September 23, 2013
Senator Contacts Apple CEO Over Touch ID Security Concerns
redOrbit Staff & Wire Reports - Your Universe Online
Franken, who is the chairman of the Senate Judiciary Subcommittee on Privacy, Technology and the Law, said that Touch ID raises “substantial privacy questions” and security-related concerns, according to a BBC News report published Friday.
Touch ID allows iPhone owners to use their fingerprint to unlock their phone, rather than using a more traditional method like entering a four-digit code, explained Associated Press (AP) reporter Bree Fowler. Rather than making the mobile device more secure, however, Franklin believes that it could lead to a potential nightmare for iPhone 5S owners.
According to Fowler, the Minnesota Democrat believes that Touch ID “could be potentially disastrous for users if someone does eventually hack it. While a password can be kept a secret and changed if it's hacked, he said, fingerprints are permanent and are left on everything a person touches, making them far from a secret.”
It could also allow cybercriminals to use the fingerprint “to identify and impersonate you for the rest of your life,” Franken wrote to Cook. He has asked the Apple CEO to address several issues, including whether or not the encrypted fingerprint data could be stolen and converted to a usable form by hackers, whether or not the phone transmits diagnostic information about Touch ID to Apple or a third-party, and the legal status of the data.
“Franken makes clear that he understands that Apple has ensured that an iPhone 5S’s fingerprint data is stored locally on its A7 chip and is not only encrypted, but blocked from third-party apps,” explained Forbes staff writer Parmy Olson. “Ironically, the information that Franken is asking for could be just the details that crackers need to exploit Touch ID.”
Of course, hackers are already attempting to crack the fingerprint technology. Olson reports that security researchers Nick Depetrillo and Robert David have set up a website tracking the status and posting bounties associated with attempts to “reliably and repeatedly break into an iPhone 5S by lifting prints.”