On September 10, Apple announced two new iPhones. The premium iPhone 5s sports a fingerprint scanning security system that Apple acquired and adapted from AuthenTec. Subsequently, the entire Internet rose up in a fury of protests, worries and paranoia. The objections include: what if someone lifts my prints and is able to access my phone; what if the government steals my fingerprints like the rest of my telephony metadata?
While these are legitimate concerns, people should not be worried about having their biometrics stolen or used against them with the new iPhone. Here’s why: when you first set up the iPhone 5s, the Touch ID fingerprint scanner registers your thumbprint and stores that data about the print locally in the new secure A7 chip. So, from then on, the Touch ID will work every time your finger is pressed against the home button which is equipped with a capacitance scanner.
Some of the consumers complaining that their prints could get lifted to unlock the phone are misinformed: a living finger must be used on the fingerprint scanner for it to function. So, a potential phone thief could not lift your prints, or even cut off your thumb, to access your phone. Besides, the print used for the home button is different than usual prints because it will only be the tip of the finger. That is not the normal portion of the finger used for gripping, so less likely to capture.
As Robert Graham stated on the Errata Security Blog, “You use a different part of your finger to touch the iPhone sensor than what you use to touch other things. That means while hackers may be able to lift your thumbprint from you holding other objects, or from other parts of the phone itself, they probably can’t get the tip print need to do bad things on your iPhone
Also, the new iPhone will utilize RF signals to see through the dead-uppermost layers of skin into the living tissues of your finger print to verify that someone isn’t trying to use a lifted print and that your thumb is still attached. So, in short, the worries that your phone will be accessed using phony prints or other malicious tactics should be swayed.
As for the unwanted government access to your fingerprint, it is unlikely that the NSA – or any other government agency – will go to the trouble of gathering all that information. First, as stated previously, the part of the finger that is scanned is an uncommon and useless portion of the print. The print’s only real purpose and use is to unlock the phone. Second, all the data is stored locally on the A7 chip, not uploaded to cloud services or anywhere besides the actual phone.
Besides, the government does not require your fingerprints from the iPhone; they already have them from the DMV and passports. Since they are stored locally, it would take an extraordinary number of man hours to pull the thumbprints from all iPhone 5s users. Moreover, such an action would go through PRISM, so it would require a separate warrant. So, it’s possible the NSA could try to nab the tip of your thumbprints, but it is highly unlikely.
If anybody with an iPhone 5s is truly worried about their print being stolen, they have the ability to just disable the Touch ID sensor altogether because the regular 4-digit pin is still an option to set as a default security system to unlock the phone. The biometric technology provides added security measures to an iPhone, but is really an attempt to stay ahead of the sharp competition with Android.
About the Author:
This guest post was contributed by Rob Bohn (http://www.bohnlaw.com) who practices personal injury law in San Jose. His law firm has represented the people of California for more than 40 years.