Apple added two new iPhones to its lineup Sept. 10: the iPhone 5C, a colorful consumer device with a lower price tag, and the iPhone 5S, its typical aluminum-body top-of-the line model. But two new security features have garnered the attention of experts.
The high-end iPhone 5S includes a fingerprint reader, TouchID, that can unlock the phone at the touch of a finger or approve purchases on Apple’s store. In addition, Apple’s next operating system for the iPhone, iOS 7, will require that a user enter in their Apple ID and password to turn off the Find My iPhone service or to wipe the phone, the two first steps taken by thieves when they steal a device.
The fingerprint sensor is perhaps the most exciting feature, Adam Ely, co-founder of enterprise mobile security startup Bluebox, said in a statement to eWEEK.
“Even though some laptops have come with fingerprint scanners for many years, the need and application integration wasn’t strong enough for enterprises to implement,” he said. “Mobile may breathe new life into this technology, giving both end users and enterprises big wins.”
Yet the feature has to solve two major issues. First, the fingerprint sensor has to be reliable. If a person tries to log in after swimming, say, and their finger is wrinkled, the sensor may not work. On the other hand, Apple has to solve many of the security problems that have plagued sensors in the past, such as leaking users’ biometric information or applying security settings that are not tuned strictly enough to keep out others.
“As Apple well knows, if it’s not both reliable and convenient, users will turn it off,” Paul Henry, security and forensic analyst at Lumension, a security-management firm, said in a statement.
The fingerprint sensor is embedded in the home button of the iPhone 5S and is comprised of a sapphire crystal surrounded by a steel ring that detects when a finger is placed on the sensor. One good security decision by Apple is to store only the user’s biometric on the device, neither making it available to other applications nor sending it to Apple’s servers, said Henry.
While biometric authentication has had problems, a good implementation will have better security than protecting a device with a password, because people frequently choose poor passwords, Dirk Sigurdson, director of engineering in vulnerability-management firm Rapid7’s mobile security group, said in a statement.
“Because weak passwords are often used, assuming the iPhone fingerprint reader and matching algorithm do a good job of protecting against fake fingers, biometric authentication should overall improve the security of iOS devices,” Sigurdson said.
The fingerprint sensor should help lock phones so that the data cannot be accessed when the phone is lost or stolen. In addition, Apple has added more security to the phones so that thieves cannot wipe the devices nor turn off Find My iPhone, often a first step after stealing a device.
“Find My iPhone can also continue to display a custom message, even after your device is erased,” Apple stated on its Website. “And your Apple ID and password are required before anyone can reactivate it—which means your device is still your device, no matter where it is.”