Apple’s new iPhone 5s comes with a fingerprint sensor,
called TouchID. Apple says it promotes the use of the TouchID as an easy and
secure way to protect information and privacy given that some 50% of smart
phone users who do not secure access to their phone with a passcode. Its
fingerprint sensor, built into the iPhone 5s is about the same thickness of a
human hair. The claimed accuracy for
their software is that there is only a 1 in 50,000 chance of someone else’s
fingerprint being mistaken for one which is registered in their system.
However, despite Apple’s lofty claims, it took only days
before hackers in Germany had successfully foiled the TouchID. Using high res
photographs, laser printing and a film of wood glue, they were able to create a
fake fingerprint copy, enabling them to access the iPhone 5s with ease.
But that should not come as a surprise. Fingerprint spoofing
has been around for quite some time, and recipes for obtaining and faking
fingerprints using little more than silicon and gelatine abound on the Internet.
Apple’s TouchID is more difficult to hack because of the higher resolution and
subsequent higher number of match points checked. But that does not mean their
system is fool proof.
So while the TouchID is a reasonable way to protect
non-confidential data, you should use multiple methods to secure confidential and
high-worth data. Use a combination of fingerprint and passcode or other
biometrics such as voice or facial recognition.
Apple may do well to look at how education giant Pearson
ensures security at its testing centres. Pearson uses palm vein scanning, a
biometric that is much more difficult to hack.
Combined with other security and identity processes, it ensures an
extremely high level of confidence in their protocols. This is used in the
delivery of a number of high stakes tests, including PTE Academic, a product
that I was closely involved with, pre and post-launch, during my time with
Pearson.
