Fingerprint-Reading iPhone Seen as Protection Against NSA

Apple’s new iPhone 5s goes on sale on Friday, September 20.  One of the highlighted features of that phone (I believe THE highlight of the phone – see my post from last week: New iPhone is all About Security) is adding a fingerprint reader to the home button for user authentication.

I continue to believe that the iPhone 5s will be the first of many devices that finally make electronic commerce safe.  Up until now, it has been a risky world populated by early adopters and risk takers.  Biometrics (if used appropriately) have the potential of making electronic commerce viable for the general population in a way that allows it to become the standard form of commerce in the future.

Now, is weighing in, lauding biometrics in the iPhone 5s and expecting that most other phone manufacturers will quickly follow suit.  Isn’t adding a new feature and then having it become a standard because it is copied by everyone else the very definition of innovation?

Here is the article: [Link]

Fingerprint-Reading IPhone Seen as Protection Against NSA

By Todd Shields & Allan Holmes – Sep 12, 2013 9:00 PM PT

Glenn Chapman/AFP via Getty Images
Apple, Inc.’s iPhone 5S allows people to use their fingerprints to unlock the smartphones at an iPhone event at Apple’s headquarters in Silicon Valley on Sept. 10, 2013 in Cupertino, Calif.

Apple Inc. (AAPL)’s use of fingerprint scanning in its new iPhone models could lead more device makers to adopt the authentication method as a successor to passwords – – and that’s fine with privacy advocates.

The introduction coincides with the rise of cybercrime and revelations that the U.S. National Security Agency has intercepted Internet communications and cracked encryption codes on devices including the iPhone.

Apple said that on the new iPhone, information about the fingerprint is stored on the device and not uploaded to company networks — meaning it wouldn’t be in data batches that may be sent to or collected by U.S. intelligence agencies under court orders.

“They’re not building some vast biometric database with your identity associated with your fingerprint that the NSA could then get access to,” Joseph Lorenzo Hall, senior technologist with the Washington-based Center for Democracy & Technology, said in an interview. “That’s a good thing.”

The iPhone 5S uses a sapphire crystal to read a user’s fingerprint to unlock the phone, Apple said Sept. 10 as it unveiled the model that’s to go on sale Sept. 20 in stores.

Apple’s use gives the technology an endorsement that will probably lead other mobile phone makers such as Samsung Electronics Co. and HTC Corp. (2498) to include biometrics in their products, said Avivah Litan, a technology analyst at Gartner Inc., the Stamford, Connecticut-based research company.

“This is an inflection point because companies are looking for better ways to authenticate users,” Litan said in an interview. “This is an important milestone.”

Biometric Boom

Before Apple unveiled the iPhone 5S, stocks of biometric makers were on the rise in anticipation the phone would incorporate fingerprint authentication. Over three weeks, shares ofPrecise Biometrics AB (PREC), a maker of authentication equipment in Lund, Sweden, increased 69 percent and Fingerprint Cards AB (FINGB), another Swedish maker of biometric security solutions, moved up 52 percent.

Biometric identification systems, including voice and iris scans, usually are harder to defeat than passwords, which can be stolen or deciphered.

Biometrics could be used in mobile applications for banking and online buying in about 18 months, Litan said.

“Banks and e-commerce companies are taking advantage of these technologies and are already experimenting,” she said.

Jennifer Lynch, a staff attorney with the San Francisco-based Electronic Frontier Foundation’s digital rights group, said there aren’t regulations surrounding the collection of biometric data.

FTC Scrutiny

If companies don’t adequately safeguard information they may face action by the U.S. Federal Trade Commission, which monitors fair business practices, Lynch said.

Apple, by not pulling fingerprint information into its databases, is making it “extremely difficult” to steal information stored on the device, Anil Jain, a computer scientist at Michigan State University who conducts biometrics research, said in an interview.

A hacker or intelligence agency would have to break into the smartphone, find a way into the secure chip where fingerprint information is kept, download and decrypt the scrambled data, and then recreate an image of the print.

“It’s a pretty complicated process,” Jain said.

Nothing is quite hack-proof, he said. “If you spend enough resources on it, anything is possible.”

The German magazine Der Spiegel on Sept. 7 reported the NSA cracked encryption codes to listen in on the 1.4 billion smartphones in use worldwide, including the iPhone.

‘Bigger Problems’

“I’m sure that someone with a good enough copy of your fingerprint and some rudimentary materials engineering capability — or maybe just a good enough printer — can authenticate his way into your iPhone,” wrote security researcher Bruce Schneier, in a blog before the iPhone 5S was unveiled. “But, honestly, if some bad guy has your iPhone and your fingerprint, you’ve probably got bigger problems to worry about.”

No two fingerprints are alike, which helps make them a strong security feature, Dan Riccio, Apple senior vice president for hardware engineering, said in a video the company released to explain the technology.

“It’s never available to other software, and it’s never stored on Apple servers or backed up to iCloud,” Apple’s Web-based sharing system, Riccio said.

‘Unquenchable Thirst’

Teresa Brewer, an Apple spokeswoman, didn’t say whether the company could gain access to the fingerprint data. “All fingerprint information is encrypted and stored securely in the Secure Enclave inside the A7 chip on the iPhone 5s; it’s never stored on Apple servers,” Brewer said in an e-mail yesterday.

Not everybody is sanguine about fingerprint capture.

“It reflects unquenchable thirst for swallowing as much consumer data as possible,” Jeffrey Chester, executive director of the Center for Digital Democracy, a Washington-based privacy group, said in an interview.

“This whole notion that people’s body parts can be added to the data profile is troubling, and it needs to be looked at,” Chester said. “Will the data be used to unfairly discriminate when you interact with a health app, for instance?”

To contact the reporters on this story: Todd Shields in Washington at; Allan Holmes in Washington at

To contact the editor responsible for this story: Bernard Kohn at


Tags: , , , ,

2 responses to “Fingerprint-Reading iPhone Seen as Protection Against NSA”

  1. Subir kumar says :

    Germany’s Hackers success to bypass the Apple Touch ID protection

    • Graham Burnette says :

      I think the question is not “is the iPhone 5s fingerprint reader 100% secure?” as much as it is “is the iPhone 5s with a fingerprint reader more or less secure than another phone without a fingerprint reader?”

      The technique described in the article referenced in the comment above takes a good bit of skill, and requires a very clean starting print. That latex film has to be pretty thin, and the user has to be careful not to damage or deform it when applying it to a finger.

      It’s considerably more effort than shoulder-surfing to get someone’s PIN or passcode.

      The fingerprint lock is still both easier to use and more secure than the four digit passcode. Just bear in mind that if the bad guys are able to both get a clean print from you and gain possession of your phone, that you may have greater personal security issues than the robustness of a fingerprint lock.

      The real advantage of the fingerprint lock is the ease of use, and the likelihood that a larger percentage of new iPhone users will be locking their device. As I’ve mentioned before, with the device locked, the FLASH memory is AES-256 encrypted, and data is only decrypted within the A7 chip. This makes ‘dumping’ the device memory useless, as all the memory reader gets is encrypted data. The automated PIN crackers that are normally used by police and criminals on iPhones to unlock them in 20 minutes won’t work with the fingerprint lock. They’ll need to retain your phone and get a clean print from you.

      The sort of criminals who do ‘Apple picking’ snatch and grab thefts aren’t likely to escalate to kidnapping and trying to force the owner to unlock the device or supply a clean print. That is a lot of risk to take on for something worth maybe $200 from a fence or less on a street-corner sale.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: