Here’s What Could Go Wrong With Apple’s New Fingerprint Tech, According To A Security Expert; “Having a central database of fingerprints in the cloud would be incredibly dangerous”

September 11, 2013 Leave a comment

Here’s What Could Go Wrong With Apple’s New Fingerprint Tech, According To A Security Expert

JULIE BORT SEP. 10, 2013, 4:32 PM 11,131 17

After months of rumors, Apple today confirmed that the new iPhone 5S will include a fingerprint scanner. You can use your fingerprint to unlock your phone simply by placing your finger on top of the home button. You can also use your fingerprint with the iTunes store instead of entering a password every time you want to make a purchase. Is trusting Apple with your fingerprint safe? What could go wrong? We turned to security expert Shuman Ghosemajumder, a former Google security guru who is now working at buzzy, stealthy security startup Shape Security to find out. Ghosemajumder said the fingerprint scanner sounds safe to use and that he, himself, would probably use it, once he found out some details about it. The good news is that fingerprints will only be stored on the phone, not in the cloud, and that’s really important. “Having a central database of fingerprints in the cloud would be incredibly dangerous,” Ghosemajumder told us. “But you would expect Apple has world class security experts advising and working with them on this.”Still, he cautioned, there are a few things that would make the fingerprint scanner unsafe.

1. It must be a hardware-only device. The scanner must not be activated by software or pass the fingerprint information to software.  If it can be activated by software than there will be bad guys that can write malicious code for it. A hardware-only device will tell the software “yes, this fingerprint is ok” or “no, this fingerprint is not ok” but it will not share the fingerprint, or data about the fingerprint, with the software.

2. It must store the photograph of the fingerprint in a super-safe location on the device. This location has to be blocked off and not accessible by software. Otherwise, hackers will be able to get the fingerprint that way.

3. Apple needs to explain how it will use the scanner with iTunes. Will it temporarily store the fingerprint or information about it, the way Siri temporarily stores requests? Even temporary storage of a fingerprint in a cloud server could give hackers an “in.”

Ghosemajumder said that the security community will be asking Apple all of these questions.

Failing that, we’ll also find all of this out “as soon as iOS 7 is jailbroken,” he laughed. Jailbreaking a phone means to hack into the software and poke around. Tech experts usually jailbreak a new iPhone within hours or days after it hits the shelves.

If it turns out that this feature isn’t as safe as it sounds, you’ll be able to turn it off. That’s good news, too.

Filed under TMT Trends

Unknown's avatarAbout bambooinnovator
Kee Koon Boon (“KB”) is the co-founder and director of HERO Investment Management which provides specialized fund management and investment advisory services to the ARCHEA Asia HERO Innovators Fund (www.heroinnovator.com), the only Asian SMID-cap tech-focused fund in the industry. KB is an internationally featured investor rooted in the principles of value investing for over a decade as a fund manager and analyst in the Asian capital markets who started his career at a boutique hedge fund in Singapore where he was with the firm since 2002 and was also part of the core investment committee in significantly outperforming the index in the 10-year-plus-old flagship Asian fund. He was also the portfolio manager for Asia-Pacific equities at Korea’s largest mutual fund company. Prior to setting up the H.E.R.O. Innovators Fund, KB was the Chief Investment Officer & CEO of a Singapore Registered Fund Management Company (RFMC) where he is responsible for listed Asian equity investments. KB had taught accounting at the Singapore Management University (SMU) as a faculty member and also pioneered the 15-week course on Accounting Fraud in Asia as an official module at SMU. KB remains grateful and honored to be invited by Singapore’s financial regulator Monetary Authority of Singapore (MAS) to present to their top management team about implementing a world’s first fact-based forward-looking fraud detection framework to bring about benefits for the capital markets in Singapore and for the public and investment community. KB also served the community in sharing his insights in writing articles about value investing and corporate governance in the media that include Business Times, Straits Times, Jakarta Post, Manual of Ideas, Investopedia, TedXWallStreet. He had also presented in top investment, banking and finance conferences in America, Italy, Sydney, Cape Town, HK, China. He has trained CEOs, entrepreneurs, CFOs, management executives in business strategy & business model innovation in Singapore, HK and China.

Leave a comment