iPhone 5S fingerprint scanner more convenience than security technology: expert
TORONTO – Tech giant Apple is trying to capitalize on a growing demand for security on mobile devices with the addition of a fingerprint scanner on its new iPhone 5S, but the high-tech security feature is garnering mixed reaction from security experts.
The technology, dubbed “Touch ID,” uses a thin scanner underneath the iPhone’s home button that automatically recognizes a user’s fingerprint to unlock the device. Users will even be able to authorize purchases through the iTunes and App stores on their phone using the scanner.
Apple believes the biometric technology – using identifying features (like fingerprints) from humans to authenticate actions on devices – will be a convenient yet secure way to access the device, ridding users of the need to have a password on their phone.
But Karl Martin, CEO of Toronto-based biometrics firm Bionym, believes that the technology is targeted as more as a convenience technology than a security technology.
“In the security world this is called a one-factor system – meaning all you need is your fingerprint to get in,” Martin, an expert in biometrics and privacy, told Global News.
“Over the past few years there has been an acceptance in the security community that no system that could be considered secure should be based on a single factor – that somehow there should be multiple factors.”
Two-factor (or two-step) authentication has become increasingly popular in the online world.
Social networking sites such as Twitter and Facebook, along with Internet companies like Google use two-step password authentication to ensure users accounts aren’t hacked.
Twitter, for example, sends a text message to the user’s phone after they enter their password on the site – the user must then enter the verification code sent to them via text to complete their sign in.
Martin also cautions that fingerprint scanners have been easy to fool in the past.
“Another problem about using a fingerprint as a key is you leave that everywhere; every surface you touch you are leaving that key on that surface,” said Martin.
“So, while we don’t have the iPhone in our hands yet to see how easy it is to spoof, existing fingerprint technology has been demonstrated time and time again that it doesn’t take that much to copy and a gel casting of the fingerprint.”
This technique is often referred to as the “gummy bear hack” – where people try to fool biometric readers by using gelatin-based candies to copy a fingerprint.
Though other experts argue that this technique would be too much effort for hackers, Martin notes that when it comes to security it’s important to weigh every possibility.
Other experts say that the convenience of the technology will help users be more inclined to secure their devices.
Michelle Warren, president of Toronto-based tech analysis firm MW Research & Consulting, believes that Apple is targeting a large base of users who struggle with remembering passwords. This, she says, leaves room for the user to become lax about using a password on the device – leaving it open for anyone to access the information inside.
However, Warren noted that these consumers still recognize the need for security – which makes Touch ID a very convenient, easy way for people to secure their device.
“If we extend that out to the average consumers that don’t bother with password protection on their phones, this biometric reader allows them to swipe their finger very easily and it secures the device,” Warren said.
“Right now devices are secured by passwords, or some Android devices have the lines where you draw a password, but this is a very easy-one step process to secure their phones.”
Sebastien Taveau, CTO of Validity Sensors at the Fast IDentity Online Alliance, echoed that the technology is very convenient for consumers – noting that most hackers won’t be inclined to go through the trouble of copying a fingerprint to gain access to a single device.
Biometrics to become more and more common in devices
Though Apple is not the first tech company to use biometrics in a device – Motorola included a fingerprint scanner in a phone in 2011 and laptop-makers such as HP have also made use of the technology – Touch ID has reignited the excitement about biometric technology.
Taveau noted that though Apple’s announcement came as no surprise to those in the industry, it’s a positive boost for those working in biometrics.
“They are making the effort to educate their consumers [about this technology] but also the market, so it’s a big boost for the industry,” Taveau told Global News.
Martin also believes that Apple’s use of biometrics will ignite an interest in consumers.
“Unlocking phones is one just use among many; the idea is that your identity is useful for so many things and having very personal experiences with all the technology you use I think is a broader and more interesting use for consumers,” said Martin.
Martin’s company Bionym, founded over two years ago, focuses on novel biometrics such as the first wearable authentication device that uses a person’s electrocardiogram (ECG) to validate someone’s identity.
He believes that consumers are going to see the implementation of more biometrics in their devices thanks to the wearable tech boom.
“There is certainly a lot of experimentation going on, in the past couple of years we have seen things like body-odor based biometrics – which I don’t think is going to take off any time soon – but it shows there is a lot of experimentation there,” said Martin.
“It’s in line with the trend in wearable tech… having sensors that are all about monitoring you and what you are doing.”
Update: This article has been updated to reflect the correct name and title of Bionym CEO, Karl Martin.
© Shaw Media, 2013