Biometrics are essential to the long-term success of mobile computing. The obvious place is in security: Swipe your finger instead of typing a password. This is convenient—but worrisome.
Apple’s new iPhone 5s incorporates a fingerprint scanner. The phone’s Touch ID features have been receiving lots of news coverage because it’s from Apple, but it’s not the first fingerprint unlock, not by a long shot. My Motorola Atrix, released in early 2011, had a very effective fingerprint scanner. Laptops and other devices have had those as well for several years.
There are other ways of incorporating biometrics into mobile computing. Wearable bio sensors, like the Fitbit and the FuelBand, are hot holiday gift items: they can keep track of your pulse, sleep pattern, steps and more.
Right now, those devices are used primarily for fitness. But biometrics clearly are part of a multiphase security plan. Imagine having your unique heartbeat electrical pattern unlock your phone!
The best security schemes incorporate “something you have” with “something you know.”
My family has a safe deposit box at a local bank. Instead of asking a bank teller for access to the vault, we now walk over to the vault, place our palms on a reader, and tap out an access code number on a keypad. Click. We’re in. Biometrics.
Beyond fingerprints and handprints, iris scanners are real and growing in popularity, though I don’t believe there’s a mobile version yet. Movies like “Minority Report” and the upcoming “The Lost Symbol” demonstrate, albeit in grisly fashion, the scary downside of security biometrics without requiring an access code. Similarly, “The Dark Knight Rises” shows off an expensive loophole in fingerprint scanning.
There are a lot of privacy concerns regarding biometric data. Forget the gory details: Imagine a man-in-the-middle attack, or a straightforward hack or theft. What could someone use your biometric signature data for? As Gandalf would say, is it secret? Is it safe?
In “iPhone 5s: About Touch ID security,” Apple attempts to assure you that your data is both secret and safe:
Touch ID does not store any images of your fingerprint. It stores only a mathematical representation of your fingerprint. It isn’t possible for your actual fingerprint image to be reverse-engineered from this mathematical representation. iPhone 5s also includes a new advanced security architecture called the Secure Enclave within the A7 chip, which was developed to protect passcode and fingerprint data. Fingerprint data is encrypted and protected with a key available only to the Secure Enclave. Fingerprint data is used only by the Secure Enclave to verify that your fingerprint matches the enrolled fingerprint data. The Secure Enclave is walled off from the rest of A7 and as well as the rest of iOS. Therefore, your fingerprint data is never accessed by iOS or other apps, never stored on Apple servers, and never backed up to iCloud or anywhere else. Only Touch ID uses it and it can’t be used to match against other fingerprint databases.
That doesn’t mean that it’s not scary, or invulnerable to interception. Still, despite these concerns, the rise of biometrics is apparently unstoppable. According to a new report from Frost & Sullivan, “Innovations in Biometrics for Consumer Electronics”:
Fingerprint recognition will remain the leading biometric technology used in consumer electronics due to its convenience, cost-efficiency and quick ROI. Iris recognition and multimodal biometrics will rapidly grow in the next three years due to their accuracy, although the high cost and large size of iris recognition systems may hinder widespread uptake. Voice and face recognition technologies likewise should find higher usage depending on the security requirement of the application.
Are you using biometrics, either as a consumer or as a developer? What do you see as the opportunities and dangers of this approach? Write me at alan@camdenassociates.com.
In last week’s Take, “Protect Your Developer Data,” I wrote about replacing a failed disk in a 3-year-old RAID array. A reader, Keith Brown, suggested preemptively replacing all the disks in the array after the first one fails, on the theory that if one disk is wearing out, the rest may soon follow. It’s great advice, and the cost is minimal. The trick is to replace one disk at a time: Swap one out, wait for the array to rebuild, swap another one out, rinse and repeat. Thank you, Keith!
Alan Zeichick, founding editor of SD Times, is principal analyst of Camden Associates.