Comment If you're an ex-GCHQ spook, it seems the BBC will leap to attention when you've words of wisdom to impart about mobile security.
Dear old Auntie Beeb has reported that former GCHQ boss Sir John Adye doesn’t trust the biometric security in the iPhone 6. As a story it’s got everything: top spy chief with a knighthood, mistrust of technology and the shiniest bit of electronic bling going at the moment.
Well, it’s certainly got everything – except an actual story. What Sir John says is that fingerprint scanners can be duped. But we knew that long ago, as we said here, here and here, to pick three recent stories.
It’s not just the iPhone, of course: the Samsung scanner was hacked within days of going on sale.
It seems that Sir John, who was director of GCHQ about 20 years ago, wants to publicise the flaws in older mobile biometrics software that we've known about for years. His company, IAS (Identity Assurance System), just happens to sell... mobile biometrics software.
Sir John presented his views on biometrics to Parliament's science and technology Parliamentary Committee last week, but David Rogers, who teaches the Mobile Systems Security course at the University of Oxford and runs the mobilephonesecurity.org blog, seemed unimpressed.
Rogers told us: “Whilst it is in the interests of some to spread fear, uncertainty and doubt – particularly if they have a stake in selling similar technologies – the broad truth is that if we can increase usability and usage of access control through new technologies, we prevent data loss for more people. Usage of PIN-locks on devices is woefully low not because people aren’t interested in securing their data but because the technology is inconvenient and cumbersome.”
Not that Rogers is a fan of biometrics. “A far bigger issue for biometrics is the fact that the technology is socially regressive. Fingerprint-reading technology, for example, is not inclusive in the sense that so many people have severe problems using it – including disabled people, the elderly, manual labourers... and the list goes on.”
What is, however, missing from the debate is what is necessary to provide secure, inclusive technology. ®