Here's What Could Go Wrong With Apple's New Fingerprint Tech, According To A Security Expert
Apple After months of rumors, Apple today confirmed that the new iPhone 5S will include a fingerprint scanner.
You can use your fingerprint to unlock your phone simply by placing your finger on top of the home button. You can also use your fingerprint with the iTunes store instead of entering a password every time you want to make a purchase.
Is trusting Apple with your fingerprint safe? What could go wrong? We turned to security expert Shuman Ghosemajumder, a former Google security guru who is now working at buzzy, stealthy security startup Shape Security to find out.
Ghosemajumder said the fingerprint scanner sounds safe to use and that he, himself, would probably use it, once he found out some details about it.
The good news is that fingerprints will only be stored on the phone, not in the cloud, and that's really important.
"Having a central database of fingerprints in the cloud would be incredibly dangerous," Ghosemajumder told us. "But you would expect Apple has world class security experts advising and working with them on this."
Still, he cautioned, there are a few things that would make the fingerprint scanner unsafe.
1. It must be a hardware-only device. The scanner must not be activated by software or pass the fingerprint information to software. If it can be activated by software than there will be bad guys that can write malicious code for it. A hardware-only device will tell the software "yes, this fingerprint is ok" or "no, this fingerprint is not ok" but it will not share the fingerprint, or data about the fingerprint, with the software.
2. It must store the photograph of the fingerprint in a super-safe location on the device. This location has to be blocked off and not accessible by software. Otherwise, hackers will be able to get the fingerprint that way.
3. Apple needs to explain how it will use the scanner with iTunes. Will it temporarily store the fingerprint or information about it, the way Siri temporarily stores requests? Even temporary storage of a fingerprint in a cloud server could give hackers an "in."
Ghosemajumder said that the security community will be asking Apple all of these questions.
Failing that, we'll also find all of this out "as soon as ios 7 is jailbroken," he laughed. Jailbreaking a phone means to hack into the software and poke around. Tech experts usually jailbreak a new iPhone within a hours or days after it hits the shelves.
If it turns out that this gadget isn't as safe as it sounds, you'll be able to turn it off. That's good news, too.