Mobile payments may not be anything new, but according to Arstechnica, there has been a significant surge in the adoption of the system in recent months. If Apple had read the trend as a good omen for Apple Pay, its checkout alternative, it would surely be reassessing its expectations going into the future. As it turns out, an ex-boss of a top spy agency, has raised concerns about the use of biometric technology in smartphones, raising some serious questions over its security. The paranoia is slightly contagious, considering the man’s past professional and his ownership of a company that sells mobile biometrics software.
Biometric system security questioned
BBC has reported that Sir John Adye, retired chief of the British intelligence and security organization Government Communications Headquarters (GCHQ), is eyeing use of biometric data in smartphones with suspicion. Addressing the Parliament’s science and technology Parliamentary Committee, he questioned the security protocols that mobile makers such as Apple and Google have put in place to protect users’ biometric information used in online transactions. One of his biggest concerns was that despite his familiarity with the technology in question, he was struggling to figure out just what the smartphone companies do with the biometric data he shares with them. They could be doing anything from using such information for target advertisement to selling them to foreign companies, or even hostile governments. Citing the example of ATMS and credit cards, he pointed out that the biometric system is protected by the bank through not just some automated process, but also through physical supervision. In the case of smartphones, however, such a protocol is noticeably missing, thus giving rise to high uncertainty and potential risk.
Making a point with iPhone 6
With the Apple Pay app still hot in the online payment scene, it’s was only a matter of time before someone pointed a finger at iPhone’s security protocols for biometric data. Adye was all praises for Apple’s serious attitude towards security, but he was hardly convinced by the tech giant’s efforts to make the integration of the new payment system into its flagship phone foolproof. He noted that although users are required to check certain boxes while making payments through their device, due diligence is not always exercised. In his opinion, some users are even unaware of the significance of being careful or consequence of the potential threats. While expressing satisfaction over the security measures in place to restrict unsolicited access on iPhone 6 and hence the biometric data on it, he wondered if the measures would remain effective if the device was lost or stolen. The ex-GCHQ boss felt that hackers are always coming up with innovative ways to tunnel through what often seem like impenetrable defenses. Therefore, it may only be a matter of time before the absence of physical supervision on the likes of Apple Pay system proves to be a gaping security hole.
The potency of the looming threat
While some may dismiss Adye’s opinion over the use and existing security of Biometric system in smartphones as unnecessary paranoia, it is difficult to completely ignore the weight his warning carries. After all, reports suggesting iPhone 6’s vulnerability to fake fingerprints is already circulating the Web. Although companies integrating such systems into their devices have all sorts of options to mitigate the risk available to them, e.g. confirming if the finger being scanned is made of flesh and has blood pumping around it, hackers don’t take long to find their way around them.
With the hackers hardly ever short on tricks and the growing concern for privacy, the demand for transparency and tighter security in respect to biometric data on smartphones is quite valid. Apple and Google may have given assurances about the security of their online payment system, but can their claims be trusted? The answer to this will only become clear with time.