Using Your Fingerprint to Unlock Your Cellphone – Apple’s Touch ID

On September 20, 2013, Apple finally released its new phone product, the iPhone 5s. With all the commotion and roar about this new phone and its features, many consumers do not stop and think about the privacy concerns that might be attached with all the high-tech features of the phone, primarily the fingerprint scanner. The fingerprint scanner, known as Touch ID is the newest feature on the iPhone 5s.  To learn more about Apple’s Touch ID, see http://www.apple.com/iphone-5s/features/.  The Touch ID is located on the home button, and allows a person to use her fingerprint I.D. to unlock her phone. While this new fingerprint system might seem like a very innovative creation, questions arise as to the privacy concerns regarding this new invention.

What exactly is the Touch ID? When an iPhone user is setting up her new phone she is directed to the set up her Touch ID by placing her finger on the home button while the phone reads her fingerprint. Once the iPhone reads and memorizes the fingerprint, only her print will be able to unlock her phone and she will not have to use a passcode to access her phone. In addition to unlocking her phone, the Touch ID can also be used to make purchases from iTunes Store, iBooks Store, and the App Store.

The Touch ID is beneficial because every person has a different fingerprint and there are no two fingerprints that are the same. This means that if a phone is stolen, most likely, a stranger will not be able to access the phone through the Touch ID and will only be able to access the phone if he breaks in with the passcode.  One main privacy concern is what happens if a hacker gets ahold of an individual’s fingerprint? A question that needs to be asked is where is the user’s fingerprint information stored? Apple says that the information is being stored in an encrypted format, rather than on the Apple servers or iCloud, and third party applications are being blocked from accessing that information. Yet, there is no guarantee that a hacker will not be able to access that information and steal an individual’s fingerprints.  The problem is that fingerprints are public. They are left everywhere, on everything that a person touches. If a hacker really wanted to steal your fingerprint, there are many other ways that he could achieve this rather than trying to hack your phone.

After the release of the iPhone 5s, Arturas Rosenbacher, co-founder of I/O Capital Partners, as well as security researchers, Nick de Petrillo and Robert David Graham, launched a hacking contest, which would award the first person to hack Apple’s Touch ID fingerprint technology. A team of hackers from Germany bypassed the fingerprint scanner two days later by creating a replica of their fingerprints, which allowed access to the phone.    For further details on this hacking contest, see  http://www.examiner.com/article/iphone-5s-touch-id-fingerprint-security-broken-within-days-of-hacking-contest.  However, as of now, there have been no reported incidents where a hacker was able to steal a user’s fingerprint through the Apple server.