Unless you have been living under an Android or generally don’t care about mobile computing you might have heard about Apple’s iPhone announcement. The big takeaways from the announcement were fairly light in the short term, but gargantuan in the long term. Apple itself dubs its flagship model, “Forward Thinking.”
To bring you up to speed if you didn’t watch the keynote, Apple released two new iPhones, the 5C and the 5S. The 5C is marketed as a fun, colorful option for people who might not want to pay for the flagship 5S. The brilliance behind this is that the 5C is by almost all accounts an iPhone 5 without the metal back and diamond chamfered edges. The internals are pretty much identical, but the profit margin skyrockets when you use “unapologetic plastic” over metal. The 5C is available for $99 on contract and comes in a multitude of colors.
Now on to the flagship iPhone, the 5S. The 5S only comes in three color variations, the most sought after being the gold. Yes, Apple made a gold iPhone. The big product differentiators between the 5C and the 5S (besides color and back) are the camera and the fingerprint scanner. The iPhone 5S also received a huge upgrade to the internals with the A7 chip and M7 coprocessor.
Biometric locks have always been a staple in sci-fi and futuristic films (see Sneakers). Unfortunately, the performance in the past has always been subpar causing everyone to flee back to a barbaric passcode or password. Well times have changed! The 5S’s scanner works brilliantly, almost freakishly fast.
After a user programs their finger (you are allowed five), they can unlock their iPhone and also authorize App store purchases. Apple’s version of Amazon 1-Click? As of now there is no API to access this data, but one could see if it becomes mainstream enough that this is clearly a monumental opportunity for Apple. Furthermore, it is something Google and Microsoft have yet to implement at a scale that matters.
To give you some perspective as to the scale of Apple’s footprint they sold 9 Million iPhones in the first weekend. The first weekend! Industry analysts have estimated that 6 out of the 9 million were the 5S model. So in one weekend Apple can offer developers and merchants a 6 million person install base. That is bananas!
Fun Fact: Apple made more on their iPhone sales in the first weekend than Blackberry is poised to sell for.
Now let me take my Apple fan boy hat off for a second and talk about what kind of security implications a biometric passcode entails. The first is that more people will have a secured phone because the barrier of use (after you scan in your finger(s)) is virtually nil. It really does work that well and Apple strong arms you into setting a passcode just in case TouchID fails or a few other situations arise.
The next logical progression from ease of use is how secure is a fingerprint to a passcode or password. The answer is not very. A long alphanumeric passcode will always be more secure than your fingerprint. So one could argue the average level of security in the aggregate went up (Apple stated fewer than half of all iPhones have passcodes), but the overall security of the phone is lower if someone opts to use TouchID over a password.
There are a myriad of reasons a password is more secure than your fingerprint, but a simple explanation has two pillars of contention. One is that if your fingerprint is ever compromised (think of all the things we touch during a day) you can’t change it like you can a password. Apple has went to great lengths to ensure that this “never” happens by using an incredibly awesome chip in the new 5S.
The A7 chip provides the level of security needed to properly implement a fingerprint scanner because it has a never before seen secure enclave on the chip that nothing besides the hardware, more specifically the fingerprint scanner, has access too. This makes hacking and decryption exponentially harder.
The second reason security experts will chide fingerprint scanners is the ease of hacking them. The Chaos Computer Club has already bypassed Apple’s TouchID. This hack doesn’t seem incredibly complicated, but it will take more than just watching a Youtube video. CCC goes on to explain,
“In reality, Apple’s sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake.”
The last issue that you will see brought up by TouchID bashers are the legal ramifications. Currently, one is protected in the US from divulging their password against their will because of the Fifth Amendment. However, this type of protection is not extended to biometric passcodes, you know something like a fingerprint.
For better or worse TouchID and biometric passcodes are here to stay. Furthermore, I am willing to postulate that in two to three years every smartphone and laptop will have some form of biometric security. It might not be as secure as the iris scanner you receive from Bank of America (you need 10MM or more in your account), but definitely just as cool. Video killed the radio star, but will TouchID kill the password?
Will you enable TouchID? If no, why not? Let me know in the comments.