Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Sep 11, 2013, 05:12 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Apple Offers Additional Details on Touch ID, iPhone 5s Won't Store Fingerprint Images




Amid fears about the security of Apple's new Touch ID fingerprint sensor, an Apple spokesman has told The Wall Street Journal that the phone will only store the data used to recognize fingerprints, rather than actual images
Quote:
Apple's new iPhone 5S, which comes with a fingerprint scanner, won't store actual images of users' fingerprints on the device, a company spokesman confirmed Wednesday, a decision that could ease concerns from privacy hawks.

Rather, Apple's new Touch ID system only stores "fingerprint data," which remains encrypted within the iPhone's processor, a company representative said Wednesday.

In practice, this means that even if someone cracked an iPhone's encrypted chip, they likely wouldn't be able to reverse engineer someone's fingerprint.
Announced yesterday, Touch ID is a new security feature built into the home button of the iPhone 5s, designed to allow users to unlock their phones and authorize iTunes purchases with a finger scan. The sensor captures a high-resolution image of a fingerprint, analyzing it to provide accurate readings.

During its Touch ID presentation, Apple was quick to specify that all fingerprint information is encrypted and stored "in the Secure Enclave inside the A7 chip on the iPhone 5s" rather than being stored on Apple servers or backed up to iCloud. Developers are also not being provided with access to user fingerprints as a means of authentication.

Apple also gave the The Wall Street Journal a few other tips on the fingerprint sensor, noting that it occasionally malfunctions with moist fingers or fingers scarred by accidents and surgery. The company also explained that Touch ID must be supplemented with a passcode.
Quote:
Apple customers who wish the use Touch ID also have to create a passcode as a backup. Only that passcode (not a finger) can unlock the phone if the phone is rebooted or hasn't been unlocked for 48 hours. This feature is meant to block hackers from stalling for time as they try to find a way to circumvent the fingerprint scanner.
The iPhone 5s, with the new Touch ID functionality, is set to be released to consumers on September 20. Apple is not accepting pre-orders for the device.

Article Link: Apple Offers Additional Details on Touch ID, iPhone 5s Won't Store Fingerprint Images
MacRumors is offline   0 Reply With Quote
Old Sep 11, 2013, 05:14 PM   #2
chrmjenkins
macrumors 603
 
chrmjenkins's Avatar
 
Join Date: Oct 2007
Location: CA
If the sensor has dedicated pins into the A7 and that portion of the A7 is incapable of outputting data read in (only some sort of validation flag out), it would truly be secure. You'd have to probe the PCB to read it otherwise.
__________________
Read my Apple A8, iPhone 6 preview and prediction thread here: http://forums.macrumors.com/showthread.php?t=1770411
Twitter: @anexanhume
chrmjenkins is offline   6 Reply With Quote
Old Sep 11, 2013, 05:17 PM   #3
Chatter
macrumors regular
 
Join Date: Jun 2013
Location: Uphill from Downtown
Hmm

This does actually make it more secure in my mind. I wasnt worried but can appreciate peoples concerns.
Chatter is offline   18 Reply With Quote
Old Sep 11, 2013, 05:19 PM   #4
SandboxGeneral
Moderator
 
SandboxGeneral's Avatar
 
Join Date: Sep 2010
Location: Great Lakes State
That's additional good news. It sounds, so far, like Apple has done their homework and paid attention to the security headlines this year.
__________________
••• SandboxGeneral.com •••
SandboxGeneral is offline   19 Reply With Quote
Old Sep 11, 2013, 05:20 PM   #5
StarHunter
macrumors newbie
 
Join Date: Oct 2011
Good, now people wont lose their phone if they lose their finger.
StarHunter is offline   5 Reply With Quote
Old Sep 11, 2013, 05:20 PM   #6
KdParker
macrumors 68030
 
KdParker's Avatar
 
Join Date: Oct 2010
can't wait to try this sensor out....

