The most talked about security feature of the new iPhone 5s is the Touch ID fingerprint sensor, which Apple introduced to the world this way: “The technology within Touch ID is some of the most advanced hardware and software we’ve put in any device.”
The sensor is not much thicker than a human hair. According to Apple, it can read extremely fine details of your fingerprint by intelligently analyzing a high-resolution image of the subepidermal layers of your skin. “Touch ID uses all of this to provide an accurate match and a very high level of security.”
The problem is that it took roughly 48 hours for a German group called Chaos Computer Club to hack the new feature. They used a photo of a fingerprint from a glass surface to fashion a fake finger and then tricked the phone into unlocking.
Considering the relative ease with which the new biometric feature could be hacked (by professionals), is there still a place for fingerprint technology? Technology analysts say yes—with a caveat.
Fingerprint technology—or any other kind of security feature, for that matter—is considered part of a suite of precautions you should be taking. “Multi-factor authentication” is the buzzword these days, and though the fingerprint feature is hackable, the new phones have multiple security features to provide extra security.
For instance, the fingerprint enrollment information is stored in a secure area in the iPhone 5s processor that powers the phone. If someone can get your fingerprint to make a fake finger, they then have to actually get your phone; and it won’t work with another iPhone unless the thief also has your Apple account credentials.
A fingerprint ID with a similar reader is built into the new Windows 8.1 but it's meant to be combined with the Trusted Platform Module. (Think multiple ways of encryption that are meant to act as a chain of trust.)
Fingerprint ID—and other biometrics like retina scanners, face recognition, DNA and palm prints—are smart. But experts say they’re just part of the puzzle. If your information is so valuable that someone would make a fake finger to get it, you should consider taking many different authentication routes.
For most of us, a fingerprint ID plus a good passcode and registered network device still constitute pretty good security.
- See more at: http://accent.chubb.com/future-fingerprint-technology#sthash.L9PEmkYf.dpuf
Inga kommentarer:
Skicka en kommentar