Written by Apple has just confirmed that the iPhone 5S will feature a 500ppi fingerprint sensor right in the 5S’ home button
[From Apple’s Touch ID Is A 500ppi Fingerprint Sensor Built Into The iPhone 5S Home Button | TechCrunch]
Here’s an amalgam of the conversations I had with different people following the announcement.
Person: Do you know that fingerprints can be faked? I heard about a Japanese guy who did it with jelly babies or something?
Me: Yes, I know.
Person: Your fingerprints are all over your phone, people could easily steal them.
Me: Yes, I know.
Person: Criminals might be able to find a way to make a fake finger and use it to buy songs on iTunes using your iPhone.
Me: Yes, I know.
Person: Do you know that researchers were able to reconstruct useable 3D models of fingers by accessing stored fingerprint templates?
Me: Yes, I know.
Person: So would you use the new Apple TouchID on your next iPhone?
Me: Of course.
If I sound complacent about the possibility of agents of foreign powers delving into my iPhone, it’s because I am. The Apple TouchID isn’t really about security, it’s about convenience, a point I made on BBC Radio 4’s Today programme. Convenience is something at which Apple excel. When I got on the bus last night, I had to press the home button on my iPhone to wake it up, then swipe my finger to get to the unlock screen, then enter the 4-digit passcode, then touch my Arriva app to display my ticket to the driver. With the new iPhone, when I press the home button to wake it up, it will scan my fingerprint and skip over the swipe and enter passcode stages. That may not seem like much, but when you are at the front of the queue on the bus, or checking it at British Airways, or showing a ticket for an event or trying to show a loyalty card in a shop using Passbook and paying in Starbucks using their app, it will save a few seconds. And there will be a bunch of people who currently don’t lock their iPhones but will because of the fingerprint. That’s it.
Will TouchID be more secure than a 4-digit passcode that can easily be read over someone’s shoulder? Yes. Will TouchID replace 4-digit passcodes? No. You will still have a passcode for the odd occasion when your fingerprint can’t be read or for when your wife wants to look up something on IMDB on your iPhone and can’t be bothered to go into the other room and get her smartphone. Will TouchID make iPhones magically invulnerable and capable of storing your deepest thoughts perpetually and in complete secrecy? No. Biometrics in the mass market are about convenience, not security. As I wrote some months ago:
Apple understands the location of biometrics in the consumer space: convenience, and Apple is all about convenience. Remember, these iPhones aren’t going to be used to launch nuclear missiles or identity people in databases
[From Biometric tick]
Right now, the use of TouchID is limited to unlocking the iPhone and authenticating an iTunes purchases because developers do not have access to the fingerprint subsystem, but I’m sure that (given the competitive pressures as other handset manufacturers adopt similar technology) once the subsystem is tried and tested and tuned and optimised then they will be, so when I open PingIt or PayPal I will find myself using the home button instead of entering a passcode. Crucially, given that Apple’s design influence and media mindshare are significantly ahead of its market share, the TouchID’s deployment is a boost for the whole biometric authentication sector.
Apple’s iPhone 5s Touch ID fingerprint scanning feature will kick off a biometric adoption race
[From Apple’s iPhone 5s Touch ID fingerprint scanning feature will kick off a biometric adoption race – The Next Web]
When it comes to using this kind of technology in retail payments, there are plenty of people experimenting with the options and plenty of experience in customer reaction. Consult Hyperion, for example, advised Natural Security on their system that combines biometric authentication and contactless interfaces.
Today Natural Security, in partnership with Banque Accord, BNP Paribas, Crédit Agricole, Crédit Mutuel Arkéa, Groupe Auchan, Ingenico and Leroy Merlin, has launched a pilot deployment of a new payment method that combines a smart payment card, biometrics and mid-range contactless communication.
[From Announcing the world’s first consumer trial of new payment method incorporating payment cards, biometrics and mid-range contactless technology – Security Park news]
This is what makes me so confident in my prediction that consumers will like, and use, the technology. At the end of the Natural Security trial in France, some 94% of users said that they wanted to pay for all in-store purchases using the fingerprint authentication. A recent WorldPay survey in the UK had half of all shoppers saying that they wanted to use biometrics for payments. Apple’s model — local biometric authentication for the mobile device, wireless communication between the mobile device and the local environment — looks a very sensible one to me.
