The introduction of the iPhone 5s has raised issues about using a fingerprint as a methods of securing a mobile phone. Every argument has been made, from fingerprints not being secure to worries about the government creating a large fingerprint database. I even expressed concern over the Constitutional implications of fingerprint scanning.
I’m here to say that all of this hype is overrated. Fingerprints aren’t that big of a deal in both good and bad ways.
Fingerprints Aren’t 100% Secure
The Chaos Computer Club has already been able to circumvent the Touch ID fingerprint system by simply creating a higher-resolution latex copy than what is normally made. Just because the Touch ID sensor requires a higher resolution image does not mean that it’s not looking for the same data that a normal finger print scanner would look for.
Fingerprints are also something that can’t be changed. When a password has been compromised, it is easy to change. With fingerprints, that cannot be done.
Fingerprints Aren’t *That* Protected
Fingerprints can be compelled through a court order, meaning that anything secured behind a fingerprint-only security system can easily be obtained by the government. If a criminal wants into a device protected by a fingerprint, it can be as easy as using brute strength to have the user provide the fingerprint. Or the criminal could knock the victim unconscious. Or the criminal could remove the victim’s finger.
Fingerprints Are Already Out There
Everywhere I go, I leave a copy of my fingerprint. In order to have a job with technology consulting for K12 schools, I had to be fingerprinted for a background check. Think about how many times in your life you already have been fingerprinted. Arrested? Background check? Fingerprinted as a child for a missing child-type event? You’re already in the system.
No, Apple is not transmitting fingerprints to their servers, it’s protecting them in a secured area of the A7 processor, but that doesn’t mean the government doesn’t already have your prints.
You’re Not That Important (Unless You Are)
In a previous job, I worked for a big box retailer selling computer equipment. I oftentimes would be asked by everyday people how secure wireless networks were. While I agree it is important to have ultra-secure wireless networks (because it’s easy enough to do) I would often point out that if someone was sitting in their driveway collecting encrypted wifi data that they had bigger problems.
The same applies to fingerprints. If someone is taking the time to clone your fingerprint then you have bigger concerns than the security of the iPhone 5s. Securing data on a phone should always be viewed as a convenience over security. An iPhone is constantly passing data back and forth to the Cloud and the security of that transmitted data is unknown.
If you have been arrested and the police want to view your phone call history, they won’t get it from your phone but rather the carrier. Again, if the government is after you, you have more important things to worry about than if your phone’s fingerprint scanner is secure.
Most likely, none of these things will happen to you. I know that I’m not that important, and while I make efforts to be secure I do not obsess about security.
If you are that important, you will be securing data differently because you would have had someone to advise you to do so LONG before the iPhone 5s launched with a fingerprint scanner.