- The idea of handing over fingerprints to Apple via new iPhone 5S has some nervous
- The phone will feature a fingerprint sensor in its Home button for added security
- Apple: Fingerprint info will be encrypted and stored in your phone, not on our servers
- Security expert: "Hackers will be certainly intrigued to see how they might circumvent" system
Given the privacy concerns swirling around much of our digital activity these days, the idea of handing over one's fingerprints to Apple via its new iPhone 5S has some people nervous.
The phone, which goes on sale September 20, will feature a fingerprint sensor in its Home button for added security. Users must "register" their print with the device, after which they can unlock the phone by placing a finger or thumb on the button. The idea is that fingerprints, being unique to each person, augment users' passcodes to offer an additional safeguard against hackers or thieves.
But can we trust Apple or its partners with our fingerprints? And couldn't hackers, those resourceful and relentless probers of digital firewalls, find new ways to trick the phone's sensor?
The answers, experts say, appear to be: 1) Probably, at least for now, and 2) Yes, although that's unlikely.
"There should always be some concern with new technologies or functionality that has such a large base of users," says Joe Schumacher, a consultant for security firm Neohapsis, in an e-mail to CNN. "The fingerprint reader is more of a sales tactic than a strong security enhancement.
"What still needs to be researched is how this digital fingerprint can be used once it is leaked, hacked or opened up to iCloud."
Prints in the cloud?
Some observers have wondered aloud on Twitter and elsewhere whether Apple, armed with a potential database of millions of thumbprints, might turn over some customers' prints to the National Security Agency (NSA) if ordered to by the government. After all, Apple was reported to have been a partner in the NSA's PRISM surveillance program and has acknowledged it hands over user data when mandated by the government.
But Apple has said users' fingerprint information will be encrypted and stored securely inside the phone's new A7 processor chip instead of on Apple's servers or backed up to iCloud, the company's Web-based storage service. Apple also has said it's not allowing third-party applications to access the scanner -- at least not yet.
That's good news for users' privacy, experts say -- even amid news reports that the NSA can spy on smartphones.
"Your iPhone knows who you call. It knows where you are. And in the newest versions, it will know your thumbprint. Given revelations about how the NSA can access Apple devices, should you be worried about it having that biometric data? No. No no no no no no. Come on. No," writes Philip Bump in The Atlantic.
"Your fingerprint ... isn't traveling anywhere. Is it possible that the NSA could ask Apple to upload a user's fingerprint from the phone so that it can be transmitted to the agency? Sure. But that likely wouldn't be a request that comes through PRISM; it would probably require a separate warrant. Not impossible, but, given the burden of demonstrating need for a warrant, not as easy as a few keystrokes."
Then there's the question of hackers replicating fingerprints to break into phones.
"Fingerprints are not private, you leave them lying around everywhere, and if someone has enough incentive -- and the resources available to them -- they may try to defeat any security system that you trust your fingerprint to unlock," writes noted security researcher Graham Cluley on his blog.
"One thing is for sure. With the launch of the iPhone 5S, more people will be using fingerprint sensors as part of their daily security than ever before -- and the hackers will be certainly intrigued to see how they might circumvent it," Cluley adds.
Dino Dai Zovi, co-author of "The iOS Hacker's Handbook," told CNNMoney that if he were trying to hack an iPhone 5S, he would first try to lift prints from elsewhere on the device "and figure out how to replay those to the sensor to log in to the person's phone."
This is not as hard as it might sound. A decade ago, a Japanese cryptographer demonstrated how to fool fingerprint-recognition systems by transferring latent prints to a "finger" made from gelatin, the ingredient found in Jell-O and other sweets. It was informally known as the "Gummi bear hack."
But Apple's new Touch ID technology is presumably more sophisticated than those old systems.
In addition, latent prints may not provide enough of an overlapping match to unlock a phone, says digital-security expert Robert Graham.
"You use a different part of your finger to touch the iPhone sensor than what you use to touch other things," writes Graham on the Errata Security blog. "That means while hackers may be able to lift your thumbprint from you holding other objects, or from other parts of the phone itself, they probably can't get the tip print needed to do bad things on your iPhone.
"This means the fingerprint databases held by the NSA, FBI, and border security are largely useless at unlocking your phone: they don't cover the same parts of your fingers," Graham adds.
But there is another potential vulnerability in the iPhone 5S's fingerprint scans. The Touch ID system also can be used as a secure way to approve purchases from iTunes or the App Store, which makes some security experts uncomfortable.
"If Apple is right that fingerprints never leave the device, that means the new iPhones will be sending some sort of authentication token to Apple servers to verify that the end user has produced a valid print," writes Dan Goodin in Ars Technica, a CNN.com content partner.
"If attackers figure out a way to capture and replay users' valid tokens, it could lead to new ways for criminals to hijack user accounts."