Misconceptions About the iPhone 5S TouchID

Posted on October 24, 2013

2


Working in a biometrics lab for the last few years, I have a somewhat unique perspective on the iPhone 5S’s touchID technology. I’d like to discuss a few initial comments I have, my opinion about the technology, and my thoughts on its usability. In this blog I’d like to get a few things that have been blown out of proportion cleared up

– Yes the touchID has been “hacked”

So has literally every other security system on the planet, including all other forms of biometric authentication and any other type of authentication you can think of (passwords, PIN numbers, bank vaults, etc.). Security may be in place to prevent something from happening, but in reality security in whatever form you’d like only reduces the likelihood of something happening.

– No, touchID is not the answer to the world’s mobile security problems.

Can a password get hacked? Of course it can, it is as easy as watching what someone types in and remembering it. So why doesn’t the world rush to arms when someone leans over my shoulder and gets my debit card PIN? Like I said before security is used as a tool to decrease the likelihood of something happening, so security system no matter how sophisticated will every guarantee nothing bad will happen. Such is the true with touchID. It doesn’t advertise itself as the Gringotts of the mobile security sector. What it does offer is some increased security, along with a quick and easy way to unlock your phone (often without even looking). I’ll touch more on the usability side after I do some more preliminary testing on my iPhone 5S and gather my thoughts a bit.

– Yes you can use a cat paw to enroll

This doesn’t tell you a thing about the performance or security level of touchID. Sure you can enroll a cat paw, an elbow, a knuckle, or your nose. This is because of the method of matching touchID uses, called pattern based matching, which takes advantage of the patterns in your fingerprint (or paw, elbow or nose) and remembers them to compare to later. This means that yes you can enroll on things that aren’t fingerprints, but you can’t enroll a cat paw and verify with your nose so unless your carrying around your cat with you at all times, it isn’t going to do you much good.

Like I mentioned, I’ll be continuing this discussion after I get a little more familiar with my phone. Who knows maybe I’ll learn something new about it or find a cool way of using it (other than enrolling animals).

Advertisements