Sunday 29 September 2013

Hacking Apple

Apple’s new iPhone 5s comes with a fingerprint sensor, called TouchID. Apple says it promotes the use of the TouchID as an easy and secure way to protect information and privacy given that some 50% of smart phone users who do not secure access to their phone with a passcode. Its fingerprint sensor, built into the iPhone 5s is about the same thickness of a human hair.  The claimed accuracy for their software is that there is only a 1 in 50,000 chance of someone else’s fingerprint being mistaken for one which is registered in their system.

However, despite Apple’s lofty claims, it took only days before hackers in Germany had successfully foiled the TouchID. Using high res photographs, laser printing and a film of wood glue, they were able to create a fake fingerprint copy, enabling them to access the iPhone 5s with ease. 



But that should not come as a surprise. Fingerprint spoofing has been around for quite some time, and recipes for obtaining and faking fingerprints using little more than silicon and gelatine abound on the Internet. Apple’s TouchID is more difficult to hack because of the higher resolution and subsequent higher number of match points checked. But that does not mean their system is fool proof.

So while the TouchID is a reasonable way to protect non-confidential data, you should use multiple methods to secure confidential and high-worth data. Use a combination of fingerprint and passcode or other biometrics such as voice or facial recognition.

Apple may do well to look at how education giant Pearson ensures security at its testing centres. Pearson uses palm vein scanning, a biometric that is much more difficult to hack.  Combined with other security and identity processes, it ensures an extremely high level of confidence in their protocols. This is used in the delivery of a number of high stakes tests, including PTE Academic, a product that I was closely involved with, pre and post-launch, during my time with Pearson.

No comments :

Post a Comment