Touch ID Fingerprint Scanner In iPhone 5S: Everything You Need To Know

Apple strengthens user protection in their new flagship smartphone meaning biometric identification might finally go mainstream. Is it good or bad, and what are the potential consequences?

iphone_title_EN

First, we’ll try to calm all conspiracy theorists: it doesn’t seem that Apple introduced biometric ID just to please their NSA friends and collect the fingerprints of taxpayers for the feds. Apple stated that fingerprints are stored in a specially produced derived form (i.e. not photos) and always kept locally, never getting transmitted to the Net. In addition, fingerprints and Touch ID scanners are unavailable to third-party apps; only iOS can use it. So, what can be protected with all these restrictions?

Quite a bit can. Most obviously, it’s much easier for legitimate owners to unlock their smartphones. All it takes is a simple Home button press, and an embedded capacitive sensor will instantly recognize the fingerprint, granting access to the person on the “white list.” Unauthorized persons or owners in gloves will see a message saying it’s impossible to recognize this fingerprint. In this case, they would have to type an alphanumerical backup password. In addition to people wearing gloves, technology might fail in cold weather, when hands are wet or covered with lotion, scarred or burnt. That’s why it’s still important to memorize a password since it might come handy quite often.

Owners will be obliged to pass a Touch ID check when approving iTunes or App Store purchases and in other situations, when iOS normally asks for a password.

Owners will be obliged to pass a Touch ID check when approving iTunes or App Store purchases and in other situations, when iOS normally asks for a password. We suggest enrolling multiple fingers from both hands to increase convenience.

Of course it’s very interesting to wonder if new protection mechanisms are robust and secure enough. As we previously mentioned, biometric sensors are imperfect. To implement Touch ID, Apple bought Authentec, a specialized company with quite interesting biometric technology developments. The scanner reads not only dermal ridges, but sub-epidermal layers of the skin as well, which makes fingerprint forgery much more complicated. The new sensor probably has some vulnerabilities that will be discovered by curious hackers when 5S becomes mainstream. However, we have no information about such vulnerabilities or their mere existence at this point.

Update: Just two days after sales started, hackers from Germany-based Chaos Computer Club published a blogpost regarding an easy and cheap 5S sensor hack. They claim, that the iPhone fingerprint scanner is no different from previous models, but it has a higher resolution. Thus it’s very easy to pick up a fingerprint from any surface and forge it using latex.

It’s not easy to choose between familiar pin lock and novel fingerprint protection. Pin codes are easier to snoop and it takes more time to type them. Fingerprints are harder to forge and easier to use, but someone who desperately needs your data may just force you to touch your smartphone with the right finger. Of course, this scenario is more appropriate for a Hollywood action movie, not real life, but if you’re in possession of really valuable information you have to consider this and possibly avoid storing that information on your smartphone.

When talking about “ordinary people,” it seems they shouldn’t be afraid of Apple’s new technology for now. However, there is a speculation the next step for Apple will be an own payment system with biometrics serving as a primary authentication for purchase approval. In this case, fingerprint transmission over the network seems to be inevitable, and this gives hackers very good reason to develop an attack targeted at a mainstream audience. So if you’re worried about your fingerprints falling into wrong hands, re-consider using Apple biometrics when you hear about payment systems or any other ecosystem development, which might be based on extended fingerprints usage.

  • Share
  • Pin It

Comments

  1. Elissa says:

    Can one use the iPhone 5s without the touch ID feature? In other words can you ‘opt out’, not provide your fingerprint at all to use the phone?

    1. Kaspersky Team says:

      Hi Elissa,

      Yes, you can choose to opt out of this feature within the phone’s settings. Please let us know if we can help you with anything else.

  2. I think we need to get used to the idea that “Big Data” will soon have some biometric data on us. It’s not an easy thought, but biometrics are harder to use once hacked, versus traditional plain text passwords. This sensor in the home key might not work as flawless as thought, but its a step in the right direction.

  3. Phil says:

    So if my wife needs to use my phone while I am in the shower…can two people have their fingerprints in the system?

    1. Brian Donohue says:

      You sure can. In Apple’s words:

      “Touch ID lets you enroll multiple fingerprints, it knows the people you trust, too.”

    2. Kaspersky Team says:

      Hi Phil,

      You will be allowed to store up to 5 fingerprints on your phone. Please let us know if we can help you with anything else.

  4. James McQ says:

    Can you use the passcode AND biometrics to help secure the phone?

    1. Kaspersky Team says:

      Hi James,

      Yes, you can have both options set up. If you do this, when you wake your phone up you will either be able to enter your password or provide your fingerprint to unlock your device.

  5. “… fingerprint transmission over the network seems to be inevitable,….”

    I’m not sure that’s a given. iTunes may simply use the fingerprint to authenticate and allow the unlocking of the datastore securing the iTunes password.

  6. Megan says:

    what if you dont have a fingerprint?

    1. Kaspersky Team says:

      Hi Megan,

      You will still be able to use the traditional passcode security feature if you wish to opt out of the fingerprint scanner.

  7. Radix says:

    I know this is not a direct security comment. But it’s too bad that, along with the security aspect of the sensor, once logged in you can’t just use the sensor or at least the capacitive ring sensor portion to allow to be interpretation as a single home button press. In this way you do not have to press the home button all the way down, adding additional wear to a home button that seems to invariably fail after the first year.

  8. kin says:

    can I lock app like whatsapp using the fingerprint scanner?

    1. Kaspersky Team says:

      Hi Kin,

      You can use Touch ID to unlock your phone and to purchase items in iTunes or the App store at this time.

  9. madhu mohan says:

    can I have only the biometric without the passcode?

    1. Kaspersky Team says:

      Hi Madhu,

      You can lock your phone using just the Touch ID, however, if for some reason your phone is unable to recognize your fingerprint after a few attempts, you will be required to enter your passcode as backup to gain access to your phone.

  10. Mike says:

    I just bought iPhone 5s and he says it’s fake as he can’t find the fingerprint scanner. Is this possible? Does all iPhone 5s have fingerprint scanner? If yes, how can i enlighten him?

    1. Serge Malenkovich says:

      All original iPhones 5s have touch id sensor. The home button has its distinctive look without traditional square image on it.

  11. Ray says:

    Is it possible to completely opt out the fingerprint scanner.? I mean i don’t want to use it for any application( itune, screen unlock or whatever apps which employ security authentication) at all.
    P.S: I want to buy iPhone 5 but right now its not available in market that’s why i have to go for iPhone 5s

    1. Kaspersky Team says:

      Hi Ray,

      Yes you can choose not to use the ID Fingerprint security feature, but we do recommend having a passcode set up in that case.