I’ve had a day or two to play with my new iPhone 5s, and the fingerprint scanner is one of the nicer things about it. I like the added security of being able to unlock it with my fingerprint, because I was one of those people who could never be bothered to have a passcode on it before.
Of course, the news of the day is that some inventive folks in Germany have managed to unlock one of the phones by lifting a print from the glass of the display and using a variety of fairly low tech steps to create a false thumbprint from it. This should come as no surprise to anyone who understands how fingerprint sensors work. The 5s does more than some to prevent spoofing, but pretty much no fingerprint scanner is impervious to a determined attack.
What is sad to see is the conclusion that these hackers (and the press) have drawn. “Fingerprints aren’t a good method of securing data. You should never use something that you can’t change as a password. Always practice two-factor security policies.” Of course, if someone really wants to break into your phone, and is willing to expend the effort to do it, they can. If someone wants to break into a typical house, they can. If someone wants to steal your car, they can.
Let’s focus in on the house analogy. Now, if you wanted to, you could put heavy bars on all the windows, put in steel doors with heavy pick-resistant deadbolts, have a serious alarm system installed. It would cost money, make your house uglier and perhaps harder to get in and out of, but it would probably deter all but the most extreme burglars. However, the game isn’t about making your house invincible, it’s about making it difficult enough to bias the thieves toward someone else’s home.
Similarly, the game with a smartphone isn’t about making it impossible to break into. If you wanted to, you could enable the advanced passwording on any modern iPhone, set a 10-20 character “strong” password with a short timeout window before the device locked, and be pretty certain no one was going to be able to steal your data. But almost no one would go to that level of inconvenience for a device that people use so frequently and depend on so much. The fact that most people won’t even set a relatively insecure four digit passcode confirms that. A fingerprint is convenient enough, and provides just enough security to deter the typical criminal.
What it comes down to is probability and common sense. The likelihood that anyone is targeting you specifically to steal your data is pretty low, unless you’re Jack Bauer or Edward Snowden. In order to posit that the fingerprint scanner isn’t good enough for the intended job, you have to imagine a new breed of smartphone thief that has become proficient at lifting fingerprints off of iPhones and creating simulated ones, and doing it before people notice that the phone is gone and remotely wipe it. And the payoff for these thieves could be pretty low, outside having an unlocked iPhone to sell, since the big payoff would require there to be data on the device worth something. Remember that most financial applications still require a second level of passwording.
Stealing cell phones is also a relatively high-risk endeavor, since it requires physical proximity to the victim. Most people with any talent of the kind of hackery that simulating a fingerprint would entail would be much more likely to engage in safer activities, like installing fake ATM card skimmers.
The problem is that the people who raise such a hue and cry about the relative insecurity of fingerprint DO think they are the next Edward Snowden, and that they will need insane levels of security to keep the mysterious “THEM” from getting access to their private information. In the end, as usual, XKCD provides the ultimate commentary on the futility of this approach.