- Jan 8, 2011
- 22,361
Live Updates:
http://www.telegraph.co.uk/technology/apple/iphone/10299184/iPhone-5S-and-5C-release-Apple-event-live.html
http://www.telegraph.co.uk/technology/apple/iphone/10299184/iPhone-5S-and-5C-release-Apple-event-live.html
14.45: Marc Rogers, Principal Security Researcher at Lookout, has put together a list of the pros and cons of fingerprint technology. He says:
Quote Fingerprints can be a useful addition to security but their value depends highly on the type of fingerprint reader and how it’s is being used - for example the best use of a fingerprint is to provide a convenient way to unlock something in a medium to low security scenario.
Pros:
- You always have your finger print with you.
- A high entropy fingerprint reader is better than a 4 digit pin code.
- It’s easy to use.
Cons:
- It is already possible to lift and duplicate fingerprints and this technology is only going to improve with time. As such its suggested that fingerprints should not be used as the sole credential in a high security scenario unless enhanced through the use of a PIN code or other secondary factor of authentication.
- Thieves in some regions have worked out that you can force a victim to unlock a secured device, and in some extreme cases have also mutilated victims in order to steal their fingerprint.
- Low entropy fingerprint readers provide little benefit over a 4 digit pin code.
The best way for a manufacturer to leverage biometric security features such as a fingerprint would be for them to use this as a foundation from which additional security can be built into device features. Unlocking a device with a fingerprint, if done right, can be much more convenient than entering a pin code multiple times a day. However as mentioned in the "cons" above, the risk of a replay attack cannot be ruled out and as such it would be best to see this feature offered as an enhancement to existing pin/passphrase security.