A UK view on Cyber, Information & IT Security by Security Expert Dave Whitelegg. Providing advice and explaining security for everyone, and also contemplating advanced themes and future trends in security.
With a focus on all the latest developments & issues within the UK Information Security space such as Hacking, DDoS, Botnets, Malware, Identity Theft, Data Protection (DPA) and regulatory compliance like PCI DSS & ISO27001:2013, all will be explained in an easy to understand way.
Tuesday, 10 September 2013
iPhone 5S "Touch ID" Fingerprint Security
Apple announced the new iPhone 5S today, the introduction of a new fingerprint recognition access system on the smartphone, called "Touch ID", grabs the security attention.
Fingerprint reader is the main button
Security of the Fingerprint Reader
The fingerprint reader is not like the traditional readers you see on laptops, and is actually part of the main button on the phone. The reader is no security gimmick as it is not a outdated optical reader, which works by taking and comparing a picture of your fingerprint, it is a capacitance reader,which is a more advanced and secure technology. Capacitance readers uses an electrical current to map your fingerprint, measures the minuscule differences in conductivity caused by the raised parts of your fingerprint, which makes it very difficult to defeat. I don't like to advocate the security of anything without inspecting, researching and testing a device myself, but I will say this reader has certainly been designed with security in mind. Apple has faith in Reader's Security
Apple have a lot faith in the security of reader, which is a good sign, stating it will not only be used to unlock the iPhone, but to verify user's Apple IDs to make account purchases. This method of device authentication, if proven, makes an interesting development for within the mobile device payments space, and perhaps could be a viable alternative to website passwords.
The Phone Lock Benefit
Given how fast the authentication works in comparison to using a passcode or password, then I see additional security benefit to be had with the account lockout time-limit. Setting the phone lockout timeout to 5 minutes or even 1 minute of inactivity becomes more viable, as the current trade off in accessing the phone with a slowly entered passcode/password is replaced by near instance touch authentication and access.
Increased Access Control Security with Two Factor Authentication
For security aficionados, the fingerprint reader may allow two factor authentication, namely combining the fingerprint reader with a passcode/password to authenticate, this would really ramp up the access control security on the device.
In all a very interesting and innovative security addition by Apple, so much kudos to them. Now I need to get my hands on an iPhone5S to test it.