Apple says the fingerprint scanner on the new iPhone is one of the best passwords in the world, but Sen. Al Franken is worried that any hacker who cracks the code could impersonate someone for life.
Hours after the iPhone 5S went on sale, people were still lining up outside the Apple Store in Uptown to get their hands on the new iPhone, but one of the new features is raising red flags about the security that is about to be at the fingertips of millions. In addition to the usual four-digit password, the iPhone 5s new fingerprint reader, called Touch ID, can unlock the phone.
Apple says the fingerprint data is stored and encrypted on the phone's hard drive, but in a letter to the company, Franken questioned the safety of keeping the data there and wondered whether it would be possible to retrieve it physically or remotely from the phone. He also wants to know whether Apple plans to allow third-party apps to access the Touch ID information.
"Don't think of it as a security feature," Bruce Schneier, a world-renowned cyber security expert who recently wrote about Touch ID, recommended. "Think of it more as convenience."
Although Schneier believes the fingerprint scanner will encourage more people to lock their phones, he doubts it will deter thieves from targeting them.
"If someone steals your phone, they want to zero it and resell it. They'll be able to do that whether it's secured with a four-digit PIN or fingerprint or nothing at all," he said.
Schneier said the real danger with storing fingerprint data comes when they are kept in a centralized database that becomes a tempting target for hackers. As long as Apple avoids doing that, he said he'll avoid pointing fingers at a possible security breach.
"As long as they are stored locally on the phone and as long as they are numerical representations that can't be reversed into fingerprints, it's a lot safer," he explained.
The biggest predicted risk is that someone may be able to use fingerprint information to authorize online purchases with an iPhone, and it may just be a matter of time. A security researcher is offering more than $16,00 to the first person to hack the fingerprint scanner.
Franken has asked Apple to respond to his request in the next month.