With the launch of the new iPhone 5s I am sure many IT security people are working to figure out whether or not to support fingerprints to get access to the device.
My company has a pretty stringent password policy for my mobile devices and most of my friends and family make fun of me having to enter such a long password every five minutes. I would love nothing more than to move to a fingerprint reader, however, I have some reservations about the technology.
This is clearly the way to go in my opinion but I am hesitant because I am not 100% it is secure at this point. Some of the early signs of image manipulation and spoofing have caused this concern. I think “spoofing” is going to be the least concern.
The reader on the iPhone is a capacitance finger print reader. Meaning it reads the conductivity of the subdermal layer (just below the dermis) and essentially generates an image from the subtle differences in your print. This in the end would be a very different picture than an actual finger print picture.
Lastly, can this “fingerprint” be used later on by the NSA? Will they simply get a massive collection of fingerprints right out of the gate? What about apps accessing the finger print image?
Check out that article which talks about these kinds of threats, I found it very interesting. At the end of the article it clearly eludes to the NSA problem. If there are API’s that have to read and write the finger prints then clearly there will be a way for “someone” to get this data. I will keep researching around for how Apple is preventing such access but if you find something first please comment here!