Watch CBS News

Should you fear Apple's fingerprint scanner?

Even as Appleannounced Touch ID, a fingerprint-scanning feature, on the iPhone 5S, concerns over privacy and identity tracking began to take shape. In the wake of news that the U.S. government is collecting data from Internet companies and telecommunications lines, it's no surprise that privacy is on the forefronts of peoples' minds.

Speaking about the iPhone 5S at TechCrunch Disrupt Wednesday, Michael Arrington asked Yahoo CEO Marissa Mayer why she liked the "NSA scanner thing." Jokes on the link-sharing community Reddit had punch lines like, "Apple introduced fingerprint scanning -- world's largest name-to-fingerprint database now available without even trying."

iPhone 5S builds security into the home button 01:46

Apple's new iPhone fingerprint scan tech: The end of passcodes? 02:18

Some wondered if the NSA could capture fingerprints that are stored on the iPhone 5S as it traveled through cloud services. For the most part, those fears were quieted following a report that biometric data is stored locally on Apple's smartphone.

An Apple spokesperson told the Wall Street Journal that the company will not store images of fingerprints, but instead will store "fingerprint data" on the phone's encrypted A7 chip.

But what does that mean?

"You don't have to use an image. What you can do is use a mathematical data, like a string of numbers and letters," principle security researcher at security firm Lookout Marc Rogers, who has not yet used the iPhone 5S, told CBSNews.com.

Rogers says that to gain valuable information, a hacker would have to figure out what formula Apple is using to encrypt the data. However, security professionals are generally reluctant to say that anything is 100 percent secure.

"There's always a risk when you have stored credentials anywhere," Rogers says. He adds that there is room for human error.

Like many of the major hacks that are reported, it's usually because a human was tricked into doing something, like clicking on a bad link. A term called social engineering has been coined to describe manipulating people into giving away sensitive data.

It's not just fears that the NSA can access the biometric data on your phone. Fingerprint sensors can be tricked, giving access to any hacker who can bypass the security feature.

"Security implications are going to be what's interesting because in the past it's been fairly easy to trick fingerprint sensors," iFixit CEO Kyle Wiens told CBSNews.com.

Weins and his team are best known for dissecting high-tech devices in order to learn how to fix them. The team at iFixit has not had the chance to take apart the iPhone 5S. But Wiens points out that fingerprint technology has been beaten in the past using simple techniques. In 2002, a Japanese cryptographer Tsutomu Matsumoto used gelatin and a plastic mold to fake a fingerprint.

It's not clear yet how sensitive the iPhone 5S' sensor will be, but Apple has added other security features. According to the Journal, Apple says the phone will still require a pass code to unlock the phone if it is rebooted or hasn't been unlocked in 48 hours.

There is also Apple's permissions model to consider. Apple heavily screens apps built for iOS devices. And the company told the Journal that it is not allowing third-party developers to access the fingerprint scanner.

To Rogers, it's about educating the users about how the technology really works. Of the confusion over Touch ID, he says, "Apple may be tripped up by its secrecy."

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.