Smarter phones? Evidence mounts for fingerprint-protected iPhone

Password

2

When Apple unveils its new iPhone models Tuesday, one particularly persistent rumor may come true – that at least one model of the new hardware will feature a built-in fingerprint scanner.

Apple is expected to introduce two models – one a cheaper 5C model, and one a premium 5S model. A leaked image of a sensor hints that the 5S at least may offer biometric fingerprint security built into its home button, according to Slashgear.

A convincing-looking photograph showing the leaked part was acquired by Sonny Dickson, an Australian blogger who has previously found reliable information on upcoming Apple products. Dickson is known for contacts in Apple’s Chinese supply chain, and for finding hints inside beta code. Dickson said in a previous interview with Reuters that he relied on five to ten assembly line workers who sold images of parts to his contacts for up to $250 each.

Experts have said that the part appears to be “real”. Leaks from other mobile firms such as HTC suggest that top-end Android models could soon offer fingerprint authentication built into the hardware.

Apple also filed for a European patent for a combination fingerprint sensor and near-field-communications chip this week, according to MacRumors, with a patent for “A touch sensor or fingerprint sensor may have an array of conductive electrodes for gathering sensor data from […] aa button in an electronic device.”

ESET Senior Research Fellow David Harley discusses the advantages of biometric systems in a We Live Security blog post, “The sad fact is, static passwords are a superficially cheap but conceptually unsatisfactory solution to a very difficult problem, especially if they aren’t protected by supplementary techniques. Biometrics and one-time passwords and tokens are much more secure, especially when implemented in hardware as a two-factor authentication measure.”

The new piece of equipment, according to Philip Smith, former CFO of authentication firm UPEK, which invented similar systems for PCs. Speaking to SlashGear, Smith said that he had no doubt that the part was authentic.

“This is real,” Smith said. “The silicon sensor is the teeny blob in the light colored disk. The black square connected to it is the co-processor that goes with the fingerprint sensor to process the fingerprint data pulled, comparing it to the data stored that will identify you as the authorized user, thereby unlocking (or denying if it is not you). It also provides the access security separate from the main phone processor, reducing the ability for it to be hacked.

“This was a big deal when we (UPEK, the inventors of this in the early 2000′s) introduced it for PC’s. Our competitor, Authentec, did this processing on the main PC Intel processor – which was totally open to being hacked. Authentec went public, bought UPEK and then sold itself to Apple.”

Author Rob Waugh, We Live Security

  • Security Minded

    Dumbest thing ever.

    Here’s the problem with today’s advancements in security,

    fingerprint scanners can be bested with a wet piece of paper (mythbusters). People can steal (electronically) the RFID tags that google wants to use to login with, retina scans can be faked with contact lenses, and i will NOT, EVER UNDER ANY CIRCUMSTANCES use anything that readily identifies my biometric schema to unlock ANY device EVER. Biometric data should NOT be stored on ANY device REGARDLESS of it’s level of ‘encryption’.

    • http://dharley.wordpress.com/ David Harley

      My understanding is that Mythbusters managed to fool just one fingerprint scanner that way. I’ve no idea how effective the biometrics on new phone are, but there is a wide range of effectiveness between scanners. The description of the episode in question on Wikipedia actually says: “the door-scanner ended up being fooled much easier than the low-tech fingerprint scanner on Jamie’s laptop”… I suppose it might be possible to make a contact lens that reproduced someone else’s retinal capillary pattern, but it wouldn’t be quite as simple or unobtrusive as making a key impression in soap. I haven’t looked into Google’s RFID proposals.

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.