Connect with us

Hi, what are you looking for?

Apple

What security researchers think of iPhone 5S fingerprint scanner

While the API for the scanner is not currently open, the implications of the technology could be huge for the adoption of two factor authentication beyond the enterprise.

Apple has announced the long awaited iPhone 5S and iOS 7. The new smartphone packs a lot of new specs, but the star of the show from a security researcher’s perspective was undoubtedly the biometric fingerprint scanner, Touch ID . While the API for the scanner is not currently open, the implications of the technology could be huge for the adoption of two factor authentication beyond the enterprise. 

iPhone 5S

As mentioned in FortiGuard’s Midyear Threat Report, two-factor authentication (2FA) is expected to replace the single password sign on security model. While adoption of 2FA has seen some mainstream usage in applications like Twitter, Dropbox, Evernote, and Facebook, it has yet to fully replace the convenience of single factor.

After Apple’s announcement, what do threat research experts think of this biometric introduction?

Guillaume Lovet, senior manager, FortiGuard Threat Response had this to say: “From the point of view of a cybercriminal who has trojanized your phone, there is little difference between a fingerprint and a password. If the device is compromised, it can intercept and reuse the digital form of both (say, to complete a money transfer), which boils down to a series of 0s and 1s.”

Advertisement. Scroll to continue reading.

While Apple claims there to be a dedicated stronghold within the new A7 processor where this data will be stored, a breach into that secure layer would usher the biometric authentication method complete useless.

Guillaume added: “From a security point of view, it would be interesting to check if fingerprints carry enough information bits to be used more like a private key (likely protected by a password), that you cannot lose, don’t have to generate and is kind of universal.”

While the fingerprint scanner packs quite a punch at 170 micron thin 500 ppi resolution and the ability to scan sub epidermal skin layers, if the information is stolen, the possibility of using the data like a private key would be moot.

Richard Henderson, a security strategist for FortiGuard Labs, voiced some advice on the topic. “The reality here is that, while Apple is the first to implement a biometric method of authentication on such a wide scale, this is being sold and used strictly as a convenience – not as an additional layer of security,” he said.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well...

HEADLINES

Financial phishing attacks are rapidly increasing in the country as cybercriminals continuously evolve and adapt their tactics, making them sophisticated. The number of attacks...

HEADLINES

A Scale of Harm study by the International Justice Mission revealed that almost half a million Filipino children were trafficked to produce new child...

HEADLINES

Yondu launched an extensive, month-long cybersecurity awareness campaign focused on modern threat detection, incident response, and social engineering defense.

ELECTRONICS

Philips EasyKey partnered with Megaworld and equipped their world-class properties with only the best-in-class smart locks we have on offer, the Philips EasyKey 9300.

HEADLINES

The PLDT wireless unit is also calling on customers to report these messages to Smart’s HULISCAM portal for further action.

HEADLINES

Here are some tips from Sophos for staying secure online during the cybersecurity awareness month.

Tablets

The ultraportable iPad mini is more capable and versatile than ever with the powerful A17 Pro chip and support for Apple Pencil Pro.

Advertisement