Thursday, 26 September 2013
Fingerprint Technology from Apple Raises Security Questions
Imagine walking up to the entrance of one of the biggest data centre facilities in the world, placing your thumb on a fingerprint reader, and instantly gaining access with no questions asked. It's the stuff of sci-fi movies and futuristic stories. Or is it?
Thanks to new technology from Apple, this type of security and personal recognition system may not be too far off. Yet, the fingerprinting scheme that is now part of the Apple iPhone 5S is already raising security questions among both technology geeks and politicians.
In the United States, liberal Minnesota senator Al Franken has written a letter to Apple's Tim Cook expressing his concerns. Franken is the chairman of the Senate Judiciary Subcommittee on Privacy, Technology and the Law. His committee is very interested in knowing where the new fingerprinting technology might lead in the future.
Franken's concerns about the technology are legitimate no matter what your political leanings are. Even now there are hackers like istouchidhackedyet.com's Nick DePetrillo and Robert Graham who are offering rewards to anyone who can successfully breach an iPhone 5S using a fingerprint lifted from another source.
If anyone succeeds, and there is no reason to believe it will not happen, it might be possible to steal someone's identity for life just by lifting a fingerprint. So much for secure hosting, encrypted financial transactions, and all of the other security measures we take to protect ourselves. Once someone has your fingerprint, your identity is compromised permanently.
Senator Franken raised this concern, along with others, in the letter he wrote to Apple. He wants to know if fingerprint data could ever be stolen from an iPhone and converted into some type of usable format by hackers. Franken is also concerned that the iPhone 5S may be transmitting sensitive information back to Apple and that any extracted fingerprint information might not be protected by privacy laws.
The security questions surrounding the Apple fingerprinting scheme serves as a wonderful illustration of the principle of being careful with what you wish for. For decades, we have been looking to advances in technology as the best way to ensure security in networking, identity management, and other areas.
Unfortunately, we are forgetting one of the fundamental rules of security: the more complex the system, the more vulnerable it is. If we truly want to go down the road of fingerprint, iris, and facial recognition technology as the best way to ensure digital security, we are opening ourselves to the risk of permanent ID theft that could never be reversed. Once the horse has bolted, there is no getting it back in.
Those who are concerned about where all of this is leading would likely rather see Apple abandon plans for fingerprint-based security until all of the questions can be answered. Yet that is not likely to happen. In the race to be the most technologically advanced smart phone provider, they will undoubtedly press on uninhibited with Android and other manufacturers bound to follow in quick succession...