I just hate being reminded of the not being able to pre-order.
__________________
16g iPhone5s Space Grey; 16g iPhone5 White;
15" retina - MBP 2.6 GHZ 16 RAM;
iPad4 retina
KdParker is offline   9 Reply With Quote
Old Sep 11, 2013, 05:20 PM   #7
ThisIsNotMe
macrumors 65816
 
Join Date: Aug 2008
All I know is that it takes 4-5 seconds to home button + slide to unlock + passcode and even longer if you are using alpha numeric password.

Personally I unlock my phone ~50 times per day.

Saving ~4 seconds between slide to unlock and passcode is roughly ~200 seconds per day saved unlocking my phone or ~3 minutes. 3 minutes per day equates to roughly ~18 hours per year or more than $5,000 worth of lost productivity unlocking my phone.

That alone makes this touch sensor worth while.
ThisIsNotMe is offline   42 Reply With Quote
Old Sep 11, 2013, 05:21 PM   #8
Porco
macrumors 68000
 
Porco's Avatar
 
Join Date: Mar 2005
Dear Apple, I'm sorry because I realise it's not really your fault, but I don't trust that the NSA haven't nobbled you, and nothing you have said so far leads me to… um think different, as it were.
__________________
I really wish Apple would use the option key a little more, and the command key a little less.
*soundcloud/fdporco*
Porco is offline   28 Reply With Quote
Old Sep 11, 2013, 05:23 PM   #9
Freida
macrumors 6502
 
Join Date: Oct 2010
Quote:
Originally Posted by ThisIsNotMe View Post
All I know is that it takes 4-5 seconds to home button + slide to unlock + passcode and even longer if you are using alpha numeric password.

Personally I unlock my phone ~50 times per day.

Saving ~4 seconds between slide to unlock and passcode is roughly ~200 seconds per day saved unlocking my phone or ~3 minutes. 3 minutes per day equates to roughly ~18 hours per year or more than $5,000 worth of lost productivity unlocking my phone.

That alone makes this touch sensor worth while.
I would have to troll on your post and get banned. Your post is crazy.
If you are so concerned about time lost whilst unlocking the phone then why are you on macrumors chatting about it. I'm sure that lost you way more time.

Facepalm is NOT enough in this case!
Freida is offline   55 Reply With Quote
Old Sep 11, 2013, 05:25 PM   #10
mechno
macrumors newbie
 
Join Date: Jul 2009
Now that we know the ***** the NSA pulls..

It's not called paranoid anymore.

This reply from an Apple spokesperson makes me more nervous, actually, because of its misdirection.
The distinction between a fingerprint and name correlation versus a "fingerprint data" and name correlation seems artificial.

If I get a phone that has this (likely) i will never turn this feature on.
mechno is offline   5 Reply With Quote
Old Sep 11, 2013, 05:26 PM   #11
CrazyForApple
macrumors 6502
 
Join Date: Dec 2012
Location: Buffalo, NY
Send a message via AIM to CrazyForApple
The NSA will still have everyone's fingerprints
CrazyForApple is offline   11 Reply With Quote
Old Sep 11, 2013, 05:26 PM   #12
Nunyabinez
macrumors 6502a
 
Nunyabinez's Avatar
 
Join Date: Apr 2010
Location: Provo, UT
Quote:
Originally Posted by Porco View Post
Dear Apple, I'm sorry because I realise it's not really your fault, but I don't trust that the NSA haven't nobbled you, and nothing you have said so far leads me to… um think different, as it were.
I believe there is an optional tin-foil hat that you can purchase to help with this. (Sorry, not being mean, it was just hanging out there and I couldn't help myself).
__________________
27" iMac, 3.4 GHz i7; 15" MBP, 2.53 GHz Core 2 Duo; 13" MBA 1.7 GHz i5; iPad (3rd Gen), 16 GB; iPhone 5S; Hackintosh, 3.4 GHz i7 (2600k)
Nunyabinez is offline   15 Reply With Quote
Old Sep 11, 2013, 05:27 PM   #13
lolkthxbai
macrumors 6502a
 
Join Date: May 2011
Quote:
Originally Posted by ThisIsNotMe View Post
All I know is that it takes 4-5 seconds to home button + slide to unlock + passcode and even longer if you are using alpha numeric password.

