Touch ID is a good first step - but it doesn't mean you're protected

By Laura Haight
Originally published in the Upstate Business Journal as The Digital Maven on Oct. 18, 2013 

The new iPhone’s Touch ID system has been the focus of a lot of tech talk over the past few weeks. First there was the excitement about a higher level of mobile security and then the deflation when it took less than a week for some hacker to crack into it.

So, Touch ID, good thing or bad? A step in the right direction, according to the Upstate tech pros I spoke to. But the issue of mobile security goes beyond anything technology itself can do to protect you, according to Ashley Yellachich, co-owner of Yella-Soft, a software and web development company based in Greenville. “Anything that is built,” she says, “can be hacked. It just takes the time and the desire to do it.”

Deverne Werne, owner of Mojoe.Net, agrees: “It is easier to hack now than it has ever been in the history of hacking.”

For Yellachich, whose company is laser-focused on security in its apps and websites, threats, are everywhere. “There’s the digital world and the physical world. You need security in both worlds to be stronger.”

iPhone users should not be disheartened. Although hacked, Touch ID didn’t make it easy. It takes a perfectly clean and unsmudged fingerprint, digitally scanned into a high resolution image. I don’t know about you guys but that sounds very James Bond to me. Not your average street thief skillset. And the Touch ID system only gives you five chances on the fingerprint and then it locks down and requires an unlock code.

A bigger thing in the consumer’s favor is that a thief is going to have to have physical possession of your phone to do all this. So all this scanning and digitizing must be done before you realize your phone has been stolen and initiate the remote lock down or wiping on icloud.com. The odds are definitely in your favor here. Of course, assuming you have turned on the Find My iPhone/iPad feature. Go do that. It’s free.

Touch ID is likely to be just the first of a long line of biometric or behavioral response systems designed to secure mobile devices. A bigger concern is the theft of information over the air - snatching your logins, passwords, bank account numbers, security questions and more right out of thin air. Hard? Hardly. And what makes it easier, both Yellachich and Werne agree, is recalcitrant or uneducated users.  

Look down at that device in your hand. You see what you probably call a phone. But what you are really holding is a computer - and a pretty powerful one at that. At home, your network is protected behind a firewall and you probably have learned to maintain the virus software on your computer. But we don’t think about those same protections on our phones.

Part of the problem is that we are ignorant of the dangers and how our behaviors can make us more likely to be victimized. We learned early in life about not talking to strangers, looking both ways before crossing the street, and staying away from dark and deserted places at night. But there are no such guides in the cyber world where new threats develop every day and security efforts can’t stay apace of new development.

“If the physical world looked like the cyber world,” says Yellachich, “no one would leave their home.”

Amidst all those threats, security functions like Touch ID are important steps, but they alone are not going to be enough. So what are we to do to be safe from the hackers, crackers, exploiters and thieves who are, it seems, everywhere?

Hang on because you aren’t going to like this: You have to get smarter and take more responsibility. “There are no internet police,” says Werne. How well you behave, how careful you are, that’s all up to you. But so are the consequences.

“There are three levels of security,” Yellachich notes, “hardware - where the application data lives; software, which is the code; and the user. Good developers work to secure their applications from the outside. The developer can’t do anything to stop a threat from within.”

If any one of those three levels are not secure, it’s bad. If all three aren’t, says Yellachich, “it’s Christmas.”

--------

In the next Maven column: Steps you can take to protect yourself - and your business - from cyber threats.