Rumored iOS Fingerprint Sensor Would Boost Mobile Security

  /     /     /  
Publicated : 22/11/2024   Category : security


Rumored iOS Fingerprint Sensor Would Boost Mobile Security


While not the first mobile phone maker to put a fingerprint sensor on a smartphone, Apples adoption could make a higher level of security more convenient



Movies tend to paint fingerprint sensors as high-security devices used only to protect military installations -- devices whose security, however, can easily be circumvented by the crafty protagonist.
With the hyperactive Apple rumor mill
predicting a fingerprint sensor
in a future iPhone, the biometric technology could finally get the boost it needs to become widely adopted. The sensors, if delivered with Apples typical panache, would likely raise the overall security of smartphones by making a common level of protection widely available, says Chace Hatcher, CEO of Diamond Fortress Technologies, a Birmingham, Ala., startup focusing on allowing the rear-facing camera to act as a fingerprint sensor.
If Apple releases a fingerprint sensor, it will give a boost to the whole concept of the mobile wallet and having good security on the phone, he says.
Biometric security, in general, and fingerprint sensors, in particular, have had a hard time cracking the consumer code. While such technologies promise easier authentication with greater security than typical passwords, a variety of problems have plagued implementations. While promising convenience, false negatives -- where the users biometric is not recognized -- have been common. In addition, security issues with such a key authentication technology can cause problems: Last year, security firm Elcomsoft found that the widely used UPEK fingerprint sensors stored users passwords in poorly obfuscated plain text in the Windows registry,
essentially breaking the Windows security model
.
Yet Apples purchase of biometric technology firm AuthenTec in 2012 may mean that change is coming. Late last year, Apple was
granted patents
on using biometric technology on the iPhone in a two-step unlock process similar to the current method that allows users to unlock their phones via a personal identification number, or PIN.
[A new security startup is building an authentication model with what it describes as a human approach that doesnt use biometrics, passwords or passcodes. See
Startup To Offer Human Authentication
.]
While Apples patent filings show that the iPhone could work with any biometric -- fingerprint and facial recognition are shown -- fingerprints tend to be the most reliable, says Jamie Cowper, senior director of business development for authentication provider Nok Nok Labs.
Fingerprint sensors -- they are better today than voice and face, Cowper says. They are harder to spoof. It is always possible on a one-to-one basis, but not at scale.
Securely implemented biometric authentication would only use the biometric -- whether a fingerprint, a facial image, or a voice recording -- to unlock credentials in a local vault on the device that would then be used for authentication. No biometric data -- or data derived from a biometric, such as a hash -- would be communicated over the Internet. In many ways, the model is similar to a password vault, such as LastPass or 1Password, where a single strong password protects access to many other strong passwords.
Yet the real test will be how easy the technology is to use. Any technology that does not improve the user experience will fail, says Troy Vennon, director of the Mobile Threat Center at Juniper Networks.
If you put a technology in front of the access to the device, in front of peoples ability to complete their work, it better work or they are going to go around it, Vennon says.
Six out of every 10 people do not have a PIN on their phones because it makes the devices slower to use, according to Frost & Sullivan, a research firm. Yet if e-commerce providers and banks begin recommending that users enable their fingerprint sensors, the technology could take off, the analyst firm
stated earlier this month
.
Meanwhile, passwords -- and the reliance on users to choose good passwords -- continues to
pose serious security issues
for both online providers and the users themselves. While a fingerprint sensor will not protect a smartphone from the most common threats -- being lost of stolen -- it will better secure online transactions than using a common four-digit PIN code.
In the end, I think it is a foregone conclusion that fingerprint biometrics will replace passwords and PINs, Diamond Fortresss Hatcher says. I think biometrics is going to make those mechanisms go the way of the dodo.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Rumored iOS Fingerprint Sensor Would Boost Mobile Security