Personally I unlock my phone ~50 times per day.

Saving ~4 seconds between slide to unlock and passcode is roughly ~200 seconds per day saved unlocking my phone or ~3 minutes. 3 minutes per day equates to roughly ~18 hours per year or more than $5,000 worth of lost productivity unlocking my phone.

That alone makes this touch sensor worth while.
Not to mention accessibilty, not having to look at the screen to input numbers and letters or wait to have the phone speak it to you so you can put your password in.
lolkthxbai is offline   15 Reply With Quote
Old Sep 11, 2013, 05:27 PM   #14
ProVideo
macrumors 6502
 
Join Date: Jun 2011
Quote:
Originally Posted by ThisIsNotMe View Post
All I know is that it takes 4-5 seconds to home button + slide to unlock + passcode and even longer if you are using alpha numeric password.

Personally I unlock my phone ~50 times per day.

Saving ~4 seconds between slide to unlock and passcode is roughly ~200 seconds per day saved unlocking my phone or ~3 minutes. 3 minutes per day equates to roughly ~18 hours per year or more than $5,000 worth of lost productivity unlocking my phone.

That alone makes this touch sensor worth while.
Sounds familiar.

http://youtu.be/riyAe4BKAng?t=17m48s
ProVideo is offline   0 Reply With Quote
Old Sep 11, 2013, 05:29 PM   #15
lilo777
Banned
 
Join Date: Nov 2009
Quote:
Originally Posted by ThisIsNotMe View Post
All I know is that it takes 4-5 seconds to home button + slide to unlock + passcode and even longer if you are using alpha numeric password.

Personally I unlock my phone ~50 times per day.

Saving ~4 seconds between slide to unlock and passcode is roughly ~200 seconds per day saved unlocking my phone or ~3 minutes. 3 minutes per day equates to roughly ~18 hours per year or more than $5,000 worth of lost productivity unlocking my phone.

That alone makes this touch sensor worth while.
Entering four digit pin takes about a second (and works 100% accurately). That's probably about on par with the sensor when sensor matches your fingerprint quickly. Since the sensor will not be able to match the fingerprint quickly all the time, in some cases it will take longer. On average sensor will probably cost you money.
lilo777 is offline   4 Reply With Quote
Old Sep 11, 2013, 05:30 PM   #16
BigHonkingDeal
macrumors 6502
 
Join Date: Feb 2009
Location: Miami, FLA
Quote:
Originally Posted by ThisIsNotMe View Post
All I know is that it takes 4-5 seconds to home button + slide to unlock + passcode and even longer if you are using alpha numeric password.

Personally I unlock my phone ~50 times per day.

Saving ~4 seconds between slide to unlock and passcode is roughly ~200 seconds per day saved unlocking my phone or ~3 minutes. 3 minutes per day equates to roughly ~18 hours per year or more than $5,000 worth of lost productivity unlocking my phone.

That alone makes this touch sensor worth while.
Good to know that you make more than $277 an hour
BigHonkingDeal is online now   37 Reply With Quote
Old Sep 11, 2013, 05:30 PM   #17
JarScott
macrumors 65816
 
JarScott's Avatar
 
Join Date: May 2011
Location: Leicestershire, UK
People are using 'security flaws' as cheap ways of getting at the 5S. Apple were never going to take security lightly and were always going to put their hearts and souls into making sure our fingerprints and safe and secure. As, they are the only password which is always with you...of course.


