Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Offers Additional Details on Touch ID, iPhone 5s Won't Store Fingerprint Images

CrazyForApple said:
The NSA will still have everyone's fingerprints
Click to expand...

That and if you were ever booked as part of an arrest, did military service, held a high level security clearance or applied for a drivers license in some states, the data is already there.

Now the question is, yes someone may find "your" fingerprints somewhere but that is not conclusive proof that you were there.

For the last twenty years, silicone materials and masking techniques have been around where you can easily lift a fingerprint off almost any smooth surface and apply it to a silicone material surface to make a counterfeit fingerprint impression. The cost of these materials is less than $20 and can be picked up at any good chemical or rubber supply shop.

I can see the DefCon seminar now, "How to spoof the iPhone 5S with Counterfeit Fingerprinting"

The basic techniques are out there on the 'net already.
 
lilo777 said:
Entering four digit pin takes about a second (and works 100% accurately). That's probably about on par with the sensor when sensor matches your fingerprint quickly. Since the sensor will not be able to match the fingerprint quickly all the time, in some cases it will take longer. On average sensor will probably cost you money.
Click to expand...

Nope. I've seen the sensor in action. It's fast. Much faster than 'swipe-tap-tap-tap-tap'. And much, much faster than 'swipe-tap-tap-tap-tap-tap-tap-OK' if you use an alpha numeric passcode. And, much, much, MUCH faster than 'shift-tap-tap-tap-altkeyboard-nextaltkeyboard-tap-mainkeyboard-tap-tap-altkeyboard-tap-tap-tap-OK' when authenticating an iTunes or AppStore purchase/download.

Even in the simplest case, it's absolutely faster, more convenient, and more secure.
 
Just to make sure I fully understand the concern here, what exactly are we afraid that the NSA will do with our fingerprints should they get them?
 
This is going to be like Siri... People will use it for a few months - figure out it is just easier the old way and move on.
 
"a decision that could ease concerns from privacy hawks."

I love how the WSJ inserts in pejorative language into what is - especially with the Obama NSA revelations - a quite valid concern.

This is an important way in that the media tries (and usually succeeds) to shape opinion, to create "correct" thought. Lovely.
 
Just a random Tweet i found. I think Apple needs to double down on explaining to people how finger print data is stored on their device, how secure it is and assure them it won't be uploaded to their iCloud! Some people are extremely misinformed and sadly might believe dumb bloggers.
 
Nunyabinez said:
I understand that people are rightly concerned about this. For various reasons I have been finger-printed several times in the past, so for me this is a non-issue.
Click to expand...

No, it isn't a non-issue even for someone such as yourself who has been finger-printed. Many people will have been, as you say, for various reasons.

It isn't the sense of 'ooh, the government mustn't see my personal fingerprints, that's creepy' which is the problem.

It's that once you tie your biometric information to things like ID, payment and goodness-knows-what-else for the sake of convenience, then if the security involved is broken, you lose both that data and risk whatever you were securing with it.

Another way of looking at it is, if you have a key that opens nothing, what if the world knew what it looked like, down to the atom? It wouldn't matter.

Now imagine you made a lock to your house or your bank that only that key opened. Now the key is very valuable, though nothing has actually changed about the key. Now that key must remain secret, or else you will need to change both the key and the lock, right?

So if the way that Apple stores your fingerprint data cannot be absolutely trusted, and you use your fingerprints to secure important things, then it becomes a risky proposition. Most of us only have 10 finger(and thumb) prints. That's not many 'do-overs' for a lifetime.

It isn't in Apple's business interests to make it insecure on purpose. Sadly, we know for a fact (only because of leaks) that the NSA, GCHQ etc are actively working with companies to give them whatever access they can possibly get, and then gagging the companies from telling the consumer (for obvious reasons).
 
Sounds a bit like the logging in that my boyfriend does at work. First time of the day he has to put his password, after that he can use a gesture that he had preset in the system.
 
I think people are really missing the point. What the fingerprint sensor does is let you use a secure passcode for your device. Today, almost everybody uses either a 4-digit code or none at all. A 4-digit code is highly insecure; brute-forcing the code to crack the internal data-protection (which protects your stored passwords and other sensitive information) takes only minutes using easily available forensic software. See this presentation, slide 25. A more complex alpha-numeric code is much more secure, but impractical to type.

