Apple’s iPhone 5S has had lot of attention since its release, particularly because of its fingerprint recognition system, “Apple Touch ID” which seems to be an innovative security measure in a consumer device. However, a hacking contest was launched (with 16,000 dollars worth of prizes to win), and the first hackers say they have managed to circumvent the system.
As companies with a BYOD policy will soon see these devices enter the workplace, it is important that they understand the risks involved.
U.S. Senator Al Franken has also sent a letter to question TimCook, Apple’s president about Touch ID; in particular, will the data be transmitted to other applications? How are fingerprints protected? Could the impression of a fingerprint be stolen and converted to digital and visual data to be used by hackers and identity thieves?
All these questions remain unanswered by Apple, which means that security is a huge issue. After all, if a fingerprint is stolen, the hacker could then easily impersonate the victim until the end of his life.
Touch ID is the first step towards the democratisation of the fingerprint recognition, it will be increasingly used by all kinds of applications, and therefore security must be a central concern of every business.
If this type of authentication is used in several areas, a thief could impersonate the victim to access various different accounts, for example, access to a cloud account via smartphone or tablet, access to confidential corporate records and online shopping.
But what does it mean for business? It is likely that many employees will buy the iPhone 5S in the weeks and months ahead. In this age of BYOD, it is difficult for many companies to control which mobile devices have network access. This already causes some risk in computer security but would happen if hackers could steal fingerprints of employees, managers and leaders?
The arrival of Touch ID may only cause minor problems at first, since theft would only be possible if the hacker is in possession of the iPhone and the fingerprint at the same time. However, the impact in the months and years to come could be huge: once a fingerprint has been taken, it cannot be changed.
We must act now to ensure security for the future, by creating BYOD policies, which are strict and clear. This policy must define who can connect to the network with what type of device. It should also outline which safety precautions employees should take in order to keep company data safe. It should also be enforceable. Companies need to ensure that their networks are adequately protected from any malicious attack, with robust security software and back-up.