iPhone Fingerprint Scanner Comes With A Catch

iPhone Fingerprint Scanner Comes With A Catch
CUPERTINO, CA - SEPTEMBER 10: The new iPhone 5S with fingerprint technology is displayed during an Apple product announcement at the Apple campus on September 10, 2013 in Cupertino, California. The company launched the new iPhone 5C model that will run iOS 7 is made from hard-coated polycarbonate and comes in various colors and the iPhone 5S that features fingerprint recognition security. (Photo by Justin Sullivan/Getty Images)
CUPERTINO, CA - SEPTEMBER 10: The new iPhone 5S with fingerprint technology is displayed during an Apple product announcement at the Apple campus on September 10, 2013 in Cupertino, California. The company launched the new iPhone 5C model that will run iOS 7 is made from hard-coated polycarbonate and comes in various colors and the iPhone 5S that features fingerprint recognition security. (Photo by Justin Sullivan/Getty Images)

The new iPhone's perhaps most cutting-edge feature, fingerprint scanning technology, comes with a catch: Some people don't have fingerprints at all.

Apple announced the new TouchID feature on Tuesday in Cupertino, Calif., at a closely watched press conference. Senior vice president of worldwide marketing, Phillip Schiller, showed off the fingerprint scanner, which uses touch sensors and laser-cut sapphire crystal to take a high-resolution image of a fingerprint and store it inside the phone. TouchID then recognizes the owner’s unique fingerprint to unlock the phone.

Schiller called it "an innovative way to simply and securely unlock your phone with just the touch of a finger."

The scanner can also be used to let people buy things from the iTunes store and App store without needing to enter a password. A similar feature for the iPhone had been widely expected after Apple acquired AuthenTec, a fingerprint-scanner company, last year for $356 million.

Security experts praised the new fingerprint sensor for helping keep cybercriminals at bay. But some, like Michael Barrett, president of the Fast IDentity Online Alliance, which advocates for using fingerprints, voices and faces -- known as biometrics -- to replace passwords, pointed to a possible problem: Barrett said fingerprint sensors may "work well, but they don’t work well for everybody."

People who make a living with their hands -- for example, artists, construction workers and teachers who use chalkboards -- can wear down their fingertips so much that fingerprint sensors may not be able to identify them, Barrett said.

While TouchID may not be a boon to these people, a fingerprint sensor still holds many advantages over traditional passwords, security experts said. Schiller said only half of iPhone owners lock their devices using passcodes. TouchID makes it easier to unlock the device and frees them from having to recall strings of numbers and letters for multiple accounts.

“It’s way more convenient,” said Marc Rogers, a security researcher at the mobile security firm Lookout. While you may forget your password, he said, “you always have your finger with you.”

Security experts are divided, however, on whether fingerprint scanners are more secure, and the scanners have proven vulnerable to creative spoofing techniques.

More than a decade ago, one security researcher found that he could trick fingerprint scanners by creating fake fingers using gelatin, a technique nicknamed the "gummy bear hack.”

Barrett said today’s fingerprint scanners have become more reliable and less susceptible to such tricks. And he said it would be inefficient for hackers to try to spoof the iPhone's sensor.

“From a criminal perspective, it’s never worth it because you can only attack one person at a time, so it’s very slow,” he said.

Rogers said Apple's TouchID was likely intended to protect consumers from thieves who steal iPhones. In major cities, thefts of mobile devices make up about 40 percent of all robberies. Many of those robberies involve smartphones, which have become increasingly attractive to criminals not just for their resale value but for the valuable data stored on them, including emails and online banking data.

Given Apple's influence, the company's adoption of fingerprint-scanner technology could increase the use of biometrics in identify verification and accelerate the demise of the password, which many feel has become outdated, Barrett said.

"Passwords were invented in the context of computers in the 1960s," he said. “They don’t work for anybody any longer. We think the beginning of the end of password is here."

Close