I’ve been using an iPhone 5s for about a week now and I really like their implementation of the fingerprint scanner. From a security perspective, the reader itself seems to be a pretty solid implementation (aside from the lock screen bugs which are more about software implementation on top of the reader). More on that later…
Easier Security Can Be Stronger
Why do I like the iPhone 5s scanner? It does a nice job of balancing security and convenience, which is a key for more effective security. What do I mean? Consider just two of the changes I’ve made since I’ve started to use this phone:
- I’ve shortened my “auto lock” timeout so that my phone requires a passcode immediately when I lock the phone. Previously I had it delay about 5 minutes since I’d sometimes need to do just one more thing and it was tedious to re-enter the passcode 20 seconds later.
- I’ve gone to a complex device password. For convenience, I used to have a 4-digit numeric pass code but now, since I don’t have to enter my passcode all the time, I’ve gone to a more complex passphrase.
Both of these changes have increased the security of my mobile device, and it is actually easier than when I had less security.
Pro Tip: With the iPhone 5s, you don’t have to push the power button on top of the phone to wake the phone. To get the real benefit of the new fingerprint scanner, do this:
- Tap the ‘Home’ button with one of your registered fingers, such as your thumb.
- Leave your digit in place while the screen wakes up.
- The fingerprint sensor will automatically analyze your fingerprint and unlock the phone if it matches.
This almost makes it feel like you have no password at all – very convenient, yet still secure.
Easier Security is More Likely to be Used
The other thing I like about Apple’s approach is that it will make it easy for “normal people” to improve their security (i.e. people who don’t geek out on this stuff like we do). Today, I run across a lot of smartphone users with either no passcode at all, or a simple passcode like 5555 or 1111 (by the way, these two passcodes unlock about 10% of all iPhones). If even half of those with no pass codes decide to use the fingerprint sensor, I expect this to make the mobile device world more secure. Why?
- more people will use pass codes or pass phrases because of this (Apple forces you to create a lock code as part of the fingerprint registration process), and
- those who are using simple codes today may move to more complex ones due to the convenience factor.
Incidentally, I’ve had other phones with fingerprint readers (the Motorola Atrix, most recently) but Apple’s implementation is much better, in my opinion.
About that Security Model…
I’ve been studying Apple’s implementation of the fingerprint technology and it seems to be very well-done, at least based on an analysis of publicly available data. Without going into too much geekery, here are some highlights:
- Fingerprint data is stored only on the local device, and not backed up to the cloud.
- Data about your fingerprints can be stored in the enclave, but can’t be pulled back out – it is a one-way process.
- The data stored is not an image of your fingerprint, but a mathematical calculation of identifying features of your fingerprint, which means you cannot recreate a fingerprint from the data.
- Data is stored and managed within a “secure enclave” on the Apple A7 chip, and never sent out.
- To check a fingerprint, you send data into the enclave, it gets compared to the data stored in the enclave and you receive a “match” or “no match” response – the fingerprint data never leaves the enclave.
- Currently, access to the API’s are limited to Apple’s own lock screen and Apple’s own App Store application, which is a very conservative (and wise) move on Apple’s part.
The implementation is still “closed source,” as you might expect from Apple, but it has the right characteristics of a secure implementation of biometric authentication. I hope they are very deliberate about opening up access to other applications to ensure that the risk of rogue applications is mitigated. In the mean time, I’m happy that Apple is giving me the finger.
- The Skinny on PCI DSS 3.0 Compliance Changes
- Startup Security: Minimum Viable Product Shouldn’t Mean Minimum Security
- Password Authentication is Like Credit Card Processing
- Securing WordPress: Hardening Basics
P.S. Have you met John Powers, supernatural CISO?