compound to cast a “gummy finger” replica good enough to make the sensor believe it’s the real thing. The iPhone sensor could probably be similarly spoofed, although the devices are too new for someone to have tried it yet.
Unless the iPhone thief has gone to the trouble to capture a fingerprint good enough to make a “gummy finger,” he’s probably not going to get past that security barrier.
Apple has placed some additional safeguards on the fingerprint sensor. Before a user can enroll a finger into the fingerprint reader database, he must first create a backup passcode. If the phone hasn’t been unlocked for 48 hours, or if it has been rebooted, the fingerprint sensor won’t work. The user has to input the passcode to unlock the phone.
The “Find My Phone” App
One security feature Apple hasn’t included, but I’ve seen suggested on some tech sites, is that a fingerprint scan or passcode be required to turn the phone off. This could be a valuable anti-theft measure. Many, if not most, iPhone users have the free “Find My Phone” app installed on their phones.
A user with the appropriate logon credentials can go to the Find My Phone website and get a real-time map of where the phone is located — if the phone is powered on. A thief can make the app useless by just powering down the phone. If a passcode was required to turn the phone off, the phone would be trackable as long as the battery lasted and it could communicate with the network.
I have a lot of data stored on my phone, and have always used a basic passcode to get access. Not long ago, it occurred to me that the basic four-digit passcode was pretty superficial protection, and I changed it to an eight-digit passcode. I’m thinking of changing it again to one that uses a combination of letters and numbers, to make it even more difficult to guess. It’s inconvenient to have to do that, but not as inconvenient as having a thief have access to all the data stored there.
