Apple iPhone 5S gets a fingerprint reader, but how secure is it?

Apple’s new flagship iPhone 5S includes a biometric fingerprint reader, a simple way to unlock the phone with a touch -- but don’t assume that means it will be more secure than other smartphones.

Security experts contacted by were quick to dismiss the new “Touch ID” sensor, calling it little more secure than the ordinary password.

“When you go to a bar and get a beer, you leave them your fingerprints. Biometric data makes a really poor security feature for that reason,” explained Dave Aitel, CEO of security firm Immunity Inc.

“Your fingerprint is not a secret,” he added.


More On This...

The new iPhone 5S, unveiled at an event Tuesday at Apple’s Cupertino, Calif. headquarters, has the new sensor built into the home button. It uses a laser-cut sapphire crystal together with a capacitive touch sensor to take a high-resolution image of your fingerprint and can recognize it to unlock the phone.

All fingerprint information is encrypted and stored securely inside the A7 chip on the iPhone 5S; it’s never stored on Apple servers or backed up to iCloud, the company says.

But the best security features can be changed, Aitel said -- a password you can alter every few months, or a pattern you can periodically revise, as on phones powered by Google’s Android operating system.

“The Android lock pattern is actually an amazingly good security feature. People like using it, it’s semi-interesting, it’s easy to remember,” Aitel told You can’t change your fingerprints.

“It’s fun, it’s cool, but it’s not a game changer,” agreed Ehsan Foroughi, director of research at Security Compass. “You still worry about malware, you still worry about your iTunes account getting hacked, you still worry about all the other stuff,” he told

Foroughi said Apple’s “big brother” approach to apps -- the company vets and verifies all apps that enter the Apple Store -- makes for better security than on Android, and limitations the company places on how apps also helps. Biometric data won’t add much to that.

The real issue isn’t losing a gadget anyway -- it’s you, Foroughi said.

“Many people use bad passwords, which is the root of all evil in security.”

If the Touch ID sensor could let people replace those “1234” and “password” passwords with a fingerprint, that would boost security a bit, he said. It's unclear whether Apple will allow such functionality.

But the experts agree: biometrics aren’t a standalone solution.

“Not one ever relies solely on biometrics in the real world,” Aitel told “It’s always part of the complete breakfast -- and it’s usually the sugary part.”