Apple iPhone fingerprint scanner raises security worries

Apple iPhone fingerprint scanner raises security worries

Summary: Should we trade our biometric data and privacy for the sake of convenience?

Credit: Apple

Has Apple managed the fine line between security and convenience? Some security experts aren't so sure.

Speaking to German publication Der Spiegel, Hamburg Commissioner for Data Protection and Freedom of Information John Caspar believes that the use of biometric technology for the sake of consumer convenience could become a hacking treasure trove, granting them access to permanent data which cannot be deleted or changed.

Biometric technology is used to verify a person's identity based on their physical or behavioral characteristics through digital means. Identifying features including a fingerprint, retina scan and facial features are key markers and are used in surveillance, laptops, smartphones and passports. These physical elements cannot be altered in the same way as a traditional password, and therein lies the worry associated with putting such data on a mobile device.

Caspar told the publication:

"Biometric features you can not delete. [It is] life long. Fingerprints should not therefore provide for everyday authentication method, especially if they are stored in a file."

Apple's Touch Id fingerprint scanner for the recently announced iPhone 5s -- which already has Japanese consumers queuing up around the block -- allows users to scan their fingerprint to access the iPhone and download media or apps from iTunes without the need to type in a PIN code. 

The Cupertino, Calif.-based firm has attempted to soothe privacy worries associated with the use of biometric data in mobile devices by starting that information gathered by the feature, Touch Id, will only be stored on the device and will be encrypted rather than saved as an image of the fingerprint.

However, Caspar remains unconvinced, saying that while the iPhone's fingerprint readings would only be stored on the device and not on centralized servers, cyberattackers who compromise a smartphone through malicious applications could still be able to access the biometrics. The IT commissioner said:

"The current user is not in a position to control what his applications do with the information he puts in them."

While the technology may be quicker for consumers than traditional PIN codes, biometric scanning is still dogged with problems. Motorola first launched its Atrix smartphone with the technology, but reportedly dropped it as consumers complained of errors. A report published on Elcomsoft's blog highlighted a "huge security hole" with fingerprint-based security in laptops sold by companies including Acer, ASUS, Dell and Samsung, and retina scanners used at U.K. airports were dropped following errors and slow processing rates.

The introduction of biometric data in to the mobile device industry has also raised privacy worries in the United Kingdom, relating to its potential use as a way to track employees. A British trade union, the London chapter of the National Union of Rail, Maritime and Transport workers (RMT) -- which represents London Underground cleaners -- has instructed its members to refuse to use biometric fingerprinting devices to clock in to and out of shifts.

The union says that such methods to keep an eye on staff activity is a "draconian attack on civil liberties" after receiving almost unanimous support for industrial action, short of strikes.

Fingerprint scanning may be a useful tool for businesses, but as Caspar told the publication, biometric data is a permanent feature of a person, and storing such data is fraught with risk:

"Furthermore, [it is] the principle of data minimization. If it doesn't have to be there, remove the biometric data, no matter how convenient it might be."

Apple is not the only company looking at the potential of merging biometrics and mobile technology. in a recent images leak, the rumoured HTC One Max appears to also come equipped with a fingerprint scanner on the back of the smartphone.

Topics: Security, Apple, Emerging Tech, iPhone, Smartphones, Tablets

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Re: The IT commissioner

    As in someone who receives a commission.
    Has this guy asked Apple for his percentage, and is now angry that they dared to refuse?

    It is pathetic how people claim things they know nothing about.
    • Evidence of Irony deficiency

      • Good one!

        Harvey Lubin
        • "Belief" is NOT a synonym for "fact"

          "John Caspar believes that the use of biometric technology for the sake of consumer convenience could become a hacking treasure trove, granting them access to permanent data which cannot be deleted or changed."

          The operative verb there is "believes"!

          Mr. Caspar is a FUD generating machine, spouting misinformation based on his lack of knowledge about Apple's security measures, combined with his own fear-mongering conspiracy theories.

          Quotes from recent articles that DO provide factual information:

          "There are numerous reasons Apple moved to the A7 processor. One reason is the hardware requirements of Touch ID. To economically create the Secure Enclave, Apple needed a processor that is already aware of the concept of encryption and security at a native level and has the dedicated hardware to make a segregated and secure area with in the processor architecture.

          About three years ago ARM began to look into this very issue. and through a number of partnerships created what is now known as TrustZone/SecurCore [4]. TrustZone technology is tightly integrated into the A7 processor and extends throughout the system via the AMBA AXI bus and specific TrustZone System IP blocks. This system approach means that it is possible to secure peripherals such as secure memory, crypto blocks, keyboard, screen and sensors to ensure they can be protected from software attack. "

          "The key to the security is that this is not just conceptual, handled at a software level, but is a fundamental part of the design of the hardware: embedded right into the A7 chip."

