Getty Images Every new iPhone tends to have one marquee feature that catches everyone’s attention. The iPhone 4 had a radical and sleek redesign. The 4S had Siri, the voice-activated personal assistant. The 5 had a larger screen. And now, Apple (AAPL) brings us the iPhone 5S, whose killer feature is a new home button with a fingerprint sensor that lets you unlock the phone and make purchases with a simple touch. That should make people more likely to lock their phones, and make thieves less likely to swipe iPhones, knowing they’d need a fingerprint to break into them.
But is the fingerprint scanner really as safe as it seems?
A few people have joked on Twitter that it will lead to rash of fingertip amputations by smartphone thieves. That seems unlikely, but a Wall Street Journal report debunked the notion anyway, observing that the scanner probably requires some sign of life. But beyond that, there are concerns that it’s not the foolproof security system that it appears to be.
“Fingerprints are not secret: we leave copies of them wherever we go, even if we’re trying hard not to, as cop show [aficionados] will be well aware,” writes security expert John Hawes. “Once someone devious has got hold of a copy, purely visual sensors can be fooled by photographs, while more sophisticated techniques which measure textures, temperatures and even pulses are still open to cheating using flesh-like materials, or even gelatin snacks.”
Yes, there’s actually a grain of truth in those heist movies where someone lifts an impression of a fingerprint, presses it against a fingerprint reader, and then goes on to steal, say, the Declaration of Independence. Presumably that’s not an issue for people concerned about getting mugged for their smartphones, though business users with valuable data on their devices should think twice about using a fingerprint as their only line of defense.
But another concern is what could happen if a database of fingerprint information is breached. After all, when a company like LivingSocial discovers that someone hacked its database of encrypted passwords, it tells its users to change their passwords as a precaution. But you can’t change your fingerprint — except with “acid, sandpaper or some other hardened-gangster technique,” writes Hawes. And if fingerprint scanners get more common as a security procedure, it essentially means that you’ll be using the same “password” — your finger — for multiple accounts, which is not ideal.
The good news in this case is that there will be no central database to be hacked — Apple says your fingerprint will be stored locally, on the phone’s chip. Still, Dawes writes that we should “expect this storage area and the connections to it to become the subject of frenzied investigations by hackers of all persuasions.”
Apple products have generally proven more difficult to hack than other smartphones, so this doesn’t seem to be an imminent concern. But just know that securing your phone with what seems like spy technology doesn’t guarantee that it’s uncrackable.
As a final note, it must be said that this isn’t all about keeping your phone secure. As many observers have pointed out, the real boon for Apple here is that the fingerprint reader allows users to quickly make purchases without having to punch in a password. That’s going to mean a lot more impulse buys, so perhaps the biggest risk here is that you’ll find yourself buying more songs and apps now that you no longer have that passcode barrier slowing you down.