iPhone 5S, 5C, iOS7 Provide New Mobile Security Features

 
 
By Robert Lemos  |  Posted 2013-09-10 Email Print this article Print
 
 
 
 
 
 
 

Apple introduces the iPhone 5S with a fingerprint reader, and its iOS 7 operating system update will prevent wiping without knowing the user's credentials.

Apple added two new iPhones to its lineup Sept. 10: the iPhone 5C, a colorful consumer device with a lower price tag, and the iPhone 5S, its typical aluminum-body top-of-the line model. But two new security features have garnered the attention of experts.

The high-end iPhone 5S includes a fingerprint reader, TouchID, that can unlock the phone at the touch of a finger or approve purchases on Apple's store. In addition, Apple's next operating system for the iPhone, iOS 7, will require that a user enter in their Apple ID and password to turn off the Find My iPhone service or to wipe the phone, the two first steps taken by thieves when they steal a device.

The fingerprint sensor is perhaps the most exciting feature, Adam Ely, co-founder of enterprise mobile security startup Bluebox, said in a statement to eWEEK.

"Even though some laptops have come with fingerprint scanners for many years, the need and application integration wasn't strong enough for enterprises to implement," he said. "Mobile may breathe new life into this technology, giving both end users and enterprises big wins."

Yet the feature has to solve two major issues. First, the fingerprint sensor has to be reliable. If a person tries to log in after swimming, say, and their finger is wrinkled, the sensor may not work. On the other hand, Apple has to solve many of the security problems that have plagued sensors in the past, such as leaking users' biometric information or applying security settings that are not tuned strictly enough to keep out others.

"As Apple well knows, if it's not both reliable and convenient, users will turn it off," Paul Henry, security and forensic analyst at Lumension, a security-management firm, said in a statement.

The fingerprint sensor is embedded in the home button of the iPhone 5S and is comprised of a sapphire crystal surrounded by a steel ring that detects when a finger is placed on the sensor. One good security decision by Apple is to store only the user's biometric on the device, neither making it available to other applications nor sending it to Apple's servers, said Henry.

While biometric authentication has had problems, a good implementation will have better security than protecting a device with a password, because people frequently choose poor passwords, Dirk Sigurdson, director of engineering in vulnerability-management firm Rapid7's mobile security group, said in a statement.

"Because weak passwords are often used, assuming the iPhone fingerprint reader and matching algorithm do a good job of protecting against fake fingers, biometric authentication should overall improve the security of iOS devices," Sigurdson said.

The fingerprint sensor should help lock phones so that the data cannot be accessed when the phone is lost or stolen. In addition, Apple has added more security to the phones so that thieves cannot wipe the devices nor turn off Find My iPhone, often a first step after stealing a device.

"Find My iPhone can also continue to display a custom message, even after your device is erased," Apple stated on its Website. "And your Apple ID and password are required before anyone can reactivate it—which means your device is still your device, no matter where it is."

 

 
 
 
 
 
 
 
 

5 Comments for "iPhone 5S, 5C, iOS7 Provide New Mobile Security Features"

  • StopFix September 25, 2013 8:00 am

    This is an effort to prevent new laws that would force telephone carriers from putting a stop to these thefts and reassignment of stolen phones on the networks. If you were able to report your ESN as stolen and all carriers had to block stolen ESN's from working on all the cell systems. Stolen phones would be good for parts only. The finger print system is a start, but I guarantee with 100% certainty a method for wiping the phone and loading either IOS 7 hacked version or a lower hacked version will be released. And then thieves will be right back to it.

  • Farid September 18, 2013 11:17 am

    Currently my iPhone is automatically wiped out after 10 unsuccessful log in attempts. I am wondering if this option is still available if I use fingerprint feature.

  • MRobidoux September 13, 2013 8:07 am

    Rather than dissing Apple asking if they missed the boat on enterprise customers, if you are truly concerned, you should be contacting the companies that create enterprise mobile management software that enterprise customers use -- and ask for their plans and release dates to support this feature. Frankly, eWeek should have done this as part of this article. Just sayin'...

  • Stephen Sharp September 12, 2013 6:03 pm

    Someone needs to do a cost /benefit analysis on these phones and then half the price to make them useable and attractive to purchase. The appear good but are they really, what value do we get from them other then the privilege of paying the ISP for the service.

  • AA September 12, 2013 6:06 am

    After reading this article, I contacted Apple Support to inquire about the magnitude of the Apple ID requirement to wipe a device. At the moment, one can wipe a device via Exchange Server which does not require knowing the Apple ID. Apple IDs are limited to 10 devices per ID. Imagine a company that owns more than 50 devices and permits users to maintain their own Apple IDs. Either the company must maintain 5 Accounts or they will not be able to remotely wipe a device with IOS 7. Am I missing something or did Apple miss the boat once again for enterprise customers?

Leave a Comment

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel