Will corporations move to fingerprint reading on devices for authentication?

fingerprintWith the launch of the new iPhone 5s I am sure many IT security people are working to figure out whether or not to support fingerprints to get access to the device.

My company has a pretty stringent password policy for my mobile devices and most of my friends and family make fun of me having to enter such a long password every five minutes.  I would love nothing more than to move to a fingerprint reader, however, I have some reservations about the technology.

This is clearly the way to go in my opinion but I am hesitant because I am not 100% it is secure at this point. Some of the early signs of image manipulation and spoofing have caused this concern. I think “spoofing” is going to be the least concern.

The reader on the iPhone is a capacitance finger print reader. Meaning it reads the conductivity of the subdermal layer (just below the dermis) and essentially generates an image from the subtle differences in your print. This in the end would be a very different picture than an actual finger print picture.

Lastly, can this “fingerprint” be used later on by the NSA? Will they simply get a massive collection of fingerprints right out of the gate?  What about apps accessing the finger print image?

Apple went out of its way to explain that your fingerprint data is stored on the A7 ARM chip, not in iCloud, and not anywhere else online. – link

Check out that article which talks about these kinds of threats, I found it very interesting. At the end of the article it clearly eludes to the NSA problem. If there are API’s that have to read and write the finger prints then clearly there will be a way for “someone” to get this data. I will keep researching around for how Apple is preventing such access but if  you find something first please comment here!


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.