          "The chip is running two completely separate systems, with the biometric data handled only within the secure world, and a simple yes/no response handed to anything running in the normal world. So when you authenticate an iTunes purchase with your fingerprint, neither iTunes nor the app has any access to the fingerprint data: all it knows is whether the secure world passed back a yes or a no. That’s standard for any secure system, but it’s the first time that such an approach has been built in at the hardware level."
          Harvey Lubin
  • Social Security Numbers

    Thirty years ago, people would etch their belongings with their social security number, so that if stolen, could be recovered more easily. Nowadays, those same social security numbers are like a identity thief's wet dream and the last thing that you would ever do, is permanently mark it on your possessions.
  • u can change a pin

    u can't change a fingerprint. and u only have 10 of them. Unless ur going to use ur toes. Great thinking Apple.
    Frank Barreca
    • Pathetic

      Wow you're pathetic. Biometrics have been around for at least a decade and some of the most secure places use it, but as soon as apple puts it in the iPhone it's a bad idea. I feel bad for brainless anti-apple zealots like yourself.
  • What could possibly go wrong

    Encryption can be broken, The fingerprint scanner can be hacked and or spied on. iTunes can be hacked and or spied on. The authentication module can be hacked or spied on. The encryption key can be compromised. The phone could be rooted or jail broken.

    It's unwise to blindly trust. If anything can go wrong it will.
    • Your conservatism might be rewarded. However, give the iPhone 5S

      a month of general availability in order to prove or disprove all the speculation surrounding this tech. We will know by then.
    • What could possibly go wrong?

      Your concerns about Apple's fingerprint ID technology belie a lack of understanding of the fundamental difference between this solution and previous fingerprint ID implementations.

      > Encryption can be broken

      Not relevant. The encrypted data never leaves the secure are of the A7 chip. Even if it wasn't heavily encrypted (and it is) you can't get at it. Apple can't see it or record it, even if they wanted to.

      > The fingerprint scanner can be hacked and or spied on.

      No, it can't. Not unless the perpetrator has physical access to the inside of the phone and can replace the fingerprint scanner hardware. Not likely. But it cannot be hacked via software.

      > iTunes can be hacked and or spied on.

      Not relevant. iTunes does not have access to your fingerprint data. All it (or ANY other software, including the OS) can get back from the fingerprint scanner is a "Yes" or "no".

      > The authentication module can be hacked or spied on.

      No, it can't, barring physical access to the phone's hardware.

      > The encryption key can be compromised.

      Not relevant. See "encryption can be broken" above.

      > The phone could be rooted or jail broken.

      Not relevant. The secure area of the A7 CANNOT be accessed by the OS, even if rooted or jail broken. This is a hardware barrier that cannot be breached by a software exploit.

      None of the above holds true, of course, if you don't trust Apple. But assuming their description of how this works is accurate, this is the first reliable and fully secure biometric ID system in a mass produced consumer product. It won't be the last.
    • So, you won't even try?

      What evidence do you have that Apple's fingerprint scanner can be hacked? It certainly can't be spied on. Any encryption key can be compromised, given enough computing power. If the phone has been jailbroken, then then owner gets what he/she deserves. You are assuming any phone can be rooted. So, are you just going to hide your head in the sand and ignore the problem?
    • Or..

      you could just fall asleep and your girlfriend/mom/boyfriend/evil friend just read all your SMS.
      Vance Feld
  • Caspar spreads more FUD

    Caspar spreads more FUD
  • Suggest before talking about security they know what they are talking about

    Suggest anyone who want to talk about the security of Apple's iphone fingerprint storage are know something about it :’s-new-Secure-Enclave-and-why-is-it-important
  • An alternative solution to Apple's Fingerprint Scanner

    Fingerprint and Touch ID are getting a lot of traction in the news these days as Apple is set to roll out the new iphone 5S with this biometric add-on on September 20th. Touch ID will all but eliminate the need for passwords and pins when using your iphone 5s. But, what happens if you don't have the new phone? What options do users who have an Android, Blackberry or Microsoft device or a iphone 4s, 5 or even new 5c have available to them? EyeVerify!

    EyeVerify is the exclusive provider of Eyeprint Verification, a highly accurate biometric
    for mobile devices. Eyeprint Verification delivers a password-free mobile experience and secure authentication at a glance. This patented solution uses existing cameras on smartphones to image and pattern match the blood vessels in the whites of the eyes. Best of all, you can get this technology right now for your existing device as long as your device has a 1 mega pixel camera.

    Apple’s TouchID and the Eyeprint accomplish the same ultimate end goal. It is an accurate, secure & simple way to answer the question "Who is holding the phone?" Eyeprint Verification just happens to be more accessible to more of the population trying to solve the password problem.

    To learn more about the differences in these technologies:
    Check us out online
    Read our blog
    Follow us on twitter @eyeverify
    Watch us on YouTube
    Contact us to schedule an interview at
  • Fingerprint sensor

    I have no issues with this. This is added security that you don't have to remember among all the other passwords out there.