Monday, December 16, 2013

Will the iPhone 5s Thumbprint Scanner Be the Answer for BYOD Security?

Organizations and enterprises are looking for innovative solutions that will enable them to implement secure BYOD (bring your own device) policies.

These BYOD policies must not only help them make employees more competent and productive, they must ensure that corporate information remains safe and secure as well. Employers have to find a delicate balance that maintains security but allows employees to easily accomplish their tasks without being subject to cumbersome processes and undue restrictions. Many companies are hoping that the recent introduction of the biometric fingerprint scanner feature on the iPhone 5s can help them solve this challenge. But, is this new security feature from Apple a real answer to their problems? 

As noted by several technology experts, there are pros and cons to using Apple’s new security feature. According to Ars Technica, a trusted online source of IT news and technology analysis, one of the main advantages of Apple’s Touch ID is that it uses and reads high-resolution fingerprint images, making it difficult for casual spammers and hackers to get access to the device by developing a clone from a smudged fingerprint found on a regular surface. Nevertheless, Ars Technica warns users that determined and experienced hackers may still be able to develop accurate clones and gain access to the device, especially if Apple doesn’t require a two-factor authentication, in conjunction with a standard password login for example. As a matter of fact, there have been many reports that a group of hackers called Chaos Computer Club has found ways to hack the new Touch ID on the iPhone 5s.

The biometrics hacking team from Chaos Computer Club showed that the iPhone 5s’s biometric fingerprint scanning is by no means a strong defense against a skillful and committed criminal. Since people leave their fingerprints everywhere, skillful, patient and determined criminals can bypass Apple’s biometric fingerprint ID.

Many technology professionals agree that Apple’s Touch ID is not the robust data protection feature that many enterprises and regular consumers have hoped for. Joe Schumacher, a consultant for mobile-security firm Neohapsis, told CNN "The fingerprint reader is more of a sales tactic than a strong security enhancement", Dino Dai Zovi, co-author of "The iOS Hacker's Handbook", added that if someone were trying to hack an iPhone 5s, he would first try to lift prints from elsewhere on the device "and figure out how to replay those to the sensor to log in to the person's phone". However, others contend fingerprints on the device are typically smudged and lifting a clean thumb print is especially difficult. On top of that, the hacker will have to figure out which is the correct fingerprint. Apple has set the system so that after five unsuccessful fingerprint matches, the Touch ID will not work and the user will be required to enter their passcode.

It must be pointed out that the Touch ID feature does save users valuable time unlocking their device and is preferable to users not using a password or any other type of login authentication. It also helps protect the phone from theft from your average street thief and from a phone that has been accidentally left behind – both of these situations are far more common for your average user than encounters with thieves with CSI-level skills.

As companies attempt to boost their data loss prevention tactics in the world of BYOD, they should not rely heavily on a single source of security. A sophisticated enterprise-grade data protection control center and technology is critical for protecting vital pieces of information that are accessed through mobile devices.

CIOs have realized that a mobile business app provider with a full-scale MDM solution can assist the enterprise in securing and managing their vital corporate information. No matter who’s the vendor, fingerprint unlocking is only part of the solution in a BYOD world. Only with a more comprehensive MDM control, will enterprises be able to solve security issues concerning BYOD in a robust, scalable and future-proof way.

Idan Hershkovich is Online Marketing Manager at Magic. He’s an early mobile adopter and an Apple fanatic. 
Magic provides powerful and versatile enterprise-grade, application, enterprise mobility and data integration solutions.