How safe is iPhone's fingerprint scanner?

When Apple announced a fingerprint scanner as a security feature on its new iPhone, people had a lot of questions. Some people wondered if it's safe from hackers. Others wondered if your fingerprints should be stored in a government database.

Apple on Tuesday unveiled two new iPhone models, one of them a top-of-the-line 5S with innovative features including a fingerprint sensor to use as a security measure in place of passcodes.

This could jump-start a new era of smartphone security and strip away fear of tending to banking or other business on mobile devices.

"The touch ID sensor quickly reads your fingerprint and automatically unlocks your phone. You can just press the home button to unlock your phone," Apple vice president Phil Schiller during an event at the company's Silicon Valley headquarters.

"You can use it to authenticate iTunes purchases." Schiller added: "We have so much of our personal data on these devices, and they are with us almost every place we go, so we have to protect them."

But is fingerprinting safe from hackers and the growing risk of identity theft?

Security researcher Marc Rogers warns that it depends on how the software giant implements the technology. 

Apple has clearly thought about this, because the data is not going to be stored in the cloud, so there's not going to be a giant database of lots of people's sensitive information that would be a prized target of hackers or enemy state hackers.

Mr Rogers says fingerprinting is convenient for users and will be a boost to the mobile industry. "It could open a really huge universe of opportunities".

But computer security specialists note that fingerprint security is not flawless, and resourceful hackers will still craft attacks.

"Your fingerprint isn't a secret, you leave it everywhere you touch," said security researcher Bruce Schneier.
Fooling some of the better fingerprint sensors with rubber fingers is difficult, but possible, according to Schneier, who noted that a researcher in Japan managed the trick more than a decade ago with candy gelatin used to make Gummi bears.
"The best system I've ever seen was at the entry gates of a secure government facility," Schneier said.
"Maybe you could have fooled it with a fake finger, but a Marine guard with a big gun was making sure you didn't get the opportunity to try."
Touch ID also prompted speculation about movie-style scenarios in which someone's digit is lopped off to unlock a stolen smartphone.
Security specialists thought the gruesome tactic unlikely, especially since PIN code access will likely remain in place as a way to get access to a smartphone if something goes wrong with the fingerprint scanner.
"It's inconceivable that malicious hackers and data thieves won't try to subvert Apple's Touch ID fingerprint scanning technology," security researcher Graham Cluley said.
"How capable they will be at doing that, remains to be seen."

New biotech mapping opportunities are already in the making.

Vascular technology uses infrared light to reflect patterns of blood vessels. And iris recognition is also being developed.

Eye-mapping is said to be faster and more accurate than fingerprinting. "You have fingers that are about 1 in 64 billion, while iris accuracy is about 1 in 1 trillion," said Mr Rogers.

Source: AFP, CNN