Ps. So excited for iPhone 5S!
__________________
iPhone 6 Plus 16GB Gold (ordered), iPad Air 16GB Space Grey, iPhone 5s 16GB Gold, 15" MacBook Pro with Retina Display (Running OS X Yosemite Public Beta)
JarScott is offline   4 Reply With Quote
Old Sep 11, 2013, 05:30 PM   #18
Porco
macrumors 68000
 
Porco's Avatar
 
Join Date: Mar 2005
Quote:
Originally Posted by Nunyabinez View Post
I believe there is an optional tin-foil hat that you can purchase to help with this. (Sorry, not being mean, it was just hanging out there and I couldn't help myself).
No offence taken! But please read one of my earlier posts on these forums and then decide for yourself whether the tin-foil joke is really all that apt.

http://forums.macrumors.com/showpost...1&postcount=65

It's not paranoia when they are admitting going after everyone's data is part of their job!
__________________
I really wish Apple would use the option key a little more, and the command key a little less.
*soundcloud/fdporco*
Porco is offline   6 Reply With Quote
Old Sep 11, 2013, 05:32 PM   #19
V.K.
macrumors regular
 
Join Date: Dec 2007
Location: Toronto, Canada
I'm afraid Apple is pissing against the wind with these explanations. I don't think there is anything they can say or do with this tech that will satisfy the paranoid spooked by the NSA scandal.

Yep, I see that comments in this thread already confirm this.
V.K. is offline   10 Reply With Quote
Old Sep 11, 2013, 05:32 PM   #20
Detrius
macrumors 68000
 
Join Date: Sep 2008
Location: Asheville, NC
Quote:
Originally Posted by ThisIsNotMe View Post
3 minutes per day equates to roughly ~18 hours per year or more than $5,000 worth of lost productivity unlocking my phone.
50 times unlocking your phone in an eight hour day comes down to once every 9.6 minutes, so you could also save yourself some time by adding a timeout of ten minutes to that pass code lock.

Those three minutes per day are going to be negated by the fact that you're still going to be stopped at traffic lights for at least that long. I see caring about that small an amount of time on a daily basis as needless micromanaging... but if you're charging your customers close to $300/hour, I can see why some people might care.
__________________
ACMT, ACTC, ACSA
C# w/.NET 4, Entity Framework, and T4; JavaScript; Bash; Awk; C++ w/wxWidgets and Boost; ANTLR(C), flex/bison; Objective-C; C
Detrius is offline   6 Reply With Quote
Old Sep 11, 2013, 05:33 PM   #21
bbeagle
macrumors 65816
 
bbeagle's Avatar
 
Join Date: Oct 2010
Location: Buffalo, NY
Quote:
Originally Posted by Porco View Post
Dear Apple, I'm sorry because I realise it's not really your fault, but I don't trust that the NSA haven't nobbled you, and nothing you have said so far leads me to… um think different, as it were.
The only way to know FOR SURE is to gain the knowledge and tools to examine the physical chips and connections.

Of course, even if you did find no possible way for this data to be captured by Apple or the NSA, something tells me that you wouldn't believe your own research, because Apple is inheritently evil.
bbeagle is offline   7 Reply With Quote
Old Sep 11, 2013, 05:33 PM   #22
BC2009
macrumors 68000
 
BC2009's Avatar
 
Join Date: Jul 2009
For those who don't understand cryptographic one-way hashes, they cannot be reversed to produce the original data without a dictionary attack. A dictionary attack in this case would require a collection of actual human fingers or replicas of them to run through Apple's Touch ID to see which cryptographic hashes match the one stored on the device.

Also note, that their is a really really really small chance that two fingerprints will generate the same cryptographic hash. Cryptographic hashes by their very nature have LESS data than the source data for which they are hash. This means that the if the source data has potentially quadrillions of combinations that there may be only billions of values that they hash to (a one to many mapping of hashes to source data). More likely scenario is that your fingerprint hashes to the same value as a fingerprint that does not currently exist on the planet today and may never exist.