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers
Let’s start at the end of the blog post.
The link you give doesn’t work but I assume that Consult Hyperion, Natural Security, Banque Accord, BNP Paribas, Crédit Agricole, Crédit Mutuel Arkéa, Groupe Auchan, Ingenico, Leroy Merlin and everyone else must surely want the new biometrics-based payment method being tested to be secure.
The trial might demonstrate that the biometrics-based payment method is ever so convenient but, if it also demonstrates that this payment method is insecure, then the trial will not be declared a success.
Security is what we’re after in payment methods. Some methods will be more convenient than others in the way they achieve security. But one way and another, they’ve got to achieve it.
We might say in this case that convenience is a property of the security.
Now flip back to the start of the blog post.
“The Apple TouchID isn’t really about security, it’s about convenience” and “Biometrics in the mass market are about convenience, not security”.
That’s false, isn’t it. The fingerprint verification is about security. Otherwise, why bother with it? Why have any verification at all? Zero verification = maximum convenience. Better to say that TouchID is about convenient security. And similarly, biometrics in the mass market.
At which point, all the abiding questions about the flaky technology of today’s flat print fingerprinting come back to haunt us.
If you set the false match rate to near-zero, then you get a false non-match rate of about 20 percent.
Apple won’t want 20 percent of their customers bringing their 5Cs back and asking for their money back. So they’ll set the matching threshold low. Which, in turn, means that the false match rate must go up – impostors will be able to fool TouchID into believing that they’re you and will be able to transact as though they are you.
I assume that the Today programme raised much the same points with you?
No Dave, you don’t sound complacent, you clearly are complacent. The vast majority of device users equate biometrics with security and the business community are trumpeting developments like the fingerprint sensor on the new iPhone as the dawn of a new era of simple purchase by device as people will trust (mistakenly) the security of such systems.
As an IT security pro you should rather be warning of the shortcomings rather than acting as a cheerleader for Apple’s “innovation” with the new iPhone. I heard your interview on Today and at no stage did you dispel the myths surrounding biometric security. And your false dichotomy and hyperbole in the posting above is unworthy too: the problem is not “agents of foreign powers” but rather the racing certainty that (i) biometric data will be obtained by those who seek to profit from it financially and (ii) said criminals will find the means to exploit that data.
What will we do then? Fingerprints are a little harder to change than passwords and crypto systems.
Apple themselves make the point that as you can enrol multiple fingerprints some of those can be trusted other users, without having to tell them a pin.
There is indeed a broken link at the end, so if you are interested in having full results on the trial and some information, here is a link to download the file: http://naturalsecurity.com/natural-securitys-pilot-results/
[Dave Birch] Many thanks.
David: I look forward to seeing the FAR/FRR curves for TouchID, but David is surely right: since the purpose is convenience, not security, the FRR will be tuned down, which means the FAR will be tuned up.
Ian: No fair. I had 2 mins, and I didn’t get to pick the questions that John Humphrey’s asked. Post an example of the myth you want me to dispel and I’ll be happy to promulgate it.
Thank you Dave/Romain for the link.
No explanation how biometrics fit into the payment authorisation process.
No information on how biometrics are registered and whether there is a failure rate.
No information on false non-matches or (of course) on false matches.
No information on relative merits of fingerprint and finger vein biometrics.
<hr>
The Hindu, 14 September 2013, How the biometric system has failed hard working people:
QUOTE
The ridges and the patterns that are unique to each individual cannot be detected by the scanner and the screen repeatedly blinks a message stating “match not found”.
UNQUOTE
<hr>
New York Post, 12 September 2013, New iPhone makes biometrics mainstream:
QUOTE
Jonathan Ive, Apple’s senior vice president of design, hinted of its future in a video presentation at the launch.
“Touch ID defines the next step of how you use your iPhone,” he said, “making something as important as security so effortless and so simple.”
UNQUOTE
The security hounds myopically overlook a critical point: the most secure authentication system is worth nothing if no one will use it.
Touch ID is a big step forward.
@David True: unfortunately the myopic security hounds have hacked Touch ID already: http://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid – and the critical point is…?? Yes, security has to be usable but first it has to be secure!