CrosswordNewsletters
DAILY BEAST
ALL
  • Cheat Sheet
  • Obsessed
  • Politics
  • Crime
  • Entertainment
  • Media
  • Innovation
  • Opinion
  • World
  • U.S. News
  • Scouted
CHEAT SHEET
    POLITICS
    • Fever Dreams
    • Biden World
    • Elections
    • Opinion
    • National Security
    • Congress
    • Pay Dirt
    • The New Abnormal
    • Right Richter
    • Trumpland
    MEDIA
    • Confider
    • Daytime Talk
    • Late-Night
    • Fox News
    U.S. NEWS
    • Identities
    • Crime
    • Race
    • LGBT
    • Extremism
    • Coronavirus
    WORLD
    • Russia
    • Europe
    • China
    • Middle East
    INNOVATION
    • Science
    TRAVEL
      ENTERTAINMENT
      • TV
      • Movies
      • Music
      • Comedy
      • Sports
      • Sex
      • TDBs Obsessed
      • Awards Shows
      • The Last Laugh
      CULTURE
      • Power Trip
      • Fashion
      • Books
      • Royalist
      TECH
      • Disinformation
      SCOUTED
      • Clothing
      • Technology
      • Beauty
      • Home
      • Pets
      • Kitchen
      • Fitness
      • I'm Looking For
      BEST PICKS
      • Best VPNs
      • Best Gaming PCs
      • Best Air Fryers
      COUPONS
      • Vistaprint Coupons
      • Ulta Coupons
      • Office Depot Coupons
      • Adidas Promo Codes
      • Walmart Promo Codes
      • H&M Coupons
      • Spanx Promo Codes
      • StubHub Promo Codes
      Products
      NewslettersPodcastsCrosswordsSubscription
      FOLLOW US
      GOT A TIP?

      SEARCH

      HOMEPAGE
      0

      Experts Say iPhone 5S Fingerprint Security Feature Can Be Hacked

      Thumbs Up

      Experts say Apple’s new iPhone feature can be hacked—and create a nightmare for users. By Winston Ross.

      Winston Ross

      Updated Jul. 11, 2017 7:54PM ET / Published Sep. 13, 2013 7:59PM ET 

      David McGlynn/Getty

      Ask anyone who’s ever lived with a jealous boyfriend or girlfriend: If someone wants to get into your phone, they will find a way to get into your phone.

      That said, it’s worth considering in the wake of Apple’s announcement this week that the next generation of (high-end) iPhones will come with a fingerprint sensor: is that two tech steps forward, or two steps back, if you’re trying to keep your Snapchats from prying eyes?

      Turns out, it’s kind of standing still. While fingerprint sensors might seem like a nifty way to shorten the steps to your next brilliant tweet and keep your buddy from punking your Facebook with a fake status update, they’re more likely to create a false sense of security, thanks to statements like this, from Apple Senior Vice President Dan Riccio, in the introductory video for the new iPhone 5s:

      “Your fingerprint is one of the best passwords in the world. It’s always with you, and no two are exactly alike.”

      Riccio is half-right. Your fingerprint is always with you, and no two are exactly alike. But that doesn’t make it one of the best passwords in the world. That actually makes it a potentially lousy password, says Gene Meltser, technical director for Chicago-based security firm Neohapsis Labs, because there’s nothing you can do to change it, to keep the cyberthugs guessing.

      “All we have are 10 fingers,” Meltser told The Daily Beast. “That means we can only authenticate successfully 10 times. Once that data is compromised, we are for the rest of our lives unable to authenticate.”

      We leave fingerprints everywhere, every day, all day long. Any goober can stick a piece of tape on a greasy thumb depression left on a soda can, peel it off, scan it into a computer, and figure out a way to trick a fingerprint sensor into letting him inside.

      Passwords, on the other hand, are stored (or should be stored) only inside the brain. You don’t walk around all day slapping your PIN code on toilet seats and door handles. And even if you did do that, or you figured out someone had peeped over your shoulder and swiped your password, you could change it, and you’re back in Secureville. If someone grabs your fingerprint, and that’s what you use to get into your phone, they’ll always have it. And unless you find some sweet 007 technique for burning your fingertips off and creating a whole new set, you will not be able to do anything to set a “new” password.

      “If somebody fakes your fingerprint” and then uses that to make a bunch of fraudulent purchases, “you’d have a very hard time proving that person was not you,” Jennifer Lynch, staff attorney at the Electronic Freedom Foundation. “It’s your fingerprint.”

      But wait! Apple says its fingerprint sensors will be activated only by the tips of the fingers/thumb, which is not quite the same pattern as those left on street lamps and steering wheels. Anyone who uses Apple’s Touch ID sensor (that’s the official name) will have to create a backup passcode on the phone that will be necessary any time the device has been rebooted or hasn’t been unlocked for two days. So maybe that resolves the security problem.

      Maybe. But the only truly secure authentication, Meltser says, is a three-legged stool: something you are, something you carry, and something you know. So a fingerprint is something you are, and a password is something you know. But because both of those can be stolen, only the addition of that third thing—something you carry—can truly keep your Instagram safe.

      Something you carry could be something like a “cryptographic RSA token,” a physical dongle that you carry around to authenticate things with, and of course there are very few people aside from corporate spies and very determined cheating spouses who would go to all those steps. But the takeaway is the takeaway: fingerprint sensors don’t make anything more secure. Unless you’re one of those people: “A lot of iPhone users aren’t using a passcode to lock their phone at all,” said the EFF’s Lynch.

      But what about that new M7 chip, also available on the iPhone 5s? The one that aggregates data from the phone’s accelerometer and GPS to use with health and fitness apps, to allow people to record their every jaunt from couch to bathroom? Doesn’t that make us easier to track?

      No, sorry. The phone was already recording all that information, Lynch says. So if it’s going to wind up in an NSA metadata sweep, it’s going to wind up in an NSA metadata sweep. Now it’ll just be easier for you to play with it.

      Speaking of the NSA, what about all those fingerprints being uploaded to some kind of fingerprint database and then getting hacked and forever compromised and used to break into our bank accounts and post bad status updates on our behalves?

      All fair things to be worried about, but not with this pioneering generation of mobile fingerprint scanners. The print will be stored only in the phone itself, not uploaded to cloud-computing systems, says Apple, and even that storage will be an encrypted file.

      Let’s all just remember then what the fingerprint sensor is and what it isn’t. It isn’t more secure, unless you’re pairing it with a password. It is more convenient, which to those of us not buying drugs on Silk Road or philandering with our teaching assistants is probably all we care about anyway.

      READ THIS LIST

      DAILY BEAST
      • Cheat Sheet
      • Politics
      • Entertainment
      • Media
      • World
      • Innovation
      • U.S. News
      • Scouted
      • Travel
      • Subscription
      • Crossword
      • Newsletters
      • Podcasts
      • About
      • Contact
      • Tips
      • Jobs
      • Advertise
      • Help
      • Privacy
      • Code of Ethics & Standards
      • Diversity
      • Terms & Conditions
      • Copyright & Trademark
      • Sitemap
      • Best Picks
      • Coupons
      • Coupons:
      • Dick's Sporting Goods Coupons
      • HP Coupon Codes
      • Chewy Promo Codes
      • Nordstrom Rack Coupons
      • NordVPN Coupons
      • JCPenny Coupons
      • Nordstrom Coupons
      • Samsung Promo Coupons
      • Home Depot Coupons
      • Hotwire Promo Codes
      • eBay Coupons
      • Ashley Furniture Promo Codes
      © 2023 The Daily Beast Company LLC