Think of a large 500-page book as a just a collection of letters, numbers, spaces, and punctation. You could pound on the keyboard and produce a book of random text or you could carefully craft an actual readable book. The hash reduces the book to a hash of say 500 characters which is generated in such a way that even changing a single letter in the book or the capitalization of a single letter produces an entirely different hash (cryptographic hash algorithms magnify any change to cyclically change other parts). Obviously, there is no way you could take 500 characters of data and regenerate the 500-page book (that would be the most amazing lossless-compression algorithm in the world, but also mathematically impossible). Because of this you cannot reverse it. You could however, run a hash on all books known to man to find the one that matches the same value (a dictionary attack). Finally, there is a possibility that two carefully crafted books hash to the same value, but it is far more likely that a book's hash would match some of the billions of permutations of random letters , numbers, spaces, and symbols that have never been bound into a book.

It is the same for fingerprint data. Your actual fingerprint could only be determined if somebody already had a replica of your finger in a database and could make Apple's Touch ID sensor generate the same hash from it. The worst somebody could do is break into your phone or prove that a phone did indeed belong to you. What's more, the odds of somebody else's fingerprint matching yours is like two monkeys pounding out the exact same content on a keyboard after an hour of bashing away at it. Either way, there is no chance of your fingerprint being cloned and used in other places to impersonate your presence.

Last edited by BC2009; Sep 11, 2013 at 05:38 PM.
BC2009 is offline   37 Reply With Quote
Old Sep 11, 2013, 05:33 PM   #23
Nunyabinez
macrumors 6502a
 
Nunyabinez's Avatar
 
Join Date: Apr 2010
Location: Provo, UT
Quote:
Originally Posted by Porco View Post
No offence taken! But please read one of my earlier posts on these forums and then decide for yourself whether the tin-foil joke is really all that apt.

http://forums.macrumors.com/showpost...1&postcount=65
I understand that people are rightly concerned about this. For various reasons I have been finger-printed several times in the past, so for me this is a non-issue.
__________________
27" iMac, 3.4 GHz i7; 15" MBP, 2.53 GHz Core 2 Duo; 13" MBA 1.7 GHz i5; iPad (3rd Gen), 16 GB; iPhone 5S; Hackintosh, 3.4 GHz i7 (2600k)
Nunyabinez is offline   2 Reply With Quote
Old Sep 11, 2013, 05:36 PM   #24
jyen
macrumors member
 
Join Date: Oct 2012
Can someone please enlighten me on why people are so fussy about the NSA getting fingerprint data? What can they do with that information? It's not like they can even sell it to marketers.
jyen is offline   6 Reply With Quote
Old Sep 11, 2013, 05:36 PM   #25
CFreymarc
macrumors 68020
 
Join Date: Sep 2009
Quote:
Originally Posted by CrazyForApple View Post
The NSA will still have everyone's fingerprints
That and if you were ever booked as part of an arrest, did military service, held a high level security clearance or applied for a drivers license in some states, the data is already there.

Now the question is, yes someone may find "your" fingerprints somewhere but that is not conclusive proof that you were there.

For the last twenty years, silicone materials and masking techniques have been around where you can easily lift a fingerprint off almost any smooth surface and apply it to a silicone material surface to make a counterfeit fingerprint impression. The cost of these materials is less than $20 and can be picked up at any good chemical or rubber supply shop.

I can see the DefCon seminar now, "How to spoof the iPhone 5S with Counterfeit Fingerprinting"

The basic techniques are out there on the 'net already.
CFreymarc is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
iPad: Why Apple won't add a fingerprint sensor to Ipad 5 gadget123 iPad 45 Oct 22, 2013 01:46 PM
Apple Announces iPhone 5s With 'Touch ID' Fingerprint Sensor MacRumors iOS Blog Discussion 442 Sep 27, 2013 05:37 AM
More Details on How the Touch ID Fingerprint Sensor Works MacRumors iOS Blog Discussion 190 Sep 22, 2013 06:38 PM
Additional Images of Colorful Low-Cost iPhone Shells Surface MacRumors iOS Blog Discussion 74 Jul 12, 2013 05:25 AM
Alleged Apple eBay Store Offers Better Deals than Apple Refurb Store MacRumors MacRumors.com News Discussion 80 Jun 10, 2013 03:59 PM

Forum Jump

All times are GMT -5. The time now is 12:39 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC