Smartphone Fingerprint Security

picture courtesy of dmacc.edu
picture courtesy of dmacc.edu

Apple’s iPhone 5S includes fingerprint scanning technology called Touch ID to unlock the phone and make purchases in iTunes. Some are calling it the key to the future of your Smartphone – a more secure way to authenticate mobile transactions and protect your data from theft if your phone is lost or stolen. Others are concerned about the privacy of users, worried that fingerprints will be kept on record at Apple or made available to 3rd party software developers.

Smartphones let you bring your photos, email, and social media everywhere you go. Many use Smartphones for mobile banking, shopping and storing important but private information. In spite of the wealth of data stored on a Smartphone, Apple reports that half of all iPhone users don’t use the passcode lock feature on their phone. This leaves their information vulnerable should their phone be lost or stolen.

Many users report that it’s just too cumbersome to tap in a passcode every time they unlock their phone. The biggest benefit of using a fingerprint scan to unlock your phone is its simplicity. While critics insist that even fingerprint security is vulnerable to hacking, it’s certainly more of a deterrent to a common thief than having no lock on your phone at all.

Could a thief could lift your fingerprint from elsewhere on the phone and use it to unlock the device? Touch ID uses a capacitive sensor in the steel ring around the home button to ensure that only materials of certain conductivity will register. The sensor uses data from your finger’s sub-epidermal layer, not just the surface, making it much more difficult to replicate.

Could someone hack your phone and get access to your fingerprint data? According to Apple’s website, instead of just using a photo of your fingerprint, Touch ID “creates a mathematical representation of your fingerprint and compares this to your enrolled fingerprint data to identify a match and unlock your iPhone.” Touch ID doesn’t store any photos of your fingerprint and it isn’t possible for your fingerprint to be reverse-engineered from this mathematical equation.

Could a hacker get access to my fingerprint data where it’s stored on Apple’s servers? Fingerprint data is encrypted and is stored in a unique area of the phone’s memory chip, walled off from the rest of the operating system. According to Apple, “your fingerprint data is never accessed by iOS or other apps, never stored on Apple servers, and never backed up to iCloud or anywhere else.”

Could this fingerprint data be used to identify me using other fingerprint databases? Because it’s a mathematical equation, not your fingerprint itself, only Touch ID can use the data. Apple assures users that it can’t be used to match your fingerprint against other fingerprint databases.

Apple insists that the company has no immediate plans to allow 3rd party app developers access to Touch ID in order to incorporate fingerprint authentication in their programs. However, having the fingerprint scanner built into the phone offers some intriguing future-use security. Passwords or passcodes are relatively easy to hack, and many users allow their device to auto-login to avoid entering a password every time. If it proves reliable, fingerprints would be a much safer way to authenticate your identity for mobile banking, online purchases or any app that maintains your personal data.

The implications for using your Smartphone as a mobile wallet are also promising. No more easily stolen credit card numbers – use your Smartphone to pay for purchases both online and in-person while trusting that only you can access your money.

As a form of personal identification and transaction authentication, fingerprint scanning could be the future of mobile security. For now, it makes securing your iPhone from thieves easier than ever before.

About The Author: Andrea Eldridge is CEO and co-founder of Nerds On Call, an on-site computer and laptop repair service company for consumers and businesses. Andrea is the writer of two weekly columns; Computer Nerds On Call, a nationally syndicated column for Scripps-Howard News Service, and Nerd Chick Adventures in The Record Searchlight.