Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
The latest iPhone has caused quite a stir and raked in major sales for Apple within the first few days of its release. But within just 2 days of its release, serious vulnerabilities in the new mobile OS were reported. Now we take a look at the Touch ID fingerprint scanner and whether or not it is secure. Combined with a good mobile VPN, this makes the iPhone 5 secure both off and online.
Hotspot VPN for Online iPhone Protection
Almost everybody regularly uses their iPhones to connect to the internet. A lot of iPhone users have their accounts all synched up for easier access and convenient sharing. This poses a huge security risk if users are connecting to WiFi hotspots and other unsecured networks. The convenience provided to users through modern mobile phone technology provides a clear route for cybercriminals to get at data. All they need is one item of information and they can find their way through connected accounts to get anything and everything they want.
Hotspot VPNs have long been known as very effective tools for online security, especially when using unsecured WiFi connections. They are not made for securing data accessed physically through the device. So, combining this with Apple’s new Touch ID fingerprint scanner looks like a nice security pair-up. Let’s take a look at the biometric technology behind Touch ID and see if we have a solid physical security to back up hotspot VPN technology.
Biometric Technology for Physical Device Protection
Apple has marketed the iPhone 5 through the Touch ID feature which promised to be an innovative technology for securing the phone with one touch of your finger. But fingerprint scanners aren’t new, and there is a long list of vulnerabilities associated with them. Apple bought AuthenTec to use for its biometric security feature, Touch ID. AuthenTec is rumored to be one of Apple’s biggest expenses, but this doesn’t necessarily mean that it works better than its predecessors.
The Touch ID fingerprint authentication system works by swiping your finger over a slit-sized reader to have the phone recognize you. It is meant to provide users with a very simple and convenient way to secure their iPhones. Keys don’t work too well because they can get lost or stolen. Passwords don’t have a great track record because they are easily forgotten and lifted when they are stored electronically. Touch ID was appealing to a lot of people because it is a neat piece of technology that they can easily use, don’t need to remember and can’t forget, and will never be without. But a lot of privacy-conscious consumers and security experts who have experience with fingerprint scanners are concerned about how secure it really is.
The most pressing concern about biometric security systems is the secret factor. Fingerprints are not secret, but the exact opposite. Fingerprints are kept on record at a variety of government offices and are easily duplicated with the right technology. Your fingerprint is a great unique identifier that can tell the phone conclusively that you are indeed the owner. But your fingerprint is not like a key that is held by only you, or a password that is known only to you. In fact, there is very likely a good copy of your fingerprint right on your iPhone.
Another concern has to do with the sophistication of the biometric system that Apple used. The most simple systems read the ridges of a finger and can be fooled with a clear print or photocopy of a fingerprint. Other systems check for the existence of pores or verify pulse and finger temperature. But these too have been fooled with casts made of rubber and gelatinous material. The best biometric systems used in the US today still have a safeguard – an actual guard to make sure people aren’t trying to fool the reader. Biometric security is not fool-proof.
Biometric security can fail by either allowing unauthorized access or denying authorized access. Security experts have dealt with numerous cases of both. Consumer reviews and articles about various existing fingerprint scanners have also documented cases of either how they fooled the scanner or how the scanner locked them out of their phones. In any case, one failure is as bad as the other. Either a hacker accesses your data and you become a victim of crime or you can no longer access your data or use your phone.
The Chaos Computer Club published a video detailing how they were able to fool the scanner on the iPhone 5S. No special technology was used, just a “high-resolution picture of the fingerprint, a laser printer and some glue.” (Read the article here). The biometric authentication can also be bypassed by using Siri and accessing the Control Center. (Read more about this here). If biometric authentication can be hacked with a good copy of your fingerprint and a few common materials, it is not a good security measure. And if there is a possibility that it could lock you out of your phone forever, then it may not be wise to use it at all.
A third important concern about biometric systems is the database it uses to authenticate users. This database contains all the biometric information necessary to access various devices. If the database is hacked, the data is vulnerable. Apple’s system is reported to be local, so only the phone has your biometric data. On this level, at least, the data is secure.