Will NSA Hack Your Fingerprints From Apple's Touch ID Fingerprint Sensor?

I applaud Apple for trying to come up with much stronger online security than passwords and for introducing the Touch ID sensor with the release of their new Iphone 5S.

Apple has unveiled its smartphone's latest weapon: a fingerprint reader it's calling Touch ID.

With its move, Apple could end up making the technology commonplace, as rivals might feel compelled to follow suit. It could be only a matter of time before passwords and passcodes are relegated to yesteryear.In making the iPhone 5S one of the first mainstream smartphones in the Western market to include hardware security, Apple has not only declared war on passwords and weak security, but it has begun to reinvent the notion of device and online identity.

The iPhone 5S' fingerprint reader will act as a first line of defense against would-be thieves and hackers -- even intelligence agencies, to a degree -- against identity and content theft, fraud, and surveillance.

The fingerprint data will be stored on the device, and will not be backed up to iCloud, Apple confirmed.

How secure is this new tech?

“If the fingerprint reader tests well, it may be more secure than a four-digit pin. But I’d caution right away, let’s see how it tests and what people come up with to break it,” says Kennedy. “I wouldn’t rely on it solely, just as I wouldn’t with any new technology right off the bat.”

A stolen phone, after all, is usually covered with its owner’s fingerprints, making the job of any would-be cracker much easier. Researchers have found plenty of methods for using lifted fingerprints to defeat commercial fingerprint readers before. One group at the University of West Virginia used sculpted Play-Doh and, in another experiment, cadaver fingerprints in 2002 to trick a variety of optical and conductivity-based sensors. A Japanese researcher copied fingers in gummy-worm like gelatin to fool the sensors of more than ten commercial products. And one episode of the Mythbusters television showdemonstrated that fingerprint readers could be bypassed by licking a piece of latex with a copied print, or even just showing a print-out of the swirl to the scanner on paper.

For now let's say the technology really works and it becomes another huge innovation for online security. Yippee for security, but we did just learn that the NSA violated privacy rules for a number of years:

The documents, released at the DNI's declassification Tumblr, detail a massive overhaul of the agency's collection of phone metadata in 2009 following the discovery that the NSA was improperly checking phone numbers against the database.

Bloomberg reports:

The violations occurred between May 2006 and January 2009 and involved checks on as many as 16,000 phone numbers, including some based in the U.S., said two senior intelligence officials with direct knowledge of how the program operated.

Those checks came from a pre-determined list including numbers that should not have been included. Of the 17,000-plus numbers on the list, only about 10 percent met the necessary standard for inclusion. For a limited time, the FISA Court, which approves any surveillance by the NSA, mandated that any checks against the database be conducted on a case-by-case basis. That database contains data collected under Section 215 of the Patriot Act, the phone metadata gathering that first came to light following the leak by Edward Snowden of a FISA Court document related to the collection of records from Verizon.

And we also know that the NSA has the power to crack pretty much anything out there if it so chooses.

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents. The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.

What's to stop the NSA from stealing our fingerprints off smartphones in the name of stopping terrorism, and then some other agency deciding it needs a helping hand for their cases? You may have never had your fingerprints in a database before, but with what we know now about the NSA capabilities, it could be you're only a scan away from changing that forever.

Just something to think about --and another reason to demand the NSA be made to stop hacking all our personal data whenever they feel like it.

Comments

We welcome relevant, respectful comments. Please refer to our Terms of Service for information on our posting policy.