Regarding the NSA conspiracy theory, why exactly would anyone try to extract the fingerprint from the protected area in the SoC, when they could simply "dust" your phone?
 
chrmjenkins said:
If the sensor has dedicated pins into the A7 and that portion of the A7 is incapable of outputting data read in (only some sort of validation flag out), it would truly be secure. You'd have to probe the PCB to read it otherwise.
Click to expand...

I am sure the teardown boys will be all over this looking at the digital trace from the sensor to the A7 chip.

If they did this right IMO, each fingerprint sensor is manufactured with a public / private key format and undergoes an authentication challenge much like PGP whenever the A7 chip addresses it.

Thus, the data over the board trace and connector lines are encrypted in-situ avoiding any rigging of hardware inside the iPhone to intercept fingerprint data.
 
to me the big win is itunes / app purchases. I have to launch 1password, unlock it, copy the apple password to the clipboard, navigate back to itunes/app store, touch buy, paste password in.

I like the fast unlock as it will let me strengthen my passcode without losing any login convenience.
 
Hmmmm.....
 

Attachments

  • image.jpg
    image.jpg
    73.5 KB · Views: 169
Add Touch ID to the Apple TV Remote. I can't be the only one who has been thinking of the potential of this.
 
ThisIsNotMe said:
All I know is that it takes 4-5 seconds to home button + slide to unlock + passcode and even longer if you are using alpha numeric password.
...
That alone makes this touch sensor worth while.
Click to expand...

I figured if I pinch grip it with my thumb on the home button as I pull it out of my pocket, by the time I have it out of my pocket, it will be unlocked. Seamless.
 
Porco said:
No, it isn't a non-issue even for someone such as yourself who has been finger-printed. Many people will have been, as you say, for various reasons.

It isn't the sense of 'ooh, the government mustn't see my personal fingerprints, that's creepy' which is the problem.

It's that once you tie your biometric information to things like ID, payment and goodness-knows-what-else for the sake of convenience, then if the security involved is broken, you lose both that data and risk whatever you were securing with it.

Another way of looking at it is, if you have a key that opens nothing, what if the world knew what it looked like, down to the atom? It wouldn't matter.

Now imagine you made a lock to your house or your bank that only that key opened. Now the key is very valuable, though nothing has actually changed about the key. Now that key must remain secret, or else you will need to change both the key and the lock, right?

So if the way that Apple stores your fingerprint data cannot be absolutely trusted, and you use your fingerprints to secure important things, then it becomes a risky proposition. Most of us only have 10 finger(and thumb) prints. That's not many 'do-overs' for a lifetime.

It isn't in Apple's business interests to make it insecure on purpose. Sadly, we know for a fact (only because of leaks) that the NSA, GCHQ etc are actively working with companies to give them whatever access they can possibly get, and then gagging the companies from telling the consumer (for obvious reasons).
Click to expand...


surely thats the same as your signature and credit card pin numbers... both are easy to see just by looking over someones should at the supermarket check out. they are barely secure at all and yet they can be used to steal someones complete life (such as the true story that The recent film Pain & Gain is based on)
 
mechno said:
It's not called paranoid anymore.

This reply from an Apple spokesperson makes me more nervous, actually, because of its misdirection.
The distinction between a fingerprint and name correlation versus a "fingerprint data" and name correlation seems artificial.

If I get a phone that has this (likely) i will never turn this feature on.
Click to expand...

No, they still call it paranoid.
 
I don't get why people get so uptight about NSA. It's there to protect you. If you aren't doing anything wrong then they have no reason to snoop on your data. Simple.
 
an elegant solution I think.

now this can put to rest the people who's scared the fingerprint would get send to the cloud.
 
a.gomez said:
This is going to be like Siri... People will use it for a few months - figure out it is just easier the old way and move on.
Click to expand...

not really. have you ever tried push the lock screen OK button on iOS 7 w/ simple passcode turned off? pain in the ass to find if i'm not looking at the screen.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back