Filed Under:

Key To Unlocking Your Phone? Give It The Finger(print)

Play associated audio

The first note I sent out after Apple announced it was including a fingerprint scanner in the new iPhone 5s was to Charlie Miller.

Miller, who learned how to hack at the National Security Agency and now works in security for Twitter, has hacked connected cars, wireless connections and NFC devices. But what he's best known for — what he seems to enjoy more than almost anything else — is hacking into Apple.

So I was curious. If Apple is rolling out a fingerprint scanner as a way to replace passwords, exactly how long would it be until Miller got to work trying to figure out how to exploit the system?

It is undeniable that passwords are only a half-effective form of security. They are a pain. Apple says roughly half of iPhone users don't even bother to set them up. Your password could be guessed, broken with brute force or stolen.

No one will mourn the end of the password, which no doubt is why Apple is pinning its hopes for the 5s to a fingerprint scanning system, called Touch ID, that could make passwords obsolete.

Apple spent more than $350 million to buy AuthenTec last year. AuthenTec owned a number of security patents, including some covering fingerprint scans.

But Apple isn't the first smartphone manufacturer to try this — and fingerprint scanning isn't foolproof.

In 2011 Motorola release a phone with a scanner. Joshua Topolsky, then writing for Engadget, had this to say:

"As far as truly unique hardware goes, the fingerprint scanner seems fairly novel — but in practice it's a little frustrating. It does work as advertised, but being told to re-swipe your finger if it doesn't take when you're trying to get into the phone quickly can be a little bothersome. Unless you really need the high security, a standard passcode will suffice for most people."

A key test for Apple will be whether its version of this technology just works.

But now, with a fingerprint scanner built into the iPhone 5s' home button, biometrics are taking a big step into a much bigger ecosystem. And the scan won't just be used to start the phone. Apple says you'll also be able to confirm purchases in the App Store using a print instead of your Apple ID password. But — for now at least — don't expect to pay for anything outside of Apple's ecosystem with your finger. App developers will not have access to the scan.

Apple did do its best to assure consumers that the fingerprint data it collects from users will be kept safe and private. The scanned print won't be uploaded to Apple's iCloud. Instead, it will be stored in a secure "enclave" on the iPhone, and Apple says the data will be encrypted.

"I don't think the encryption will be a big hurdle for a hacker," Miller said. "Apple is going to have to compare that encrypted data with a new scan before they unlock the phone. So they are going to have to decrypt it at that point. You could re-engineer that process."

"Of course, doing any of this is difficult," Miller added. "You have to remember you are starting with a phone that's locked and you can't get past the pass screen."

Nonetheless Miller said, in terms in terms of overall security, adding fingerprint scanning is only likely to make iPhones easier to break into.

"They are not going to do away with the pass code entirely," he explained. "So, really, by creating another way to unlock the phone they have created another access point for a hacker to try and exploit."

If the 5s sells as well as its predecessors it's conceivable that 100 million people could be using fingerprint scanning with the year. And that has already raised some privacy questions.

If you are worried about someone, like the police, getting a copy of your prints, there are probably easier ways than hacking your phone. After all, if the authorities have your smartphone they could probably lift a print from the glass screen the old-fashioned way — by dusting for one.

Copyright 2013 NPR. To see more, visit http://www.npr.org/.

NPR

Writer Gabriel Garcia Marquez, Who Gave Voice To Latin America, Dies

The master of magic realism was the region's best-known writer. His novels were filled with miraculous events and characters; love and madness; wars, dreams and death. He died Thursday at 87.
NPR

Consider The Can: An Unlikely Twist On A Louisiana Dish

When Poppy Tooker was a kid, her favorite dish was her great-grandmother's Peas in a Roux. Only years later did Tooker discover that canned peas — not fresh or frozen — were the key to the recipe.
NPR

Chelsea Clinton Says She's Pregnant

The 34-year-old daughter of former President Bill Clinton and former Secretary of State Hillary Clinton says she and husband Marc Mezvinsky are "very excited."
NPR

Ohio's Law Against Political Lying Heads To Supreme Court

Can a state law prevent political campaigns from doling out misinformation? Guest host Celeste Headlee learns more from The Plain Dealer's Sabrina Eaton.

Leave a Comment

Help keep the conversation civil. Please refer to our Terms of Use and Code of Conduct before posting your comments.