This is the year Apple [AAPL] will see its mobile security tested as never before as focus turns to undermining Touch ID. This will quickly extend to attacks at other vectors within iOS security -- it stands to reason, because:
Touches a nerve
- Apple's iPhone 5S brings us the first mass market biometric authentication service -- sure, it's not the first such solution, but it is the first to be deployed on such a scale.
- Apple's Android opponents just hate the embarrassing comparisons between Android and iOS security. They want to pull Apple from its perch. They're really motivated to do this: only Samsung's Knox devices have been approved for military use.
- Hackers have already undermined the authentication system twice.
The story has begun. This week we learn hackers from the so-called Chaos Computer Club in Germany have bypassed the biometric security of Apple's Touch ID using nothing more than a sheet of glass and an insanely high-resolution camera.
CCC claim they achieved this through "everyday means" but the camera used to capture the image of the finger is not an everyday camera. I look forward to the attempt being verified elsewhere.
Last week another hacker figured out how to use Control Center to undermine device security.
Apple will be playing cat and mouse with researchers intent on breaking its device security forever from now on.
It is quite good at delivering software patches to address security concerns (though it hasn't always been timely), that's why its OS X and iOS have such great reputations for security.
Apple's users are swift to install software updates -- that's a big advantage in contrast to competitors.
Until relatively recently black hat hackers would not target Apple devices, turning instead to Windows. This was replicated for a while when hackers looked to Android, but having broken the flawed security model of that platform they're looking to the platform people actually use -- potentially on strength of expectation Apple will deliver payment services via its devices at some point.
You only need to follow the money to understand this. Apple's platform is seen as secure. Hackers aren't altruists, (at least, not all of them), they want to undermine device security in order to seize your precious log-ins, personal information and bank account details.
Apple says you should use Touch ID in conjunction with your existing device log-in, which makes sense to me: two layers of security have to be better than one. Sophos agree with me.
Through introduction of Touch ID Apple has raised a red flag to the security community, who are desperate to undermine its authentication system. This makes it inevitable Apple will see its security models undermined from time to time.
Apple's reputation as a secure platform won't depend on these insecurities being found. It will depend on how swiftly the company can respond to them. Any plans to deploy Touch ID on Macs or to deliver some form of payment system will also depend on its success in this.
Eyes are on the company now as it is asked to respond swiftly and decisively as each new threat is identified. Will its platforms retain their reputation for security in 12-months time? The answer to that question really is Apple's to provide.
Google+? If you're one of those who likes to use social media and also happen to be a Google+ user, why not join AppleHolic's Kool Aid Corner community and join the conversation as we pursue the spirit of the New Model Apple?
Got a story? Drop me a line via Twitter or in comments below and let me know. I'd like it if you chose to follow me on Twitter so I can let you know when these items are published here first on Computerworld.