What Are the Security Implications of the iPhone 5S’ Fingerprint Feature?


Between big announcements about the new brightly-colored $99 iPhone 5C and the shiny new gold iPhone 5S, Apple revealed during its 2013 Worldwide Developers Conference today that the high-end phone will feature a fingerprint sensor, called Touch ID, that will allow consumers to unlock the device without using a password. For anyone concerned about technology and privacy, this new feature has raised some red flags. But how concerned should you really be?

Before today’s announcement made the fingerprint rumor official, Wired’s Bruce Schneier warned against the dangers of Apple’s “biometric authentication” getting hacked. “If the system is centralized,” he wrote, “there will be a large database of biometric information that’s vulnerable to hacking.” But, he predicted, “A system by Apple will almost certainly be local — you authenticate yourself to the phone, not to any network — so there’s no requirement for a centralized fingerprint database.”

The Washington Post’s Brian Fung also raised legal concerns regarding the feature, writing, “Even if the iPhone stores your fingerprints locally, will Apple still have access to the prints on your device? If so, then the company would likely begin to see law enforcement requests for the prints, much as some Internet companies reportedly have received government requests for user passwords in the past.”

As Apple CEO Tim Cook indicated in his announcement, Apple will be keeping the authentication local, with no information sent or stored online or kept in a centralized database. In the promo video accompanying the release, engineers describe how the fingerprint scan works and how the information is stored.

“All fingerprint information is encrypted,” the voiceover says, “and stored inside the secure enclave in our new A7 chip. Here it is locked away from everything else, accessible only be the Touch ID sensor. It’s never available to other software and it’s never stored on Apple servers, or backed-up to iCloud.”

Apple also confirmed that he optional feature will only allow users can use to activate their phone as well as purchase media from the iTunes store and has not been made available for use for third-party app developers. As the Wall Street Journal pointed out, “Banks and payment companies, for example, would love this stuff.”

Of course, all of this being said, it doesn’t mean Apple won’t retain the ability to collect the biometric information at some point. And if the NSA requests access to it down the road, will the company really be able to say no? Comments and jokes surrounding the iPhone fingerprint feature and the NSA have been flying around Twitter since the announcement was made earlier this afternoon. Here’s a sampling of the concerns out there, whether real or imagined, serious or in jest.

Watch Apple’s iPhone 5S promo video below:

[photo via Apple]

— —

>> Follow Matt Wilstein (@TheMattWilstein) on Twitter

Have a tip we should know? tips@mediaite.com

Filed Under: