New iPhone Fingerprint Scanner Raises Security Questions
|September 24, 2013|
Apple’s release earlier this month of its new IPhone 5S that features a new fingerprint sensor to enhance security raises questions about the device’s ability to protect non-public personal information.
Apple's Touch ID fingerprint scanner allows users to scan their fingerprint to access the iPhone and download media or apps from iTunes without the need to type in a PIN code.
Addressing privacy concerns, Apple said the new feature doesn’t store images of users’ fingerprints. Instead, the system stores fingerprint data that is encrypted within the phone’s processor. Already, however, hackers are offering a bounty to the first person to hack the biometric lock. Other companies also are looking at the potential of merging biometrics and mobile technology. It’s been reported that HTC One Max will release a product equipped with a fingerprint scanner on the back of the smartphone.
Gregory McDonald of Cloudstar Consulting Corp. is concerned the fingerprint scanner will give iPhone users a false sense of security.
“The iPhone is an extremely popular platform,” he said. “That means hackers and criminals will try desperately to defeat the new security measures. We have no reason to believe the new fingerprint scanner is foolproof. Security measures seldom are and Apple’s current “passcode” system is already easily bypassed. You can always change your password, but you only have one set of fingerprints. If your digital fingerprints fall into the wrong hands, it’s a problem that could haunt you for life.”
McDonald believes we’ll soon see a combination of passcode and fingerprint. “In other words, something you have, in addition to something you know,” he added. “That will be the best combination.”
Over the weekend, a hacking group figured out how to bypass the fingerprint login using lifted finger prints and household items.
With many people using smartphones and tablets for multiple things, including work, it’s important to protect the non-public information (NPI) included in documents you receive and send on these devices. ALTA’s “Title Insurance and Settlement Company Best Practices” provides guidance on protecting NPI. Additionally, here’s a list of best-practice tips from the IT management and solutions company ISON to help ensure compliance and that NPI is safeguarded: