US senator concerned about Apple fingerprint tech (Update)

Sep 20, 2013 by Bree Fowler
A woman woman stands in line, outside the Apple Store on Lincoln Road in Miami Beach, Fla., Friday, Sept. 20, 2013. Friday is the first time Apple is releasing two different iPhone models at once. (AP Photo/J Pat Carter)

A U.S. senator is asking Apple for more clarity on privacy and security concerns he has with its use of fingerprint recognition technology in the new iPhone 5S.

The iPhone 5S, which went on sale Friday, includes a fingerprint sensor that lets users tap the phone's home button to unlock their phone, rather than enter a four-digit passcode.

But Sen. Al Franken said that the fingerprint system could be potentially disastrous for users if someone does eventually hack it. While a password can be kept a secret and changed if it's hacked, he said, fingerprints are permanent and are left on everything a person touches, making them far from a secret.

"Let me put it this way: if hackers get a hold of your thumbprint, they could use it to identify and impersonate you for the rest of your life," the Democrat said in a letter to Apple CEO Tim Cook.

Apple Inc. officials didn't immediately return an email seeking comment on Franken's letter.

But the Cupertino, California, company has said that this kind of technology significantly boosts security for users.

A customer examines a new iPhone 5s at the Nebraska Furniture Mart in Omaha, Neb., on Friday, Sept. 20, 2013, the day the new iPhone 5c and 5s models go on sale. (AP Photo/Nati Harnik)

According to Apple, the fingerprint data is stored on the phone in a place that's inaccessible to other apps and to Apple's remote servers. Apple also has put in a number of safeguards, including requiring a passcode after a restart and 48 hours of inactivity. In addition, Apple says it's not possible to take an existing fingerprint and convert it into something the phone will recognize, as the sensor reads a sub-epidermal layer of the finger.

Joe Schumacher, security consultant at Neohapsis, said Apple's fingerprint technology seems different and possibly more accurate than older readers, so most people shouldn't need to worry. But he said it could still be "a risk for any possible targeted individual," and much of the risk comes from not knowing many details.

"There is a big security risk with Touch ID without explicit understanding of how Apple is handling this data from storage to sharing with other entities," he said in a statement.

Meanwhile, anyone worried about fingerprint scan has the option of disabling the feature and sticking with the passcode.

Explore further: BofA to refund Apple Pay customers charged twice

3.2 /5 (9 votes)
add to favorites email to friend print save as pdf

Related Stories

iPhone 5S fingerprint scanning: Thumbs up or down?

Sep 13, 2013

Technology to acquire and use biometric data such as fingerprints has been around for several decades and has made its way from forensic investigation to laptop computers – and now, with this week's introduction ...

Review: iPhone fingerprint sensor worth extra cost

Sep 18, 2013

Passcodes are such a pain that I've relaxed the security settings on my Android phone. I'm willing to forgo the extra safety, just so I'm asked to punch in the code less often. When I got my hands on Apple's ...

Recommended for you

Tablets, cars drive AT&T wireless gains—not phones

9 hours ago

AT&T says it gained 2 million wireless subscribers in the latest quarter, but most were from non-phone services such as tablets and Internet-connected cars. The company is facing pricing pressure from smaller rivals T-Mobile ...

'Silicon Beach' brings tech boom to Los Angeles

12 hours ago

So long Silicon Valley. These days entrepreneurs and engineers are flocking to a place better known for surfing waves than the Web. Amid the palm trees and purple sunsets of the Southern California coastline, ...

User comments : 4

Adjust slider to filter visible comments by rank

Display comments: newest first

210
1.3 / 5 (14) Sep 20, 2013
Haha...Oh yes, yes, YES! The government has been ineffectual for just about every single thing we expect government to do. Hey, you did not have to tell me, " the Democrat and former comedian said in a letter to Apple CEO Tim Cook." They are ALL comedic, ALL OF THEM..hahaha. These are the only people who show up for work, when they get ready, and make everyone else on earth laugh but they are NOT circus clowns..now Canadian comics, oops, I mean Senators, are starting to make US Senators look a little bit better, but, it IS a race to the gutter/bottom/septic tank.
You look at government, and then look at organized crime...what is the difference...!???
YOU ELECTED ONE OF THEM!

word-
Argiod
1.9 / 5 (14) Sep 20, 2013
Indeed, and has good reason to doubt its utility.
Adam and Jamie on Mythbusters has already shown there are several ways to defeat the best fingerprint readers available. I wouldn't want my private information secured so lightly...
YankInOz
not rated yet Sep 21, 2013
It appears that Sen. Franken has done very little research as to how the technology works with the iPhone 5s. But what do you expect, it's difficult to actually read what Apple has publicly published about it. It is not a fingerprint scanner - it is more and after having followed the process of setting up the security on my iPhone with the fingerprint system, I can say that it works and works well. I even tried to use a different finger on my same warm body and it would not open it.

Franken needs to get a life. He was/is a lousy comedian and he sure isn't much of a public servant. His books were even boringly not funny. I guess he is still hoping for his 15 minutes of recognition beyond a bag of hot air.

If he isn't going to actually research a topic before he gasbags about it, then why bother? Oh, that's right, he is a politician. When there is a public stink, I wonder what is going on in the back room.
Dug
1 / 5 (6) Sep 22, 2013
Franken is correct regardless of personal political or comedic perceptions of his success or not. Regardless of finger print brand reading technology - a stand alone reader can be easily by-passed with a fingerprint stolen and transposed to an appropriate material and placed on an imposters finger over their own - body temp. etc still read normal and is surprising simple to implement. The only way around this, is to have some other secondary authenticating biometric scanning process (retinal, dna, etc.) to verify the fingerprint is in the possession of the owner.
I'm all for getting rid of the nuisance of constant and often unnecessary password verification, but fingerprint reading alone is no silver security bullet and only keeps the casual/amateur thief from accessing your information and ultimately your wealth.